Go Premium for a chance to win a PS4. Enter to Win

x
?
Solved

Enable network adapter via script w/out registry access

Posted on 2006-11-02
3
Medium Priority
?
1,479 Views
Last Modified: 2013-12-04
I came accross a problem recently that really peaked my interest (http://www.experts-exchange.com/Q_22045531.html).  In short they disabled the network adapter on a remotely hosted Server 2003 were looking for a way to reenable it via a script to be run at startup.  Their solution in the end was to restore from backup but I'm left with 2 questions as a result:

1.  Assuming someone has unfettered access to the filesystem but no access to the registry or OS is there a way to have files execute at startup by copying files to the appropriate location, giving files copied over the appropriate names, or editing existing files, or something similar?

2.  How do you prevent this if it is possible?
0
Comment
Question by:CharliePete00
  • 2
3 Comments
 
LVL 38

Expert Comment

by:Rich Rumble
ID: 17863868
In that case they were using a linux rescue CD with limited or no ability to write to the registry or NTFS drive. There are other linux rescue CD's that have that ability. If you have physical access, the scripts and screen savers mentioned will work also, to ease things a bit, take the HD out of that pc, and place it in another M$ pc as a second partition, you can easily change anything you want (other than the registry but it is possible), copy new .scr file, place a file/script in the "startup" directory of the account you'd log in as (c:\doc's and settings\user_name\Start Menu\Programs\Startup) and it will execute.
-rich
0
 
LVL 38

Accepted Solution

by:
Rich Rumble earned 2000 total points
ID: 17863874
Prevention, don't shut off your only nic... or encrypt the HD fully. EFS cannot do this, but there are lots of 3rd party apps and HD's that can do this. Prevent unauthorized physical access to the PC. Have your hosting service place a second NIC in the PC, it should plug and play, and likely get DHCP address, unless it's a static IP.
-rich
0
 
LVL 7

Author Comment

by:CharliePete00
ID: 17867993
Thanks Rich, after I was well into helping I got to thinking that if you could enable a device via a startup script you could also do other things like add an account, reset passwords, install apps, etc.  and the whole idea didn't seem so good anymore...You're right physically securing the server is really the only way to go with ecrypting the partition as a good second.
0

Featured Post

 The Evil-ution of Network Security Threats

What are the hacks that forever changed the security industry? To answer that question, we created an exciting new eBook that takes you on a trip through hacking history. It explores the top hacks from the 80s to 2010s, why they mattered, and how the security industry responded.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

As I write this article, I am finishing cleanup from the Qakbot virus variant found in the wild on April 18, 2011.  It was a messy beast that had varying levels of infection, speculated as being dependent on how long it resided on the infected syste…
OfficeMate Freezes on login or does not load after login credentials are input.
We’ve all felt that sense of false security before—locking down external access to a database or component and feeling like we’ve done all we need to do to secure company data. But that feeling is fleeting. Attacks these days can happen in many w…
Look below the covers at a subform control , and the form that is inside it. Explore properties and see how easy it is to aggregate, get statistics, and synchronize results for your data. A Microsoft Access subform is used to show relevant calcul…

876 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question