Windows screensaver lock and lecturing
August 31st, 2007 by SecuriTeam, Filed under: Microsoft, Commentary, Virus, Physical Security, Fuzzing
I was giving a lecture at NPS yesterday, and while I was unlocking my laptop (XP), suddently, before unlocked, a File Open window pops up. I could browse, and more importantly, open files. The first choice of the system was .hlp.
Can someone say pwnage? Anyone up to doing some monkey fuzzing on that interface?
Gadi Evron,
ge@linuxbox.org.
-
Is your site safe from SQL Injection? Sign up for an Automated Vulnerability Detection Service today!
Subscribe
Subscribe
A couple of years ago there was a vulnerability at some of the accesibility tools. When you click help, it couldn’t find the help file and was opening the open file window for you to select the help file. But bad guys can open cmd.exe from this windows with system privileges. IIRC shourtcut of accessibility utility is Win+U. Patch your system!
Seems like it’s your miss typed password coupled with the windows logo key. Maybe if you can share your password we can cut a little of the monkey fuzzing
.
I tried the help shortcuts on the Utility manager and the utilities but no luck
.
If you can get utility manager up on a locked down system, it’s worth checking if the hyperlinks in the about boxes etc are enabled (they’re not pre login sadly). Had a lot of fun testing kiosk type setups using that trick.