[SATLUG] Kon-Boot vs Win2008 Enterprise SRV
Todd W. Bucy
toddwbucy at grandecom.net
Sun Nov 1 15:03:22 CST 2009
Don Wright wrote:
> On Sun, 01 Nov 2009 13:16:48 -0600, "Todd W. Bucy"
> <toddwbucy at grandecom.net> wrote:
>> some of you may remember me raving about about Kon-Boot, a wonderful
>> tool for bypassing admin logins, when one has forgotten their password
>> of course. The website http://www.piotrbania.com/all/kon-boot/ does not
>> list the win2008 srv as compatible, it does however lists Win7, vista,
>> and linux kernel 2.6 as vulnerable.
> Currently on the site:
> Tested Windows versions
> Windows Server 2008 Standard SP2 (v.275)
Wow how the hell did I miss that
> The usage notes say to boot the machine with the CD or floppy built from
> the downloaded crack. Not something one can do over the wire for
> conventional hardware.
>> That said, I was curious so I set
>> up a kvm install of srv2008 Enterprise edition and sure enough I walked
>> through the front door without a key, furthermore because the machine
>> was virtual in nature I did not need physical access to the host server
>> to do so.
> You still needed administrative access to the virtual machine to
> pre-boot the crack, didn't you? That's the equivalent of physical access
> to insert a CD and boot from it.
this is true, I did have admin access to the host server but i would not
necessarily equate that with physical access to the server as being the
same as remote access. If I have physical access then I can manipulate
the physical nature of the server, i.e hacks like the cold-boot attack
cannot be virtualized and require real physical access. Rebooting a
non-virtual server without losing communications access to that server
would be a neat trick. Remote access to a server however is a security
monster all its own, as it particularly vulnerable to social engineering
and does not require a physical presence that would be needed to restart
a virtualized server and thereby gain easy administrative control of say
a customer virtualizations. This may seem academic to some n this list,
but I am just learning the ins and out of virtualization and the
security risks that cme with that type of environment. Kon-boot kinda
shined a light on this particular aspect for me.
perviously the loss of the admin password on your webserver did not
necessarily mean that you lost control of your mysql server. while
virtualization has allowed us to put many eggs in one basket it has also
made all those eggs vulnerable to a single layer of security. Loose
control of 1 admin password and you have just given away the Keys to the
More information about the SATLUG