This is a grat hacking tool

[sieben]

I know i am not the only one that uses this
But is it great or what
you put the cd in on a machine that has windows 2000 you boot
bypassing all the log on security, the cd even mounts the local drive
you go to the local drive and you can copy, atache file in an e-mail
basicly take what you want from the drive
IS THAT GREAT OR WHAT,
i tesed it on two windows 2000 machine and i even got finacial files from one of my servers at work
This is cool

[rickenbacherus]

The rule is: If you can access the machine you can hack the machine. If you want security the machine needs to be completely unaccessible, secondly it needs a BIOS password and the BIOS should be set so that the box will not boot from cd or floppy. Yes, Knoppix makes it unbelievably easy to do but it is not really anything new. Why would you hack your own employers server and write about it in a forum though?

[rdoma219]

Well put, I agree.

[pau1knopp]

hmm...

a couple of "great" observations...

if the physical security is so poor that the janitor can boot up a knoppix cd on your servers... yes, you are in big trouble. however, it that IS the case, you have bigger problems than you know...

however, assuming you ARE the sysadmin getting paid to retrieve files from a crashed financial server, you have a better disaster recovery solution than you could have ever dreamed of...

standalone system security is only going to be as good as the firewall you have guarding the door...

to ask politely, please quit trolling. this forum (thus far) has been for people seeking answers to technical quesitons to specific questions, concerns, queries, etc.

[neitzel]

So all, that is shown here shows:
- If you had to put data on a computer, where the physical access isn't restricted: Encrypt them! That is the only way to protect your data!
- If possible put your data on a server, where your server is somewhere, where nobody evil can get. But that isn't really save, because you cannot know, who is "evil" and the server can be hacked!

The knoppix CD is nice, but If you want a "hacker tool", there are much better things.

But knoppix is really really cool to show some "dumb" people, what their great security is "worth". Security is something, a lot of people didn't think about.

I burned a lot of cd's in the last days and gave them to a lot of coworker. knoppix is really usefull and saved us a lot of work.
(e.g. starting a os/2 server which has a destroyed config.sys. The server didn't start any more. Or when windows doesn't start any more and the computer will be "rebuild" again, it is really easy to copy some data. In both cases, there would be other possibilities, too, but it was really easy to simply insert Knoppix.)

Konrad

[KneeLess]

It's like what the old saying goes (well it's not really old, or a saying...whatever)...

The safest computer is unpluigged without a power supply, no monitor, mouse keyboard, cd rom or floppy, garded by nerve gas and 10,000 guards with lasers all around it. And still, it isn't totally safe.

And no the guards and the nerve gas aren't touching

[hernan]

damn right !

LOL

(SRRY IF IM TYPING IN CAPS, I GOTTA CHANGE THE FONT :d)

[EldarStorm]

I tinkered with linux a long time ago and have forgotten most of what I knew. I recently loaded a dual boot of XP Pro and Mandrake Linux 8.1c. During the configuration of Lilo ( I was setting XP as default and changing the name from NT to XP Pro) I made it so it would not boot into Windows. Well while trying to get that fixed I made it not boot into Linux as well.

So luckily at my work I have a friend that knows alot about linux and he was able to use my Knoppix cd to fix part of the problem.

We will probably start using it to get into systems we need to back up data from for customers. It is a verry handy tool.

[aay]

i tesed it on two windows 2000 machine and i even got finacial files from one of my servers at work
This is cool

I'm assuming that you don't normally have permission to grab these files. Why would you expect anyone here to get excited about that? It would be nice for you to use this "hacking tool" to show your admin where his/her security holes are.

[dmedici]

I am interested in this topic - though not from the point of view of cracking and stealing, but more from rescuing friends from locked computers, et al.

I tried this on my machines - As we know, with the Knoppix cd, W2K login screens can be bypassed so long as the BIOS is set to boot from CD. But that is easy enough to do simply by configuring it during startup. The solution then, is to password-protect the BIOS. Hence my question:

How truly secure is a password-protected BIOS? I wouldn't expect to see 99 out of 100 computers outside of a corporate environment secured with a password-protected BIOS, and from what I've seen in some of the corporations, I don't think there are too many there either. So does LINUX have a way to beat the BIOS password? Because now that I have my passwords set in BIOS, what else do I have to do to prevent that from being penetrated?

Once again, I would like to stress this is not in the interest of cracking. I don't wish to spend a portion of my life in Federal or State prison. It seems to me that a Knoppix disc would be a handy tool for a helpdesk or computer department, (With the Superiors' permission and knowledge of course!) in order to get back into the machines that workers are bound to crash.

My next experiment is to try getting into a 'crashed' W2K system to see how far I can get with the Knoppix disc. The question there would be, depending on the crash, how much could I rescue or, is it normal to be able use Linux to recover files from a crashed W2K system.

I suspect it won't be too long before I get a call from a friend with a crashed-out W2K system. I'm looking forward to posting my results here.