Deep Freeze

Discussion in 'Scripts & Commands' started by cryptoknight, 11 Sep 2012.

  1. cryptoknight

    cryptoknight Well-Known Member

    Joined:
    28 Aug 2012
    Messages:
    53
    Likes Received:
    10
    Trophy Points:
    48
    Ok, so back in college they used Faronics Corp. Deep Freeze for all the public computers. This was to prevent the kids from screwing the PCs with toolbars, pr0n and all types of crazy malware.

    http://www.faronics.com/enterprise/deep-freeze/
    https://en.wikipedia.org/wiki/Deep_Freeze_(software)

    So once a computer's drive is frozen no changes made are permanent, and like using a live cd, after rebooting, any files you made are gone. All of the programs settings are stored in one file @ %SYSTEMDRIVE%\Persi0.sys

    The official way to unfreeze a computer where you forgot your password is this. Install the product on a separate machine & in the settings, select no drive letters to freeze. Then restart that computer from a live cd or bootable usb flash drive with Windows PE or any Linux that can read NTFS. Copy the new Persi0.sys file from the unfrozen machine to removable media. Shutdown.

    Go to target machine with live cd/usb and your Unfrozen Persi0.sys settings file. Boot up the frozen machine from live cd/usb and rename the original frozen Persi0.sys file to Persi0.bak , then copy over the unfrozen Persi0.sys file you made earlier. Reboot. Target machine is now unfrozen. To restore to original frozen state, switch the files back.

    Ok, so eventually to speed this up I made a batch file to do all of that for me. And then years later I dusted off that batch file and fired up VMware one day and I made a set of Persi0.sys files to cover all of the options. Pass seven meaning that the password is "seven", without the quotes, all lowercase.

    Frozen NoPass
    Frozen Pass seven
    Thawed 3 Boots
    Thawed Once
    Thawed Pass seven 3 Boots
    Thawed pass seven Once
    Thawed Pass seven Permanently
    Thawed Permanently

    So then I forgot about it for a while, then RAR'ed it up for anybody that wants some. It has the batch file to run if you want to use it, and the set of Peri0.sys files with 2 screenshots each. The batch file looks for the file you want to use to replace the original in the same directory as itself. The Peri0.sys in the directory with the batch file is for an older version of Deep Freeze, but does 'unfreeze'. If you want to use one of the other versions of the file, you can copy the batch file into the same folder as the different version of Peri0.sys and run it from there. I also included Deep Unfreezer from http://usuarios.arnet.com.ar/fliamarconato/pages/edeepunfreezer.html, which works from within the frozen windows, if Deep Unfreezer is run under an account with debug privileges, which it tries to enable, otherwise, try to use sysrun.exe to run it as SYSTEM. I do not prefer to use Deep Unfreezer because I like to always have a backup of any file I change so I may always have a way to get back to the original problem when troubleshooting.

    Anyways, sorry for the long thread, but if anyone needs to get around some Deep Freeze install this will do it.:)

    http://www9.zippyshare.com/v/99740449/file.html

    Code:
    Select All
    @ECHO OFF REM DEEP FREEZE SYSTEM FILE REPLACER 1.2 BY CRYPTOKNIGHT REM THIS FINDS AND REPLACES THE SETTINGS FILE FOR DEEP FREEZE. ECHO #DEEP FREEZE SYSTEM FILE REPLACER 1.2 # ECHO TO CANCEL CONTROL+BREAK NOW OR PAUSE IF NOT EXIST %SYSTEMDRIVE%\PERSI0.SYS GOTO ERROR ELSE REN %SYSTEMDRIVE%\PERSI0.SYS PERSI0.BAK XCOPY PERSI0.SYS %SYSTEMDRIVE% /Y FOR %I IN (PERSI0.SYS) DO @ECHO OPERATIONS COMPLETE. %~ZI BYTES WRITTEN. GOTO END :ERROR ECHO DEEP FREEZE SYSTEM FILE NOT FOUND IN %SYSTEMDRIVE% PAUSE GOTO END :END
     
    • Like Like x 1
  2. Fantasma

    Fantasma Well-Known Member

    Joined:
    31 May 2012
    Messages:
    740
    Likes Received:
    434
    Trophy Points:
    291
    Let's give a try on some cyber coffee machines... Geek
     
  3. TCB13

    TCB13 iKlive CEO
    Staff Member Admin VIP

    Joined:
    24 Jun 2012
    Messages:
    95
    Likes Received:
    54
    Trophy Points:
    248
    I used this program in a cyber coffee setup we made some time ago. It saves the day for sure...

    Anyway, your program among with konboot could easily be used to get around the security of the cyber coffee and enjoy free internet with admin access to the computer. Still... I don't actually see how we could get around the cyber coffee software. xD Maybe I do...
     
  4. cryptoknight

    cryptoknight Well-Known Member

    Joined:
    28 Aug 2012
    Messages:
    53
    Likes Received:
    10
    Trophy Points:
    48
    sysrun + Process Hacker = taskmgr running as SYSTEM

    You can end pretty much any process (a/v, cafe, agent) with those two.

    Just kill all the processes you don't like
     
    • Like Like x 1
  5. eyedea007

    eyedea007 Member

    Joined:
    14 Nov 2012
    Messages:
    6
    Likes Received:
    0
    Trophy Points:
    6
    thanks for the script
     
  6. Garry Andrew

    Garry Andrew Active Member

    Joined:
    31 Jul 2012
    Messages:
    23
    Likes Received:
    2
    Trophy Points:
    35
    The Zippyshare file link has expired. Any kind person able to offer a repost?
     
Loading...
  • About Us

    We are a community mixed with professionals and beginners with an interest in wireless security, auditing and pentesting. Feel free to check out and upload resources.


    You can also find us on: Twitter and Facebook

  • Donate to Us

    Did you find our forums useful? Feel free to donate Bitcoin to us using the form below. Those who donate the equivlent of $10 USD or more will be upgraded to VIP membership. Don't have Bitcoin? Use your credit card to GO VIP here. Don't want to fork out some coin? There are other ways to GO VIP. Bitcoin: 1LMTGSoTyJWXuy2mQkHfgMzD7ez74x1Z8K