Not really. This is pre-ASLR, so all you need to do is push a string pointer on ... | Hacker News

Hacker News new | past | comments | ask | show | jobs | submit

login

13of40 on March 19, 2018 | parent | context | favorite | on: Booting Windows NT 4 on a DEC Multia

Not really. This is pre-ASLR, so all you need to do is push a string pointer on the stack and call an address. Probably less than 15 bytes of machine code you'd need to hex-edit into an existing exe.

Neil44 on March 19, 2018 [–]

If you have hard drive access you can replace the logon.scr screensaver executable with the command prompt executable, then a few minutes after boot up a command prompt with system privileges will appear by magic.

Consider applying for YC's Spring batch! Applications are open till Feb 11.
Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact