[SATLUG] Kon-Boot vs Win2008 Enterprise SRV

Todd W. Bucy toddwbucy at grandecom.net
Sun Nov 1 13:16:48 CST 2009


some of you may remember me raving about about Kon-Boot, a wonderful 
tool for bypassing admin logins, when one has forgotten their password 
of course.  The website http://www.piotrbania.com/all/kon-boot/ does not 
list the win2008 srv as compatible, it does however lists Win7, vista, 
and linux kernel 2.6 as vulnerable.  That said, I was curious so I set 
up a kvm install of srv2008 Enterprise edition and sure enough I walked 
through the front door without a key, furthermore because the machine 
was virtual in nature I did not need physical access to the host server 
to do so.

scarry stuff when you think about it.

Todd


More information about the SATLUG mailing list