The DreamPack Experience
Being as how I am a Geek, I have lots of fun toys to play with at work. But one of my favorite items that we have is our “GeekCD”. It is a bootable BartPE disc with a plethora of tools at our disposal. Among the coolest of the features that we have on the CD is DreamPackPL. For those who don’t know what DreamPack is I will break it down like this, it is the utter destruction of local machine security. If a person has access to the Boot to CD feature of your machine, they can completely take control over your system (Windows 2000 and XP only) with minimal effort (even if every account has a super strong password). Some of the best features of this program include:
- Bypass user passwords (no password needed, even if the account has a password)
- Logon to the machine with System(!) privileges
- Disable Windows File Protection
- Show and calculate Hashes
In case you hadn’t noticed the most amazing portion of this program is the fact that you can boot the machine and logon with System privileges. That’s right, who needs Administrative rights when you can logon as System (root who?). How does it work you ask? Well, it replaces Windows sfcfiles.dll and modifies the registry outside of Windows (DreamPack can be loaded from its own CD or through a BartPE plugin) so as I said previously, if you have access to boot to cdrom, there is nothing the computer’s owner can do about it.
As many nefarious uses that DreamPack has (as I’m sure you are all thinking about at this moment), it also has many useful features for a computer technician:
- Assist in spyware removal. (When you are logged on as System there is nothing you can’t do)
- Service Pack 2 installation on XP boxes(prevents errors when loading from registry key permissions)
- Resetting passwords for the people that forget their logon password (you would really be suprised how many people actually forget their password)
- Bypassing private user directories in XP Home machines (parents love to know what their kids are up too)
Granted that the spyware removal portion is actually a non-issue with our GeekCD, seeing as how we have HijackThis! (all hail Merijn), Ad-aware, and Spy Sweeper setup in our Bart environment with a registry redirector that allows us to remove both files and registry entries without the machines Windows environment ever being loaded. You’d be amazed how much work this cuts down, when spyware isn’t running in memory and trying to keep itself alive while you are removing it. Add to that multiple virus scanners, a registry editor, registry restore wizard, and a few other fun machine cleanup tools, you have a nifty little package for a quick and painless cleanup on even the most spyware/virus ridden computer.
As a note for something I discovered this evening: NEVER install DreamPack and logon as system with a computer running Microsoft’s Antispyware Beta. For some reason all the registry entries for the DLLs that are registered by the program become corrupted and are inaccessible completely outside the System user. Why this happens exactly I’m not quite sure, but it is is major pain to fix. The program first needs to be uninstalled and then, every single registry entry pointing to ten different DLLs has to be deleted manually from the registry while logged on as System. If you are not logged on as system there is no way to remove those entries (even attempting to take ownership of the keys fails), which makes this an even more painful process as I had already uninstalled DreamPack. Once all the entries have been removed it you can then reinstall the program and everything works peachy. This was a painful lesson to learn, as I had to gratis a customer 45 minutes of my time to fix my screw up. Oh well, live and learn.
So let me end with this, everyone that fixes or manages computers should be walking around with their bright shiny BartPE disc with the DreamPack plug-in. If nothing else, it will keep them from going gray, and make their jobs infinitely easier.
For more information on the BartPE and DreamPackPL check out the following pages: