Thursday, August 17, 2006 

eEye's SysRQ2 tool

If you haven't checked out eEye's newly released tools, you'll want to head over to and check them out.

One of the more interesting tools they have there is SYSRQ2.

The ISO image for SysRQ2 is so small, I am not sure why they bothered to zip it up. Anyway, they describe it as:

SysRq is a bootable CD image that allows a user to open a fully privileged (SYSTEM) command prompt on Windows 2000, Windows XP, and Windows Server 2003 systems by pressing Ctrl+Shift+SysRq at any time after startup. It was first demonstrated at Black Hat USA 2005 by researchers Derek Soeder and Ryan Permeh as an example of applied eEye BootRoot technology. Use the "create CD from ISO image" feature of your preferred CD burning software to create a bootable SysRq CD.

I was testing SysRQ2 yesterday and had mixed results. I was able to get it work on a Windows 2000 machine (and even one that used a very modified DII COE version of Windows 2000). Anyway, when I tested it on a Dell Latitude laptop running XP SP2 (and fully patched, I believe) it took a really long time to boot up, the screen went black for a long time, and then it blue screened with a “Stop C000021a” error.

But, on Windows XP, you can always use the trusty sethc.exe trick I mentioned a while back when reviewing Backtrack. But, hopefully, they will either fix it, or it will turn out to be an anomly resulting in my unique set of hardware and software.

Another tool they have that looks promising is the eEye Binary Diffing Suite(EBDS). I haven't gotten a chance to play with this yet. I think the Metasploit project is working on something similar.