[SATLUG] Kon-Boot vs Win2008 Enterprise SRV

Don Wright satlug at sbcglobal.net
Sun Nov 1 14:05:52 CST 2009


On Sun, 01 Nov 2009 13:16:48 -0600, "Todd W. Bucy"
<toddwbucy at grandecom.net> wrote:

>some of you may remember me raving about about Kon-Boot, a wonderful 
>tool for bypassing admin logins, when one has forgotten their password 
>of course.  The website http://www.piotrbania.com/all/kon-boot/ does not 
>list the win2008 srv as compatible, it does however lists Win7, vista, 
>and linux kernel 2.6 as vulnerable. 

Currently on the site:
       Tested Windows versions
 Windows Server 2008 Standard SP2 (v.275)
                ...
The usage notes say to boot the machine with the CD or floppy built from
the downloaded crack. Not something one can do over the wire for
conventional hardware.

> That said, I was curious so I set 
>up a kvm install of srv2008 Enterprise edition and sure enough I walked 
>through the front door without a key, furthermore because the machine 
>was virtual in nature I did not need physical access to the host server 
>to do so.

You still needed administrative access to the virtual machine to
pre-boot the crack, didn't you? That's the equivalent of physical access
to insert a CD and boot from it.

-- 
Cry 'Yvahk' and let slip the GNUs of war!
  --Don 391925f6


More information about the SATLUG mailing list