how to by pass writing privileges in windows

[dinowuff]

**** me, I have to agree with Nihil here. Sounds like the whole thing is re imaged daily.

That being said, I doubt they flash the BIOS daily.

Resetting BIOS passwords is simple. Remove the battery power on then off usually does it. Ignore the warnings on power up. By that I mean you will be presented with options, one of which is Ignore.

If you are not presented with these options, then you will have to determine which jumper resets the password. GOOD LUCK! if you are picking a lock to get access, as it may take a bit of research.

Now here's the kicker. If you do get access to the BIOS and can enable CD/DVD - USB boot, it may do you no good. In most secure environments where re image is performed daily (for security purposes) Each node on the network has an IP address assigned to a MAC address.

Any conflict within the routing table (lack of better explanation) and a SNMP alert will be sent to the admin or the physical port on the switch/server will shut down. Or both. So you have to first determine the machines ip address and mac address prior to booting up into whatever OS you choose. The boot sequence will have to include the mac and ip address when creating the virtual nic.


Saving files on the local drive, at this point will work without setting off an alarm, but at the end of the day... No files.

SO Whatever you write. Whatever you save. You should plan on that "whatever" to be done within a short time.

[dinowuff]

If your "whatever" is destructive and actually works, it will be traced back to the machine you altered.

[nihil]

Hmmmm, I can see other potential practical difficulties too.

1. You not only have to pick the lock, you also have to relock it. This would be a problem if the lock requires a key to do it rather than just closing the hasp.

2. I would guess the case opened alarm has be turned on? The problem here is that you need to boot the machine to change the BIOS settings, and by that time it might already have phoned home before you have a chance to reset it. You could probably get round that by disconnecting from the network temporarily, provided that your machines are turned off regularly.......otherwise that may set off an alarm?

3. Removing the CMOS battery may not reset the BIOS password. A lot of modern motherboards store the BIOS and passwords on non-volatile EEPROM chips.

4. There may well not be a password reset jumper switch either.

5. If you reset the BIOS password it will be obvious what has been done.

I agree with dinowuff in that you need to do some more research, particularly into the BIOS and motherboard features.

[westin]

Now here's the kicker. If you do get access to the BIOS and can enable CD/DVD - USB boot, it may do you no good. In most secure environments where re image is performed daily (for security purposes) Each node on the network has an IP address assigned to a MAC address.

If you boot into a live environment, you still have the same MAC address. It reads it from the hardware. [Are you thinking of Virtual Machines?] So unless the system used static IP addressing, it shouldn't really be a problem.

[nihil]

Well, in my opinion, if you sit down in front of a public access computer and find that it has been locked down in this way, you should either get on with what you are supposed to be doing or get up and quietly walk away.

What you are looking at is the tip of the iceberg and you have no idea what other security measures are in place. It is not a risk that is worth taking IMO.

For example, how do you know that as part of the re-imaging routine they don't first calculate a hash total for the system drive...........they know what the answer should be.............and if somebody has added files that would be immediately obvious.

One method I have used with computers where people have forgotten the BIOS password or inherited a box with the password set, is to disconnect the HDD and provoke the booting of a BIOS flash from removable media. That is because with SOHO and domestic machines the other boot options are generally still enabled. Flashing the BIOS usually does not ask for the password and sets it to blank.

In the case of public access machines, they are usually set to locally boot from the C:\ drive only, and possibly the network, so this would not work.

Of course I am sure that we have all heard of exploits that permit elevation of local privileges............ but if you want to follow that route then be prepared to go all the way to the "big house" And if the Admins are on the ball they probably won't work anyway.

Q: "Why did you go to college son?"
A: "To get a criminal record"

Ummm, yeah, well..............................

[dinowuff]

westin:

You are correct. The mac will be the same. I was more referring to the static ip and it's relationship to the MAC. A big concern is the difference between M$ Virtual server and VMWare. As I write this I think of CITRIX and the way it controls remote hardware...

OP - If you want to break into this system, get a job at the HelpDesk!

[westin]

dinowuff

Ah... I see what you were saying. You were talking about a different IP coming from the same MAC all of a sudden, and tripping some alarms. Good point.