Hack into a Windows PC - no password needed
- Thread starter superplay
- Start date
Indeed, you can crack just about any computer system if you have unsupervised physical access...
Associate
- Joined
- 26 Sep 2007
- Posts
- 104
So what is "THE" point?Your totally missing the point
I'm certainly not missing the point of the article, or the info on that guy's site.
But maybe I'm missing YOUR point, I'll possibly let you know if you care to make it.
You said that.
But this exploit is nothing like booting up a linux boot cd and bypassing local passwords.
This exploit lets you unlock a windows PC. We're talking computers on domains etc. Something that prior to this was (to the best of my knowledge) not possible!
=/ Absolutely ridiculous exploit and I still can't believe it hasn't been sorted already.
anyway on topic..
Seen around a few "certain" forums that vista pc's just BSOD if you try this? Suppose thats an improvement if its true!
Associate
- Joined
- 26 Sep 2007
- Posts
- 104
I was merely pointing out that it bypasses the password, as a live cd does, not that the methods were the same. If his method couldn't bypass the password, it wouldn't get in. Maybe you missed the title on that page? it was: "Hack into a Windows PC - no password needed" So I wasn't as you put it 'missing the point', just making a different one.
I'm still at a loss as to where your comment came from, maybe you just like stirring people up? Or maybe you think no one else knows the difference between a firewire cable and a live linux cd?
The problem is that memory access is part of the firewire specs, so you can't just shut that side off.
It's also worth noting that this exploit can't elevate privileges which is going to limit it's usefulness, and requires direct, unsupervised access to the PC...
Wouldn't surprise me, Vista is a lot more secure than XP, and allows a lot less user stupidity to affect that security.
Yeah read that in the link - Memory access okay whatever but being allowed to modify parts of the memory as crucial as this? Still baffles me why anything other than the kernel and CERTAIN drivers has permission to do that when the systems in a "locked" state.
Yeah, I would expect and hope vista to not be as vulnerable.
Still not sure if the BSOD is from the fact that the exploit is slightly difference in Vista and its just rewriting some memory that's causing a BSOD or if the Kernel is detecting its being modified and BSODing itself, hopefully the latter.
Either way I'm still amazed that something relatively simple like this works.
hopefully clear it up a bit..
Firewire and USB may seem similar (both data buses for connecting peripherals), but firewire is based on an expansion bus model, similar to PCI etc, this means it has DMA access. So.. All you need do, as this exploit shows, is trick the OS into thinking you're a device which requires DMA access and you can read/write to RAM at your will. This example shows unlocking a desktop or dumping the SAM but many other things are possible. This is (apparently) the 1st demo on Windows, but its been a tested exploit on OS X/Linux for a while now. Also, it has been tested on Vista with some tweaking. You can't just fix it as its a core feature of firewire
Firewire and USB may seem similar (both data buses for connecting peripherals), but firewire is based on an expansion bus model, similar to PCI etc, this means it has DMA access. So.. All you need do, as this exploit shows, is trick the OS into thinking you're a device which requires DMA access and you can read/write to RAM at your will. This example shows unlocking a desktop or dumping the SAM but many other things are possible. This is (apparently) the 1st demo on Windows, but its been a tested exploit on OS X/Linux for a while now. Also, it has been tested on Vista with some tweaking. You can't just fix it as its a core feature of firewire
The point with firewire was that the appliance can access the memory on a read-write basis without involving the OS, that's the way it was designed (and not by MS). What was missing was some sort of OS detection to realise this had occured, or that part of the windows code had been modified.
It's the problem with creating standards that allow people to do things that seem like a good idea, but essentially rely on goodwill not to exploit.
Soldato
- Joined
- 9 Oct 2006
- Posts
- 3,761
- Location
- here
Atleast from the Vista BSOD Microsoft can find out how the BSOD is triggered and hopefully work out a fix for it so it wont BSOD.
Soldato
- Joined
- 4 Nov 2003
- Posts
- 5,738
- Location
- Edinburgh
Where is the documentation of this "vista" BSOD? No-ones posted anything to do with this, only that its not been properly tested. It wouldn't surprise me if this still worked with vista too...
It would surprise me, because vista is a lot more aware of itself than XP ever was in security terms. Just because it looks the same, it doesn't follow that it works the same.
Soldato
- Joined
- 4 Nov 2003
- Posts
- 5,738
- Location
- Edinburgh
But as mentioned its a problem with the specification, rather than the OS itself?
its to do with the firewire connection apparently
the same exploit allows full read/write access to RAM in OSX too aparently.
It's a combination of the two. The specification allows the firewire device direct memory access which is what allows it to rewrite the memory location. However, it can be addressed by making the OS aware of this possibility, not so much in terms of looking for this specific exploit, but in monitoring the general integrity of the memory contents, or by making the location of the code to be overwritten random. (Vista does this anyway source
As has already been said, the same exploit works on MacOS and Linux machines, so if Vista has managed to stop it (even if just by BSOD'ing) then it's definite progress.
Yer I have... just pointing out that its not that hard thats all
Stelly
Well show us some linkage or information then.
I hate people that say they can crack this and that, but don't back it up with some information.