Your colleague is at lunch, he or she didn´t loged out, and the screen is locked? And you need the workstation right now? No problem!
Adam Boileau has a neat solution or this problem. Simply use
winlockpwn to unlock the system. You colleagues notebook has no Firewire port? No problem, you only have to put a Cardbus Firewire card into the system. Wait for auto installation (Windows autoinstall drivers while screenlocked) and use winlockpwn to get access to the system.
Don´t hassle around with this strategy to cool down chips and put them in a different system for
the cold boot attack, you can read the memory of the live system.
How does this hack work? Well, just read this presentation:
Hit by a Bus: Physical Access Attacks with Firewire . This trick was presented 2 years ago, but you can still use it. This hack uses a feature of Firewire: It uses DMA for the fast transfer of data. With this capability you can read and write the memory of the system ... and that´s the master key to the kingdom. And to add insult to injury: You can´t really change it, as the DMA is the "Fire in Firewire" as Adam coined it ..
PS: Where is my credit card ... i need a firewire card for my old notebook
Comments