Lock computer (Ctrl+Alt+Del),can be accessed by other than admin

Eriedor · 6 Feb 2008 at 14:47

.walls said:
He hasn't bypassed the gina without either some previous access and a bit of cracking or knowing the account password. simple as that.

Or maybe did a hard reset of the machine?

.walls · 6 Feb 2008 at 15:04

Eriedor said:
Or maybe did a hard reset of the machine?

In which case - he would still have to know the password to access the box.

As has been stated somewhere above - changing the administrator password is trivial if you have local access to the box - whether you currently know the password or not. Cracking the password is also fairly trivial if you have local access to the box. The former is very easy to spot (your password has mysteriously changed!). The latter is not, however, can be done a multitude of ways (cracking the SAM, keylogger, etc).

Essentially, what I'm saying is - the kid did not bypass the gina - the machine was either:

a) left unlocked
b) the password was known to the boy (whether this was socially engineered, or the password was extracted from the hash in the SAM)

EDIT: @ Zillah - If your friend definitely did not leave the box unlocked; then you have to consider the other option. Most keyloggers won't be found in add/remove programs, but a lot will be found by anti-virus / anti-malware solutions. It may also be a good idea to have a look at rootkit revealer by sysinternals. Either that, or find out from the lad how he did it.

bledd · 6 Feb 2008 at 15:07

.walls said:
In which case - he would still have to know the password to access the box.

As has been stated somewhere above - changing the administrator password is trivial if you have local access to the box - whether you currently know the password or not. Cracking the password is also fairly trivial if you have local access to the box. The former is very easy to spot (your password has mysteriously changed!). The latter is not, however, can be done a multitude of ways (cracking the SAM, keylogger, etc).

Essentially, what I'm saying is - the kid did not bypass the gina - the machine was either:

a) left unlocked
b) the password was known to the boy (whether this was socially engineered, or the password was extracted from the hash in the SAM)

yup

this thread is going round in circles, come back OP

.walls · 6 Feb 2008 at 15:12

bledd. said:
yup

this thread is going round in circles, come back OP

Indeed - this could get monotonous very quickly....

Burnsy2023 · 6 Feb 2008 at 17:24

I'm kinda confused to why they have Windows 2003 Server installed. Why on earth is this the case?

Burnsy

swinnie · 6 Feb 2008 at 17:50

Burnsy2023 said:
I'm kinda confused to why they have Windows 2003 Server installed. Why on earth is this the case?

Burnsy

Thinking the exact same thing!!

bledd · 6 Feb 2008 at 18:05

i've heard of full circle, this is

$newInfinity.jpg$

Burnsy2023 · 6 Feb 2008 at 18:14

I missed your comment Bledd. Must not skim read

Burnsy

bledd · 6 Feb 2008 at 19:30

heh

wasn't having a dig, every thread in Windows gets the same