This articles talks about hacking and other activities which
may seems to be illegal and will certainly get you into trouble if you are
caught doing it. I would advise you read it as a form of entertainment and
treat it as entirely fiction without any truth in it. Ok, let’s set this
imaginary environment.
WE all had laptops for a long, long time that I did not even
remember the days where laptop did not exist. Due to special considerations, my
department had always had the privilege of admin rights on our laptop due to
the work we do. We are required to install software, run privilege tasks etc on
a daily basis. We never imagine the day that this would end. We never had the
problem of facing this. Until now.
Due to new firm requirement, we are required to upgrade to a
new version of the laptop OS with some enhancements as well as a new set of
software for our work. This time, the top management came down on us hard and
decided that we should not have administrative rights to the corporate laptop
because we are supposed to perform our privileged task on another laptop. Ok,
let’s leave that out of our story. The fact that we may be caught out in the
field for weeks, it does not seems logical that we do not have access to our
email and other corporate information systems. Therefore, we NEED to have
administrative rights to the laptop. SOMEHOW.
Let’s pause for a minute if you feel that we need to discuss
the moral and legal issue here. Like I said, its an imaginary environment. By
all rights of standard, we should never have to ask for any thing and
everything is given. However, this does not actually happen in the real world
or for that matters, this imaginary world of our. So, someone needs to be the
hero. Someone need to break some rules. Someone will have to do it. Yes, I
know, that would be me.
Ok, lets come back to the story. So, many of us find that we
cannot even insert a thumbdrive (oops, sorry, flashdrive) without triggering an
administrative prompt. Life has been hell since the upgrade and it seems like
the end of days is just about to begin. Unknown to most, a few of us are
already beginning to work on this “problem”. The intention is just to be able
to have enough rights to perform some of our installations etc without having
to tear the laptop apart. Of course, in the process, we would not want to trigger
any alert or alarms as well. Hackers get caught. Good hackers DON’T get caught.
So, we narrowed down our options. One of the endgame
objectives would no doubt be the administrative rights. A more direct answer
would be the administrator password. And inside our laptop, there is the local
administrator account, which is used by the IT support department to roll out
updates and perform installation on our laptop. This seems like the very object
we want.
Usually before I go about the hard way, I try the easy way.
In fact, the easy way usually works. I tried a few passwords. No luck. In fact,
I was very caution to ensure that password lockout was not enable on this
account. For very obvious reasons, if this account is lockout, it will be
difficult to recover the system. I always wonder if this is the reason why
everyone wants to attack the admin account, beside than knowing it has the
rights of god on the machine. So, it does not use a simple password.
Another very direct way to recover a system is to wipe the
password. This is more effective than you can imagine. I had broken tons of
laptop whose owner does not want me to enter their system by simply rebooting
into my boot CD and wiping off the administrator password. However, we have a
problem here. This system is protected by a disk based encryption. When we boot
up from a foreign OS, the encrypted partition simple will not mount. In fact,
this was one problem I was dying to crack. Anyway, wiping the password is not
the way to go.
Another approach is to extract the password hash. We all
heard of rainbow tables and LCP. I guess this would be easy. I had extracted
lots of passwords hashes in the past using PWDump or FGDump. One obstacle lies
ahead. Antivirus. The antivirus is switch on to the maximum mode which simply
detect and delete anything and everything it feels is dangerous. This includes
some of our tools which we use for work as well. Nasty. The question is : Do I
want to break the antivirus as well? Antivirus firm has spend millions on
R&D to ensure their solution works and works well in a corporate
environment. I am sure they had figured out that someone will want to disabled
or uninstall their product in the corporate. Secondly, I also do not want to
trigger some alarm if I had my antivirus off.
No comments:
Post a Comment