Before we get ahead of ourselves, this how-to guide is based on vulnerable virtual machines. The purpose of the guide is to show how easy it is to bypass the Windows boot process and OS security features to gain access to information stored on the drives.
Disclaimer: This is an educational exercise which should only be attempted on virtual machines belonging to yourself. This is not intended to cause harm and you should allows follow the Computer Misuse Act.
Is this Exercise for You?
This guide is for penetration testing practices, designed for CTF participants and exploit researchers. It is assumed you already have a (potentially) vulnerable machine which may be susceptible to this method.
This exercise uses Oracle VirtualBox, a vulnerable Windows 7 virtual machine ISO and an Ubuntu virtual machine ISO. If you do not have access to a vulnerable virtual machine, this will not work. You can find a range of vulnerable virtual machines here.
Note: Just because a machine is vulnerable, doesn’t mean it’s guaranteed to be vulnerable to this attack.
How to Bypass the Windows Boot Process
Step One: Launch your vulnerable virtual machine and open notepad. Write a simple message and save it to the documents folder.
Step Two: Power off your virtual machine.
Step Three: In the hypervisor for your virtual machine, click “Storage” for details.
Step Four: Select the empty CD icon under the SATA controller.
Step Five: Select the CD icon at the right of the Optical Drive and choose your Ubuntu ISO file. Click OK to accept these settings.
Step Six: Start the Virtual Machine. Instead of booting Windows, the Linux ISO will run and begin the installation process.
Step Seven: When prompted, choose the option “Try Ubuntu”. This will install the Linux OS into memory rather than the disk.
Step Eight: When Linux has booted, select the file explorer.
Step Nine: Choose “Other Locations” and select the volume which represents Windows 7.
Step Ten: Navigate to Users > [Your User] > Documents.
If successful, you can read the contents of the file you made earlier!
How to Avoid this Risk
Whether you’re looking to strengthen your virtual machine or protect your PC from the risk of this attack, it’s probably reassuring to hear you can avoid threat agents from accessing your documents in such a way. To protect your files you’ll want to place them in an encrypted folder. The steps to do this are detailed below:
Step One: Create a new folder in your chosen location.
Step Two: Right-click this folder and choose properties.
Step Three: In the dialogue box, click “Advanced” and then select the “Encrypt contents to secure data” checkbox.
Step Four: Click OK to accept these settings.
Encrypting your file means, upon gaining access to the contents of your operating system, the contents of the folder cannot be opened. Note: you can still view the names of the documents in the folder.