password flaw discovered in Windows XP
Results 1 to 10 of 10

Thread: password flaw discovered in Windows XP

  1. #1
    Member
    Join Date
    Jan 2003
    Posts
    73

    password flaw discovered in Windows XP

    Hey All,
    yet again another possible security flaw... suprised ??? i didnt think you would be

    A security flaw recently revealed in Microsoft Corp.'s Windows XP could enable unauthorized users to access password-protected PCs.
    Using the Windows 2000 CD, anonymous users can apparently boot up a computer with the Windows XP OS and call up the troubleshooting program Windows 2000 Recovery Console.
    Using the program's system recovery routine, the unauthorized user can then work under the guise of a Windows XP Administrator, effectively rendering any passwords useless. The flaw affects all XP user accounts, password-protected or not -- visitors can then access files from the hard drive and copy to any removable media.

    the rest of the story Here

  2. #2
    AO Ancient: Team Leader
    Join Date
    Oct 2002
    Posts
    5,197
    Frankly, physical access does not count as a hack...... Anyone can hack a box they can touch.....
    Don\'t SYN us.... We\'ll SYN you.....
    \"A nation that draws too broad a difference between its scholars and its warriors will have its thinking done by cowards, and its fighting done by fools.\" - Thucydides

  3. #3
    Banned
    Join Date
    Feb 2003
    Posts
    13
    Do you/he means hacking into the comp's OS from another location or the actual target box??

  4. #4
    Senior Member
    Join Date
    Jul 2002
    Location
    Texas
    Posts
    168
    Seeing as how it uses the windows cd to boot, it means the actual target box
    <chsh> I've read more interesting technical discussion on the wall of a public bathroom than I have at AO at times

  5. #5
    AO übergeek phishphreek's Avatar
    Join Date
    Jan 2002
    Posts
    4,325
    I have posted this several times already.

    The first time I posted it was back in Aug of 2k2, when I "discovered it" and started a thread about it. And more recently, when I read about it in a news letter.

    Read about it here.
    There are links to both my original thread in Aug 2k2 and the newsletter that reported it.

    This only works when you are phycically at the machine. There are ways to prevent it and there are also other ways other than the win2k cd to do the same thing...

    I would consider this a "hack" as m$ didn't intend for it to work this way. Hacking does't have anything to do with having physical access.... it has to do with learning and understanding and thinking "outside the box".

    The most importance I can see out of this for an admin is if they have lost the admin password, or renamed the admin account... they can still get local access to the machine and do what they need to do.

    For a cracker, however, they will have FULL unauthorized access to the box. That can also be accomplised with some linux boot CDs and NTFDOS amongst others... We have simply found another way around it... and don't have to pay US$299 for NTFDOS when m$ did it for us already.
    Quitmzilla is a firefox extension that gives you stats on how long you have quit smoking, how much money you\'ve saved, how much you haven\'t smoked and recent milestones. Very helpful for people who quit smoking and used to smoke at their computers... Helps out with the urges.

  6. #6
    AO Ancient: Team Leader
    Join Date
    Oct 2002
    Posts
    5,197
    Phish:

    You said "Hacking does't have anything to do with having physical access.... it has to do with learning and understanding and thinking "outside the box". "

    Since physical access is the worst right/permission you can grant someone I say that with your definition and physical access to your box I can DOS your machine with a 21lb Sledgehammer and you will still call it a hack???????

    There needs to be a line drawn somewhere - If Admins, (who can), physically secure their box don't then they are negligent. Hacking a physically unsecured box is, IMO and to use a word I dislike intensely, lame..... But maybe that is what we should categorize hacks of physically unsecured boxes......

    I dunno - I just don't think this one took a **** load of genius........
    Don\'t SYN us.... We\'ll SYN you.....
    \"A nation that draws too broad a difference between its scholars and its warriors will have its thinking done by cowards, and its fighting done by fools.\" - Thucydides

  7. #7
    Senior Member
    Join Date
    Sep 2001
    Posts
    1,027
    Originally posted here by phishphreek80
    For a cracker, however, they will have FULL unauthorized access to the box.
    Of course they will have full unauthorized access, they're already in front of it. What more access could you want? An OS can only manage security when it's running. Besides, this is not as if "microsoft did not intend for it to be that way"; do you think any other unix/linux box is more secure if you have physical access? It's even easier: just drop to single user mode. Heck, where's the news in this? It's not even a hack, it's not even new and it's not even windows (NT4/2K/XP) specific.

    Besides, the rest of the complete story tells it right...

    Ammo
    Credit travels up, blame travels down -- The Boss

  8. #8
    Member
    Join Date
    Jan 2003
    Posts
    41
    A better way of thinking about a "hack" is something that M$ didnt want to happen, or an action with a result the didnt EXPECT. I think it's safe to say everyone knows a sledgehammer will put your box out of commission, but was it really that obvious that you could bypass pw security w/ a w2k disc? And hey, the sledgehammer thing would have been considered a hack a few millennia ago.


    personally though, i think bootstrapping a box with a linux floppy is more fun.
    Hey there, chaps! Being mexican-american, I don\'t really think I have the racial background to say that...Oh well, visit our site at www.evilcorp.tk
    Don\'t expect any content...for a few weeks!

  9. #9
    AO übergeek phishphreek's Avatar
    Join Date
    Jan 2002
    Posts
    4,325
    Tiger Shark and ammo,

    I suppose you are right. With physical access you can do anything you want, therefore it isn't a hack in the sense that it "took a **** load of genius........"
    I am fully aware of what you can do with physical access or remotely. There are several ways to do everything. This is just another way to do things... not the only way.

    From what I know the meaning of "hacking" is learning, exploring, understaning, finding new wasy to do things, thinking "outside the box", etc.

    In that sense all of the above happened. I was learning, exploring, understanding and finding a new way to do things. Maybe my my idea of "hacking" is different from yours.

    When people tweak and explore an OS, or fix a faulty driver... what are they doing? Hacking... at least by my definition. Maybe not by yours. I think you are using "hacking" like the media use it... interchangably with "cracking".

    I had no idea what was going to happen when I first found it out. I just stumbled upon it while troubleshooting... Its not like I was trying to find a way to exploit XP, we already know how to do that.

    Oh well, weather it is considered a hack or not... that isn't the main issue. The main issue is and has been that people tend to look more towards people exploiting their networks remotely. They spend all this money and time protecting from the outside in, while not paying too much attension to physcial security.

    Hopefully this will be just another eye opener for people trying to secure their networks.
    Quitmzilla is a firefox extension that gives you stats on how long you have quit smoking, how much money you\'ve saved, how much you haven\'t smoked and recent milestones. Very helpful for people who quit smoking and used to smoke at their computers... Helps out with the urges.

  10. #10
    Senior Member
    Join Date
    Sep 2001
    Posts
    1,027
    No no, you did mention "cracker" ("For a cracker, however")!


    but was it really that obvious that you could bypass pw security w/ a w2k disc?
    The w2k disc might not be obvious, but it is well known that once you have the unencrypted data (IE: acces to the disk, on an unencrypted FS), the OS can't do anything to help you...

    They spend all this money and time protecting from the outside in, while not paying too much attention to physcial security.
    True...


    Ammo
    Credit travels up, blame travels down -- The Boss

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •