Bugtraq mailing list archives

Re: FoolProof for PC Exploit

From: erik () kirenet com (Erik Soroka)
Date: Mon, 9 Nov 1998 15:48:36 -0500


On Wed, 4 Nov 1998 15:55:09 -0500, Krish Jagannathan wrote:

I figured this much out -- if you are running on FoolProof for the PC
(Win9x) and you boot up in safe mode (with or without network support) it
will bypass the FoolProof TSR and enable full privileges, even deleting
the FoolProof directory.


Another point of reference dealing with this program (and a much cleaner
approach) -- FoolProof for Windows 9x stores the administrator password in
plaintext in the Windows Swap file.  All you have to do is boot up into safe
mode (as mentioned above), copy the swap file to a temporary filename, reboot
into windows and use a hex editor to search the swapfile for the string,
"FOOLPROO" and right after will be the actual password.


foolproof - adj.  (1)  "so simple, plain, or reliable as to leave no opportunity
for error, misuse, or failure..."


The name of this "security" program doesn't seem to fit the numerous bugs and
glitches it has -- however it is a neat program with some nice features that
might come in handy on systems accessible to the public.

Enjoy.




______________________________________________________________

 Erik M. Soroka  (NIC: ES2600)  |  Voice/Fax: 508.669.5208
 KIREnet Communications Inc.    |  Page/Beep: 978.629.3322
 Web: http://www.kirenet.com    |  E-Mail: erik () kirenet com
______________________________________________________________

Current thread:

FoolProof for PC Exploit Krish Jagannathan (Nov 04)
- Re: FoolProof for PC Exploit The Tree of Life (Nov 09)
- Re: FoolProof for PC Exploit William Tiemann (Nov 09)
- <Possible follow-ups>
- Re: FoolProof for PC Exploit Erik Soroka (Nov 09)
- Re: FoolProof for PC Exploit axon (Nov 09)
- Re: FoolProof for PC Exploit Darren Rogers (Nov 09)
- Re: FoolProof for PC Exploit pcsupport () smartstuff com (Nov 10)