As good as the recovery console in is Windows-it really aint that secure at all. Did you know that the Command Prompt tool found in Vista’s System Recovery Options doesn’t require a User Name or Password? And that the Command Prompt provides Administrator level access to the hard drive? For multiple versions of Windows? All you need is a Vista Install DVD and you’re all set to go.
Just boot from the DVD and select the Repair option:
Then select the Command Prompt:
Here you have full access to this computer, not only as an administrator but also as a system account user. After this you can insert usb-memory and copy any non-encrypted file from this computer to usb-memory and steal information without leaving any marks to the system or event viewer logs.
Also, you could for example copy SAM-file (contains names and passwords of local users) from c:\windows\system32\config to usb-memory and start cracking computer’s user password at remote computer.
A cracker can:
1. … copy files from hard disk to USB, floppy or network server
2. … create / modify / delete files and folders
3. … use most of the MS-DOS like commands
4. … use this method in Vista, XP, 200x
For more proof of the concept check out find more details from Mr. Kimmo Rousku and F-Secure
