[SATLUG] Kon-Boot vs Win2008 Enterprise SRV

Doug ftm at satx.rr.com
Sun Nov 1 14:51:48 CST 2009

I have a centos system running on a virtual macine.  After I set it up, I removed the CD and the floppy drives so that it will not recognize anything from that source.  Then I tried the application  as per the instructions and no joy - it was not able to access the Linux machine at all.   The base machine which is Windows 7, has Windows Defender set up to block access by the CD Drive (the box does not have a floppy drive) as well as a special rule built into the firewall.  Also no joy there either.
Now is there something else I should try to hack into this box?   Or, do I have it secure?
  ----- Original Message ----- 
  From: Don Wright 
  To: The San Antonio Linux User's Group Mailing List 
  Sent: Sunday, November 01, 2009 2:05 PM
  Subject: Re: [SATLUG] Kon-Boot vs Win2008 Enterprise SRV

  On Sun, 01 Nov 2009 13:16:48 -0600, "Todd W. Bucy"
  <toddwbucy at grandecom.net> wrote:

  >some of you may remember me raving about about Kon-Boot, a wonderful 
  >tool for bypassing admin logins, when one has forgotten their password 
  >of course.  The website http://www.piotrbania.com/all/kon-boot/ does not 
  >list the win2008 srv as compatible, it does however lists Win7, vista, 
  >and linux kernel 2.6 as vulnerable. 

  Currently on the site:
         Tested Windows versions
   Windows Server 2008 Standard SP2 (v.275)
  The usage notes say to boot the machine with the CD or floppy built from
  the downloaded crack. Not something one can do over the wire for
  conventional hardware.

  > That said, I was curious so I set 
  >up a kvm install of srv2008 Enterprise edition and sure enough I walked 
  >through the front door without a key, furthermore because the machine 
  >was virtual in nature I did not need physical access to the host server 
  >to do so.

  You still needed administrative access to the virtual machine to
  pre-boot the crack, didn't you? That's the equivalent of physical access
  to insert a CD and boot from it.

More information about the SATLUG mailing list