Jump to content

The end of the Switchblade?


SmoothCriminal
 Share

Recommended Posts

I recently noticed that a pesky new windows update prevents you from getting the LSA secrets off a computer.  On XP when I plug in (and all of you assuming you dl'ed the new update) the computer issues me a message about a LSA security violation, and it gives me one minute to close all programs before it reboots, I will try to get a screenshot of it later (will be a little bit of a challenge).

Edit:  Heres the pics

untitled-1.jpg

First you get the top error, then after clicking OK, the second screen pops up and you better save your work quick.

Link to comment
Share on other sites

I recently noticed that a pesky new windows update prevents you from getting the LSA secrets off a computer.  On XP when I plug in (and all of you assuming you dl'ed the new update) the computer issues me a message about a LSA security violation, and it gives me one minute to close all programs before it reboots, I will try to get a screenshot of it later (will be a little bit of a challenge).

Get the same problem with Cain trying to dump lsa secrets.

Link to comment
Share on other sites

Not sure how to still grab the LSA Secrets, but if you can implement into your payload:

shutdown /a or shutdown -a

I can't remember exactly I think it's the second one, but it will stop the system from shutting down and ignore that shutdown message.

Link to comment
Share on other sites

Not sure how to still grab the LSA Secrets, but if you can implement into your payload:

shutdown /a or shutdown -a

I can't remember exactly I think it's the second one, but it will stop the system from shutting down and ignore that shutdown message.

Problem is any time lsass.exe crashes, winlogon.exe automatically reboots the system, and there is no way to stop it. Task manager won't even be able to end it. Maybe someone with a virtual machine and said switchblade can try your "shutdown -a" option to confirm this.

Link to comment
Share on other sites

Problem is any time lsass.exe crashes, winlogon.exe automatically reboots the system, and there is no way to stop it. Task manager won't even be able to end it. Maybe someone with a virtual machine and said switchblade can try your "shutdown -a" option to confirm this.

Can't you change that in services.msc or something so it just restarts the service instead of the entire machine? Of course you would need admin for that, so it might not be that useful.

Link to comment
Share on other sites

Can't you change that in services.msc or something so it just restarts the service instead of the entire machine? Of course you would need admin for that, so it might not be that useful.

Plus that would ruin the entire concept of the switchblade.  If I wanted to get someones password real quick, I just want to enter my usb drive, rip off the password, and go.  If you had to do all that then that would defeat the purpose of owning a switchblade. 

Link to comment
Share on other sites

Plus that would ruin the entire concept of the switchblade.  If I wanted to get someones password real quick, I just want to enter my usb drive, rip off the password, and go.  If you had to do all that then that would defeat the purpose of owning a switchblade. 

Well, it's probably possible to do via the command line, but I don't know.

Link to comment
Share on other sites

  • 3 weeks later...

i dont suppose it's possible to silently something to the effect of - if hotfix KB****** dont run %program%, rem hotfix KB******, run %program% ....

or is that too complex to run w/o detection?

Link to comment
Share on other sites

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

 Share

  • Recently Browsing   0 members

    • No registered users viewing this page.
×
×
  • Create New...