I spent most of yesterday at a client site dealing with a Windows 2000 Server which had run out of disk space on the system (C:) volume. Apparently Active Directory won’t work if there isn’t enough disk space and without Active Directory you have, well, no user account database among other things. Cleaning up space wasn’t going to be a problem using Directory Services Restore Mode but quickly I learned the DS admin password didn’t match my documentation.

There are numerous ways to hack a Windows server but I wanted a clean method. After some Googling I discovered Bart’s Preinstalled Environment (BartPE) which supports read/write operations on NTFS volumes.

The creation of a Windows XP boot CD was (surprisingly) easy. Shortly I was looking at the BartPE wallpaper and opened the A43 File Manager. Within minutes I freed up disk space on C: and rebooted the server. Success.

Later, something dawned on me… I successfully deleted files within C:\WINNT using BartPE. No administrator login required. No ill side effects. Can it be this easy to gain access to other Windows servers?

This is reason enough to lock-down your file servers with physical security. Lock the server room door. Lock the server cabinet. Lock the server faceplate. Disable CD booting in the BIOS. Assign a BIOS password.

All of these precautions can be a hassle during routine maintenance but they’re extremely important if a boot CD or USB flash drive is all it takes to hack into a Windows server.

Trackback URI | Comments RSS