May 8th, 2007, 10:44 AM
Winxp Multi-user cross-accessing info/pw/etc?
Yes, the topic im looking for, as i will describe, was posted here at AO. I have tried searching all keywords, but didnt find what i wanted after 30pages. if anyone knows about this, please drop some words or a link perhaps.
Lemme detail what i mean by "Winxp Multi-user cross-accessing info/pw/etc." (isnt close to the title of thread i was looking for)
so, i read in one of these discussions that multi-user computers for a public network stores current users' info/docs/cookies/logs somewhere. i have seen that you can tell who has been on at that computer (assuming that these computers auto-format each night) for that day in"C:\Documents and Settings\". their user names will be displayed with locked data. i did briefly read that one could access such data/passwords that were just recently stored on those machines, not using admin account. files created for the specific user was meant to hasten access time to that user, because it takes much longer to talk to network server everytime and would slow down the network if server kept getting spammed by old users.
what do u know about such access?
May 8th, 2007, 10:53 AM
You don't need to reformat the PC every night to know who's been on the computer. Just turn on logon/logoff auditting. If you really want to know what's happening turn on the object and file audit trails. Beware though, the logs can get pretty big pretty fast.
As for the passwords.. I believe you're looking for the cached credentials?
Experience is something you don't get until just after you need it.
May 8th, 2007, 11:21 AM
reformating was directed towards the public computers which are set to re-imaging daily. i could tell by looking in the "C:\Documents and Settings\". i guess it may not be that important, 'cept knowing who was on that day.
anyway, i guess i already knew about cache cracking with admin/system level via cachedump/cain/johntheripper. can this be done with limited access? running .exe will be prohibited.
May 8th, 2007, 11:51 AM
well, bar some bug I am unaware of files should have the correct permissions set so that users can not access each others cached files on the local PC. In fact, on our network at least it seems that the local cache is cleared out at log off, since every time I look in there there are actually no files in the folders.
If the world doesn't stop annoying me I will name my kids ";DROP DATABASE;" and get revenge.
May 8th, 2007, 03:36 PM
AFAIK...if the system is installed on an NTFS partition...then the users profiles can only be accessed by an admin of the machine.
By default.....Limited users cannot access other user info.
How people treat you is their karma- how you react is yours-Wayne Dyer
May 8th, 2007, 06:49 PM
ergo, the system is secure from limited users attempting to extract available hashes. correct?
how does one enable cache clear per login? or is this default in winxp?
May 8th, 2007, 07:16 PM
Uhm, what the hell kind of environment are you discussing, where systems get reformatted every night? That is not exactly SOP for many organizations. I can see several situations where it may be exactly the sort of security measure needed, but this is by no means default, and you really should fill us in on more detail before we can try to answer your query.
Originally Posted by e><ius
"Data is not necessarily information. Information does not necessarily lead to knowledge. And knowledge is not always sufficient to discover truth and breed wisdom." --Spaf
Anyone who is capable of getting themselves made president should on no account be allowed to do the job. --Douglas Adams (1952-2001)
"...people find it far easier to forgive others for being wrong than being right." - Albus Percival Wulfric Brian Dumbledore
May 8th, 2007, 08:06 PM
generalizing public computers as i mentioned. not offices, home, but schools, libraries, internet cafes, you name it.
is that clear?
im guessing you cant answer my questions in my post before this.
May 8th, 2007, 08:43 PM
You mean using software such as Faronics' "Deep Freeze" to restore systems to their original/standard configurations after use?
Is your concern that such a restoration will remove the records of who has used the machine?
May 8th, 2007, 09:27 PM
no, i am certain that deep freeze or simliar apps will work fine. that is off topic.
this is what im asking:
Could a hacker withdraw user/pw hashes from a system knowing that that computer has stored hashes? but the catch is here- he has a limited account in this public machine.
cant be 100% true.
Originally Posted by morganlefay
Originally Posted by me
By ThePreacher in forum Miscellaneous Security Discussions
Last Post: December 14th, 2006, 09:37 PM
By Isellcrack4FBI in forum AntiOnline's General Chit Chat
Last Post: July 4th, 2002, 03:40 PM
By E5C4P3 in forum The Security Tutorials Forum
Last Post: June 12th, 2002, 05:54 PM
By Noble Hamlet in forum AntiOnline's General Chit Chat
Last Post: March 17th, 2002, 09:38 AM
By s0nIc in forum Network Security Discussions
Last Post: February 18th, 2002, 12:53 PM