37
ng1905
6y

The PCs in our school have a software called "Dr. Kaiser" which purpose is to prevent changes to the disk. I thought it's working like DeepFreeze for OSX devices; having a copy-on-write feature or something like that. One day a friend of mine (kinda newbie in hacking) said he wanted to create a backdoor in the system so you can login as the local administrator of the device. He replaced the "sethc.exe" in the windows directory with cmd.exe on a live distro and claimed it was working perfectly. It turned out that "Dr. Kaiser" is indeed loading the default image on startup, but doesn't verify checksums for system files (and also doesn't include the files in the default image). Long story short: You now can open a cmd with System permissions on every PC in the building.

This. Is. Stupid. It should be forbidden to sell this software 😖

Comments
  • 6
    Wow... This is just pathetic... I mean I managed to do that on a few school computers after being genuinely pissed at the sometimes debilitating and idiotic restrictions on some of them, but I would expect software like that to at least prevent something that basic 🤣🤣🤣🤣🤣
  • 9
    Dr. Kaiser does come with a inbuilt PCI card, rip it out and you're good to go. Also the admin menu is accessible by pressing or holding Shift-E while booting I think, maybe Shift-F2. We had these fuckers at our school too, long time ago tho
    I eventually managed to gain ad wide admin privileges and could shutdown every computer remotely via windows inbuilt tools and could read file shares with RWE permissions ¯\_(ツ)_/¯
  • 4
    @Kimmax I heard about that combination too, never tried it though... We also have an outdated Linux server (ranted about it already) so the "useful" stuff is already accessible to everyone with little knowledge ;)
  • 3
    I read a rant a few hours ago about this deepfreeze thing I thought it was a repost lmao
  • 4
    My computer science teacher did a trial of a hardware deepfreeze on one of the school machines. He asked us to break it.

    Normal file operations would get reverted after a restart, and it worked pretty well I suppose.

    So instead I decided to try overwriting system memory via assembly (they were 98 machines), and managed to completely bork it. The machine was always very unstable afterwards, even after removing deepfreeze. I still have no idea what exactly my attempt did, but it was effective.
  • 0
    @Root I would love to know how you did that 😅🤣
Add Comment