[SATLUG] Kon-Boot vs Win2008 Enterprise SRV

Todd W. Bucy toddwbucy at grandecom.net
Sun Nov 1 15:03:22 CST 2009


Don Wright wrote:
> On Sun, 01 Nov 2009 13:16:48 -0600, "Todd W. Bucy"
> <toddwbucy at grandecom.net> wrote:
>
>   
>> some of you may remember me raving about about Kon-Boot, a wonderful 
>> tool for bypassing admin logins, when one has forgotten their password 
>> of course.  The website http://www.piotrbania.com/all/kon-boot/ does not 
>> list the win2008 srv as compatible, it does however lists Win7, vista, 
>> and linux kernel 2.6 as vulnerable. 
>>     
>
> Currently on the site:
>        Tested Windows versions
>  Windows Server 2008 Standard SP2 (v.275)
>   

Wow how the hell did I miss that
>                 ...
> The usage notes say to boot the machine with the CD or floppy built from
> the downloaded crack. Not something one can do over the wire for
> conventional hardware.
>
>   
>> That said, I was curious so I set 
>> up a kvm install of srv2008 Enterprise edition and sure enough I walked 
>> through the front door without a key, furthermore because the machine 
>> was virtual in nature I did not need physical access to the host server 
>> to do so.
>>     
>
> You still needed administrative access to the virtual machine to
> pre-boot the crack, didn't you? That's the equivalent of physical access
> to insert a CD and boot from it.
>
>   
this is true, I did have admin access to the host server but i would not 
necessarily equate that with physical access to the server as being the 
same as remote access.  If I have physical access then I can manipulate 
the physical nature of the server, i.e hacks like the cold-boot attack 
cannot be virtualized and require real physical access.  Rebooting a 
non-virtual server without losing communications access to that server 
would be a neat trick.  Remote access to a server however is a security 
monster all its own, as it particularly vulnerable to social engineering 
and does not require a physical presence that would be needed to restart 
a virtualized server and thereby gain easy administrative control of say 
a customer virtualizations.  This may seem academic to some n this list, 
but I am just learning the ins and out of virtualization and the 
security risks that cme with that type of environment. Kon-boot kinda 
shined a light on this particular aspect for me.

Todd

perviously the loss of the admin password on your webserver did not 
necessarily mean that you lost control of your mysql server.  while 
virtualization has allowed us to put many eggs in one basket it has also 
made all those eggs vulnerable to a single layer of security.  Loose 
control of 1 admin password and you have just given away the Keys to the 
kingdom. 

Todd


More information about the SATLUG mailing list