Windows screensaver lock and lecturing

i was giving a lecture at nps yesterday, and while i was unlocking my laptop (xp), suddently, before unlocked, a file open window pops up. i could browse, and more importantly, open files. the first choice of the system was .hlp.

can someone say pwnage? anyone up to doing some monkey fuzzing on that interface?

gadi evron,
ge@beyondsecurity.com.

Share
  • anonymous

    A couple of years ago there was a vulnerability at some of the accesibility tools. When you click help, it couldn’t find the help file and was opening the open file window for you to select the help file. But bad guys can open cmd.exe from this windows with system privileges. IIRC shourtcut of accessibility utility is Win+U. Patch your system!

  • http://www.metaeye.org warl0ck

    Seems like it’s your miss typed password coupled with the windows logo key. Maybe if you can share your password we can cut a little of the monkey fuzzing :) .

    I tried the help shortcuts on the Utility manager and the utilities but no luck :( .

  • http://www.nth-dimension.org.uk/ Tim Brown

    If you can get utility manager up on a locked down system, it’s worth checking if the hyperlinks in the about boxes etc are enabled (they’re not pre login sadly). Had a lot of fun testing kiosk type setups using that trick.