Page 1 of 3 123 LastLast
Results 1 to 10 of 23

Thread: Windows Xp Security Question

  1. #1
    Junior Member
    Join Date
    Mar 2004
    Posts
    25

    Windows Xp Security Question

    Hello, well im a newbie to Network/windows security and i would like to go into this field. I recently purchased a book by ankit fadia(i believe that was his name) and am progressing through it. Now there are two things id like to know and recieve help on if anyone would be so kind.

    To get into windows 95/98 without a pass i know that you could just hit cancel or boot into dos by hitting f8 at boot and then type "ren *.pwl *.xyz" without the quotes if im not mistaking which will rename the password files and then anything you type into the password field becomes the default pass. With windows xp this is a lot diffrent. For one i can't get into dos just by hitting f8 and i don't know if that little command works with xp. I would like some info on this and possibly the names of a few websites/books other then this one (of course im going to be here quite a while ) and how do get into xp without the pass incase i forget it one day. I know you can get ERD commander but i know that somewhere someone knows a way to do it without that program. I appreciate any help that is given and thanks in advance.

  2. #2
    Senior Member
    Join Date
    Oct 2002
    Posts
    4,055
    Well, as you might have guessed XP is MUCH different than the format that Microsoft used for 98, ME, etc. The style and formatting for each of which is different and Microsoft changed that f8 dos prompt as a security clause (forgot why tho). You should visit your local library and read up/borrow some books on Windows XP (Windows XP for Dummies, The Windows XPerience, etc) that will help your study into it and will start you off right. Hope I helped
    Space For Rent.. =]

  3. #3
    Senior Member nihil's Avatar
    Join Date
    Jul 2003
    Location
    United Kingdom: Bridlington
    Posts
    17,188
    Mexikanpmp,

    Well you are not quite correct there...............

    Windows 95, 98, 98se and ME are what I would call "stand alone desktop OSes". They do not have a true "password" in the modern sense, as they have no formal security. The original intention was to allow different users to use the same machine without getting all the stuff that other users owned/used.

    There is a "default user" and if you cancel the login/password screen this is what you get in as............you will have access to all files on the system, unless they are protected by third party security software. There is no point whatsoever in changing password lists etc. as the other person could just use the same technique?

    Windows NT4, 2K(Nt5), and XP are commercial systems basically intended for corporate network deployments. They have a "true" security system. In the case of 2K and XP they are not DOS based either, merely offering "DOS support."

    Breaking into these depends on the skill with which the security tools/options were used, and the skill of the person breaking in. There are tutorials on locking down OSes on this site, I suggest that you read them as a start.

    If you are afraid of losing or forgetting your password, I suggest that you write it down and keep it in a safe place

    Cheers

  4. #4
    Senior Member
    Join Date
    Oct 2002
    Posts
    4,055
    There is no point whatsoever in changing password lists etc. as the other person could just use the same technique?

    Exactly, which virtually make's these OS'es kinda suck. The technique can be used anyway, which mean's and which make's the Win95/98/ME password system a waste.

    If you are afraid of losing or forgetting your password, I suggest that you write it down and keep it in a safe place
    Another good point, but that goes along with any password-formulated thing (email's, IM, logging into things, etc).
    Space For Rent.. =]

  5. #5
    Macht Nicht Aus moxnix's Avatar
    Join Date
    May 2002
    Location
    Huson Mt.
    Posts
    1,752

    Re: Windows Xp Security Question

    Originally posted here by Mexikanpmp
    and how do get into xp without the pass incase i forget it one day. I know you can get ERD commander but i know that somewhere someone knows a way to do it without that program. I appreciate any help that is given and thanks in advance.
    Yes there are ways to get into a XP box, without the password, but they all require that you have physical access to the machine, and a bit of time. If you were to search the forums, you could probably find references to them.
    The best way is to do as nihl has suggested and store your passwords in a safe place.
    I use password safe (backed up in several locations) and it is only nessesary that I really remember the one password for this program. In fact, I couldn't tell you the passwords for any of my e-mail accounts, or any other online accounts, as they are stored in password safe -- and I never see them. If somehow, my admin password for my XP was lost or "I forgot it?", I would simply load a backup copy of my safe onto another system and it would give me the password. Were I to 'lose' the password for my safe, I would be in deep chit, as I don't have a clue to how to break the encryption of the safe. But every time I change it, I note it on a card that I keep locked up in a physical safe.
    Password Safe
    \"Life should NOT be a journey to the grave with the intention of arriving safely in an attractive and well preserved body, but rather to skid in sideways, Champagne in one hand - strawberries in the other, body thoroughly used up, totally worn out and screaming WOO HOO - What a Ride!\"
    Author Unknown

  6. #6
    Senior Member
    Join Date
    Mar 2004
    Posts
    139

    Back again,
    You can also create a password recovery disk for Win XP Home/Pro.
    Click 'Start', go to Control Panel, click 'User Accounts'. You will have to select a user account for which you would like to create the password recovery disk. Generally you would want to create one for the Administrator Account, but you are not limited to that. Once you have selected an account, you'll see a link under 'Related Tasks' at the top left called 'Prevent a forgotten password". Follow the instructions; you'll need a Floppy and make sure you store it in a safe place, as any one can get into the system with it. Note that you can change passwords afterwards and the recovery disk will still work, regardless.

    BTW, I also read Ankits book. It is a bit outdated in a sense, and all that code in the latter half comes across as just filler, but nevertheless, its a good read. I highly reccommend
    "MALWARE", by Ed Skoudis. It presents the 'nuts and bolts' quite a bit more in depth, and is also very current, published 2004. When reading books, make a note of when they have been published. That is not to say that older books are obsolete; I have bought a ton of them dirt cheap recently, mainly to get up to speed with the history and underpinnings of computers and their OSes. I find myself confronted daily with issues that are hard to understand unless
    I research the old stuff, such as understanding DOS, as it is invaluable when working with the Command Line Interface. Such is the lot of us newbies; we still need to develop the foundation to be effective, and I have great respect for the oldtimers.

    g8way2u

  7. #7
    Junior Member
    Join Date
    Mar 2004
    Posts
    25
    Thank you everyone for all of your replies...i know i have some reading to do before i can gain the skill to break into anything. I actually really like this field and wanted to do it as a career by hackproofing computers for money and stuff like that even though i got a long way to go.

    Bluthund: I know that Ankit's book is a lil outdated but seeing that i know nothing about windows 98 because the peak of my computer experince is with XP, i have decided i will start with 98 and then move on to perhaps NT and then 2000/xp and who knows ill probably tackle linux someday but thanks for the suggestions and ill definitly check that book out.

    Once again thanks for everyone that put in some helpfull info i really apperciate it. I'll get right on it

  8. #8
    Senior Member nihil's Avatar
    Join Date
    Jul 2003
    Location
    United Kingdom: Bridlington
    Posts
    17,188
    Hi Mexikanpmp,

    I actually really like this field and wanted to do it as a career by hackproofing computers for money and stuff like that even though i got a long way to go.
    OK I have had a few more thoughts, partly prompted by the good advice of the other posters.

    Whilst I strongly believe that security should be pre-emptive and precautionary, we have to accept that it is fundamentally defensive in nature?...............like tanks came before anti-tank guns, mines before minesweepers and aircraft before AAA (apologies to any Marines out there )

    1. Look at it from the lockdown side first, rather than exploits and intrusions.
    2. Google search for "security software" "freeware" and such combinations, and just look at what is on offer, and WHAT IT PROTECTS...........this will tell you the potential vulnerabilities.
    3. Don't forget the PHYSICAL security side (thanks moxnix) If your machine is physically vulnerable your "hackproofing" is useless...........for example, how do you hack a machine whose removable hard drives are in a safe? Look at physical keyloggers, and research "TEMPEST" and "Nonstop"............secure cabling, secure networks..... etc.
    4. Don't forget the human element.....education, training, social engineering, usage policies?

    OK, I am not suggesting that you become an expert in all these areas, but in the real world you will be a part of a team, so you need to know what the other players do? and understand the issues. "A security chain is certainly only as strong as its weakest link"

    Hope this helps

    Cheers

  9. #9
    Senior Member
    Join Date
    Oct 2003
    Posts
    157
    creat a password recovery disk & thats all
    Sometimes realitys are dreams we cannot live in.... (as my bst fren says) [/shadow]

  10. #10
    Senior Member
    Join Date
    Oct 2002
    Posts
    4,055
    I actually really like this field and wanted to do it as a career by hackproofing computers for money and stuff like that even though i got a long way to go.
    Uhh, no computer is hackproof. The only way to do that would be to unplug the computer entirely, lock it in a safe, and chip it off to sea.

    creat a password recovery disk & thats all
    Uhm, that doesn't solve all problem's and your saying it does. What if he loses the disk? lmao, it could be the same way with writing it down on a piece of paper, what if someone else get's a hold of it?
    Space For Rent.. =]

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •