A challenge for me, a challenge for you

[hoffman-log.livejournal.com]

Hey guys. Haven't posted here in a long time, but I have a good one for ya. Now, I know this isn't about bitching about crappy customers, but it's an interesting chance to test your skills, and possibly make some money too. My network teacher last year seems to enjoy doing these "challenges" where he sets up a system to be "unhackable" and offers a reward to anybody that can hack the system. Here's the specks.

The machine is protected by Hard-Guard. Read up on it. The basics are that any changes you make on the computer are lost once you reboot.

The system has a BIOS password. I have successfully passed this. The system setup password, however, is different. I have not yet cracked this.

The computer is a Dell Optiplex Gx1, BIOS version A07.

The computer will not boot into the OS. You must get past Hard-Guard first (so technically anything after this would be pretty much easy to do).

The CD-ROM is disabled (in the sense that the power cable is unplugged)

Same thing for the floppy drive, also the zip drive

Wake on LAN is disabled

I cannot make any hardware changes (like opening the case and removing the card)

Last year I was able to get around this simply by popping in a CD and re-installing the OS. Going by the above information, that's not possible this time around. So I've been trying a few other things, like hoping the "human" factor plays into it (i.e.: His windows password is the same as the hard-guard password). Thus far, however, I haven't been able to connect L0pht Crack successfully to the domain controller (from a different computer on the same network).

The ultimate goal is to boot into the OS, install Kazaa, place a folder on the desktop titled "HACKED", reboot, and have the installed changes remain (because hard-guard is supposed to wipe all changes clean).

I'm smacking my brain on the wall over this one and I gotta say, this one is really difficult... Any suggestions would be appreciated, and I will gladly split the reward money with anybody who provides any suggestions that help lead to a successful hack.

_MaH

Comments

Re:

[hoffman-log.livejournal.com]

Oh one more thing on how it works. My bet is that hardguard stores the file accolation table (or whatever it's called in NTFS) in flashable ROM on it's chip. Then, it takes over all input/output functions on the harddrive, essentially leaving the table on the HD untouched. Then, when the system is rebooted, it reverts back to the table on the hardguard card, thus "erasing" the files.

So, yeah, defragging must be hell for the thing (see thought below) and I've wondered what you could come up with if you ran Norton Restore or some program like that on the HD.

I've been thinking about a defrag approach... Last year when this (virtually) same challenge was presented, I bypassed hardguard by reinstalling the OS. I guess hardguard is setup to check for something like that. Anyway, after that discovery, they disabled the CD-ROM. I'm curious if file read/write control exercised by hardguard is suspended during a defrag process...

The above, however, wouldn't work since I don't yet have administrative privilages. I've been trying to l0pht crack the thing, but it says i don't have the privilages to access it. Must be a LC4 "feature". Also he stepped in and said I couldn't use l0pht crack.

But when I was poking around the registry today he was making comments like I was really close... Anything I could access in the registry that might help?

_MaH

[daerlyn.livejournal.com]

Any updates? I have no advice, but I'm quite curious about how this is going.

Re:

[hoffman-log.livejournal.com]

I threw in the rag. Unfortunately these were the final days of my "I have nothing to do" state of affairs. Now I have a job. A job serving people at Ruby Tuesday. Great restaurant, mediocre job. But where the hell did my free time go?

_MaH