2461Views12Replies

Author Options:

Logon to ANY SYSTEM Answered

Any computer you have access to the 'console' or CPU you can logon and see all the files...without passwords.

Let's address each level of security:

A) BIOS passwords
-Remove small battery from Motherboard and wait a few (10 min) for the capacitors to drain (unplug CPU). Then reboot. During reboot or at BIOS Password screen find BIOS make/version (Phoenix/AMI etc) and download a "Flash" BIOS update to USB or floppy.
-Use floppy to flash BIOS and bypass, modify BOOT path to add USB
-No floppy drive? boot from CD/DVD (ISO image...see instructables)

B) Login/Password:
Never hack what you can access. Boot from USB/CD-ROM and load your OWN OS from these devices. Login to your OS and "mount" the systems root disc, C: drive or other partitions.

Browse all their files....

C) Encrypted files (EFS)
Easy ! see http://support.microsoft.com/kb/255742/en-us and backup their private key, run EFSinfo.exe and set your NEW OS to the same Workgroup or Domain as the target. Then browse the files.

Any ideas protection or passwords that can block this?

D) Linux/UNIX is secure!
UNIX & linux systems simply change their Init levels to boot as root recovery (standalone/Admin/Single User = init 1) recovery console allows access to Boot options, load CD/USB OS boot and mount original file systems. Browse or add login to /etc/password and login or telnet/VNC/SSH etc...

Done

Protect your console! Lock & Block all USB, CD & DVD access.
Use dongle or hardware key!

Use NON-OS based encryption and PGP or DES standards!

good luck

Discussions

0
None
fwjs28

9 years ago

you can even poison the BIOS so that it collects passwords discretely and many other things...and it is impossible to detect...

Yes many "back doors" are published...but alas a battery removal and reset (look for jumpers on CPU motherboard) will reliably work. Flash a ROM and you'll get guaranteed results! Drive the Librarians nuts when, hours after I walk away the PC is running Linux (DSL/Knoppix) and they have no idea....? What I need is a USB stick and USB hub in one so I can plug my boot USB in and the keyboard/mouse at the same time...like the Yego sticks I found online fo $20.

Drive the Librarians nuts when, hours after I walk away the PC is running Linux (DSL/Knoppix) and they have no idea....?

:-D

The last time the author posted anything was May 2008: he's gone. L

in windows, if you boot in safe mode the admin account is usually left wide open.

I have a new technique with my bluetooth foldable keyboard and dongle... hehe..

"sniffing" bluetooth signals? =)

Naw, Any "locked" system i.e. missing keybaord & mouse in a "kiosk' mode like a Mall or Library can be had via a usb dongle..."dongle" is a small device plugged into a USB/Serial or Keybard port that connect devices wirelessly via BT. then sit back and use your Palm or BT enabled protable keyboard to escape kiosk modes, logon or use other techniques here to access a 'locked' system with your new keyboard/mouse. E

Once my friends went back to Windows while fighting to get the cursor to their control using the touch screen.I touched the "Back to menu" button before they did that though.

and wait a few (10 min) for the capacitors to drain

And what about short-circuiting the battery holder terminals ?
On some motherboards, there is even a pair of pins labeled "cmos reset" that you can short-circuit with a jumper.

Phenix BIOS is brilliant, I've spend meny of times trying to break it. Simple method of doing that was switching the chip! If you are so paranoid just stick deepfreeze in your system, can be broken but its really good for keeping the system secure from viruses etc.