COMMAND

    kernel

SYSTEMS AFFECTED

    Win2000Beta3

PROBLEM

    Anthony Lee reported following.  It's exploit on Win2000 while  in
    its Beta3 phase.  Use the following steps to exploit it:

        1. Modify the powercfg.cpl to make hibernate is enable,
        2. Make win2000 do not receive any other proccess to run.  The
           system should enter into hibernate mode,
        3. The  system will  cache the  memory to  HIBERFIL.SYS.  This
           file contains administrate name and password,
        4. Revoke  the  computer  and  modify  POWERCFG.CPL  to   make
           hibernate not being enable,
        5. Use  UNDELETE.EXE which  comes from  WWW.NTINTERNALS.COM to
           recover hiberfil.sys and copy this file to another <dir>
        6. Use this copy of HIBERFIL.SYS to get username and password.

SOLUTION

    Nothing yet.  Anyway, it's BETA!