Passworded Folder Bypass?
Results 1 to 9 of 9

Thread: Passworded Folder Bypass?

  1. #1
    Senior Member
    Join Date
    Sep 2003
    Posts
    279

    Passworded Folder Bypass?

    For those who don't know it is possible to create a password protected folder. Simply by just creating a compressed folder, going to the "file" menu and clicking "password". It will prompt you for a password that you can use to lock the folder with.

    BYPASS PASSWORD PROTECTION

    >> My Computer
    >> Local Disk (C:\)
    >> Documents and Settings
    >> Owner Name's Folder
    >> Local Settings (This was a hidden folder)
    >> Temp (Do not delete anything in this folder)

    Once in there look for a folder that contains your compressed folder (*.zip).
    If you open it it will display all the contents with the need for a password.

    I belive that is a problem. I know you can deni acces to the temp folder. Is there anyother way i "patch" this problem?
    AntiOnline Quick Forum Version 2b Click Here
    10010101000000110010001100111

  2. #2
    Senior Member VicE$DoS$'s Avatar
    Join Date
    Nov 2002
    Posts
    209
    I read this on astalavista recently...

    http://www.astalavista.com/library/m...-bypassing.txt

    Its an interesting one...is so simplistic its frightening.

    ..I dont have XP and havent really played with it, Is there an option to clear the //local temp directory when you log off?

    Cheers
    V$D$
    I remember when Nihil was ickle. Does that mean I'm old?

  3. #3
    AO übergeek phishphreek's Avatar
    Join Date
    Jan 2002
    Posts
    4,324
    Maybe I'm missing something... but don't you need permissions to access another users folder? That user would either need to grant you access... or you would need to be admin.

    If not.. then they are using FAT and not NTFS.

    I wonder if you can do the same thing with knoppix?

    I'm not saying that this isn't a problem... because most people don't even know how to set permissions... but if they did... don't you think they would not need to put passwords on their folders? Or... if someone really wanted to keep someone out... use encryption! Keep your key away from the PC.

  4. #4
    Senior Member
    Join Date
    Oct 2003
    Posts
    107
    u dont need permition....... just goto documents & seting... from c:\> & u will get to all the users... folders..... + this all works that is creapy

  5. #5
    AO French Antique News Whore
    Join Date
    Aug 2001
    Posts
    2,126
    maxim_86ualb2, Document & Setting user folder are block unless you're admin.
    -Simon \"SDK\"

  6. #6
    Senior Member Maestr0's Avatar
    Join Date
    May 2003
    Posts
    604
    Actually users folders are blocked from access by anyone except the owner (this can be changed to allow admins access also from the domain or local machine secuty policy) Of course nothing stops the admin from taking ownership but then the user cant get in . I believe this function was intended to password folders which you want available to certain users through the network and was not meant to be a hardened securtiy technique for those with physical access to your machine, you may find just encrypting the folder instead is probably more secure, if you dont trust MS with your encryption use PGP instead.

    -Maestr0
    \"If computers are to become smart enough to design their own successors, initiating a process that will lead to God-like omniscience after a number of ever swifter passages from one generation of computers to the next, someone is going to have to write the software that gets the process going, and humans have given absolutely no evidence of being able to write such software.\" -Jaron Lanier

  7. #7
    Senior Member
    Join Date
    Mar 2003
    Posts
    372
    actually admin doesn't have to take ownership of the folders in question. They already have an implied ownership so don't need explicit ownership... at least in 2000 it's that way. I haven't messed around with XP too much so I don't know if it's the same way or not.

    Anyway as a test on my 2k box here I logged on as my user ID which is also an admin on the box. I then went to the Documents & Settings directory and could see everyones folders (three other people had logged on to this box in the past week) and access them by just clicking on them. The local admin group is added to the ACL by default, but you COULD remove them if you really wanted to so that only the owner had access... but like you said an admin could just take ownership of it or could add their group back to the ACL.

    Give a man a match and he will be warm for a while, light him on fire and he will be warm for the rest of his life.

  8. #8
    AO übergeek phishphreek's Avatar
    Join Date
    Jan 2002
    Posts
    4,324
    actually admin doesn't have to take ownership of the folders in question. They already have an implied ownership so don't need explicit ownership... at least in 2000 it's that way. I haven't messed around with XP too much so I don't know if it's the same way or not.
    Thats the way it is on the XP Pro boxes I've worked on.

  9. #9
    Senior Member Maestr0's Avatar
    Join Date
    May 2003
    Posts
    604
    Hmmm, sorry to misinform, I had thought default was other way around. I am sure however it can be changed in policy settings.

    -Maestr0
    \"If computers are to become smart enough to design their own successors, initiating a process that will lead to God-like omniscience after a number of ever swifter passages from one generation of computers to the next, someone is going to have to write the software that gets the process going, and humans have given absolutely no evidence of being able to write such software.\" -Jaron Lanier

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •