Hi all,
My freinds dad supposedly has a password that overrides any password in windows xp. Have any of you heard, or know what this password is.
THanx
Backtrails
Printable View
Hi all,
My freinds dad supposedly has a password that overrides any password in windows xp. Have any of you heard, or know what this password is.
THanx
Backtrails
What kind of Win XP password are you referring to?
User account password?
Sounds like an urban legend to me. He can have an administrator account. Using that he can always login (even when it's locked by someone else) and/or change any account's password.Quote:
Originally posted here by backtrails
Hi all,
My freinds dad supposedly has a password that overrides any password in windows xp. Have any of you heard, or know what this password is.
I never have heard of anything like this. What would be the point of security if this was true? The password would get leaked and then MS would not have any password security. MS cannot even keep their product keys secret. He is probably just BS'ing you or he is talking about having the admin account on his machine.
I never have heard of anything like this. I agree with CXGJarrod " The password might get leaked"
XP's what, two, three years old now? If a secret master-password really existed, it would've leaked long ago and we'd all know it by now.
Not that a master-password is really all that incredibly necessary. "Windows Security" is kind of an oxymoron.
Hmmm, i agree what you have said so far, that there is no such thing.....but what if there was a global password :p
Im not trying to say there is, but just what if? On one hand, its not that impossible. Many products have global/manufactures passwords. Just something to get some replies outta you folks.
Cheers.
What would it be? Bill Gates' master password to all Windows boxes? My vote goes for "ResistanceIsFutile."
I don't necessarily think it would be a password so much as a well hidden backdoor, because passwords can be cracked eventually. The more things MS crams into Windows, the less I trust it. With all the possible theories and talk flying about concerning Palladium (is it still even being called that?) I am very hesitant to continue using windows in any capacity other than for videogames.
Global Password: MyLittlePony
I'm sure that your friend's dad is refering to an admin account on his machine, or even the family network, if he's the kind who would set up a family domain. This would allow him to look at everyone's computers on the default c$ shares.
Ha! How about "ItIsAllMine"Quote:
Originally posted here by RunningDuck
What would it be? Bill Gates' master password to all Windows boxes? My vote goes for "ResistanceIsFutile."
Director
AllYourBaseAreBelongToUs
Geez. Obviously you guys didn't get the memo... ;)
I would tell your friend to try on start up keep pressing the F8 key repedidly till u get a
screen that asks what you want to start Win Xp in. Start xp in safe mode and the visuals
will look shitty but it works. ON login screen click on Administrator and u should get in without
a password. Then go to control panel and then users and change the password to any
account you want. Then after you have changed the password go to start shutdown and
restart your computer and let it start up normally. then when the login screen comes up
type in the password that you changed it too. If this doesnot work i dont know what to
tell you.
Well have fun and i hope this works
Your friendly neighborhood Advice man
Yep, very true, many routers and other network devices come with preconfiged default passwords but also sort of manufacturers backdoors with manufactures passwords. I worked in tech support and yes many systems do have passwords for the technicians, also many firms use a sort of logic behind their passwords, to make it easy to admin their hundreds of servers and network equipment specially when passwords change every month.Quote:
Originally posted here by instronics
Hmmm, i agree what you have said so far, that there is no such thing.....but what if there was a global password :p
Im not trying to say there is, but just what if? On one hand, its not that impossible. Many products have global/manufactures passwords. Just something to get some replies outta you folks.
Cheers.
Sounds like your friend's dad is pulling your leg. If there was a universal password for XP, I'm sure everyone would know about it by now. How ever, if he's talking about the secret NSA Key that I've heard about, I'm all ears.
PuRe
Ok...initially I was skeptical about this, but upon further reflection I HAVE seen several XP machines that by their actions support this "password" theory. In several instances (even my own box when I had XP on dial-up) I have seen an UNKNOWN password appear in newly created dial-up connections. It is NOT the admin password because in each case the mystery password had too many characters to be the admin password. Are there any of our esteemed members out there who can shed any light on this phenomena??
Well I will say this - if there is a "Global Password" it would have to exist outside of the normal user/password database.
I have cracked a number of Windows SAM files as part of a security audit. I am pretty sure I've even done this on an XP system - though only with systems that are backwards compatible to the old-style Domain scheme.
In any event if you run through the SAM file, each user is in there and each password is in there. So if this Global password were to exist it would have to exist outside this system.
I frankly don't see how something like this could exist undiscovered for very long. There are too many people prying at the code, plus a host of developers and people integrating with the MS source code. Not to mention that even the government of China has now had an opportunity to go through the source code... It's like the aliens at Roswell - if it was real someone would have spilled it by now.
allenb1963 :
In your case, XP by default shows any password as all *'s, even if it is blank. Take for example the Administrator password. If you leave it blank for the initial install, then go in later to create one, there will be ********* in the password field, even though your current password is blank. This is just a security measure preventing people from finding out the length of the currently set password in order to crack it more effectivly.
OH yea, and the secret password is:
Password (case sensitive)
lmao
OK cross....now tell me how to get rid of the damned thing....I've tried every method I can find and so far the mystery password is still there. Yeah, I've cleared the "save password" box, entered the correct password and connected, only to find the mystery password intact upon the next connection attempt.
Given your above statement is correct, once you replace this "mystery" password it should be gone for good.....if you've saved the correct password there would be no further need for this "feature"...yet still it remains...
Well, I am glad you gave him this advice... Since this only works if there is no password assigned to the Administrator account. It the network administrator is worth ANYTHING, the first thing he would have done is change the default password... So to be honest...unless you have no concept of security this trick will not workQuote:
Originally posted here by TwistedSnyper
I would tell your friend to try on start up keep pressing the F8 key repedidly till u get a
screen that asks what you want to start Win Xp in. Start xp in safe mode and the visuals
will look shitty but it works. ON login screen click on Administrator and u should get in without
a password. Then go to control panel and then users and change the password to any
account you want. Then after you have changed the password go to start shutdown and
restart your computer and let it start up normally. then when the login screen comes up
type in the password that you changed it too. If this doesnot work i dont know what to
tell you.
Well have fun and i hope this works
Your friendly neighborhood Advice man
Of course you might want to check out L0pht LC3....
This is not the case. The password mask is always put in place whether there is a password or not for security reason. As stated it is put in place to at the very least protect the length of the password even if there isn't a password.Quote:
Originally posted here by allenb1963
OK cross....now tell me how to get rid of the damned thing....I've tried every method I can find and so far the mystery password is still there. Yeah, I've cleared the "save password" box, entered the correct password and connected, only to find the mystery password intact upon the next connection attempt.
Given your above statement is correct, once you replace this "mystery" password it should be gone for good.....if you've saved the correct password there would be no further need for this "feature"...yet still it remains...
When you brute force a password. Every additional character exponentially increase the possible passwords that can be used. Hence if you mask the length of the password any brute force would have to force the entire password field (and in W2K/XP I think it is something outrageous like 256 characters rather the then 12 or 13 for WNT4) Anyway. If you have an issue with a mystery password I would lean to thinking it is an local installation issue rather then an OS issue. Basically something in the configuration of that system has changed how it is either masking passwords or is displaying something that wouldn't normally happen with a "clean" installation of the OS.
Hopefully this helps.
Paldie; MCSE CCNA CCAI CCA CSSA LMNOP...
I couldn't help thinking of this funny story:
http://www.catb.org/~esr/jargon/html...back-door.htmlQuote:
Historically, back doors have often lurked in systems longer than anyone expected or planned, and a few have become widely known. Ken Thompson's 1983 Turing Award lecture to the ACM admitted the existence of a back door in early Unix versions that may have qualified as the most fiendishly clever security hack of all time. In this scheme, the C compiler contained code that would recognize when the `login' command was being recompiled and insert some code recognizing a password chosen by Thompson, giving him entry to the system whether or not an account had been created for him.
Normally such a back door could be removed by removing it from the source code for the compiler and recompiling the compiler. But to recompile the compiler, you have to use the compiler -- so Thompson also arranged that the compiler would recognize when it was compiling a version of itself, and insert into the recompiled compiler the code to insert into the recompiled `login' the code to allow Thompson entry -- and, of course, the code to recognize itself and do the whole thing again the next time around! And having done this once, he was then able to recompile the compiler from the original sources; the hack perpetuated itself invisibly, leaving the back door in place and active but with no trace in the sources.
The Turing lecture that suggested this truly moby hack was later published as "Reflections on Trusting Trust", "Communications of the ACM 27", 8 (August 1984), pp. 761-763 (text available at http://www.acm.org/classics/). Ken Thompson has since confirmed that this hack was implemented and that the Trojan Horse code did appear in the login binary of a Unix Support group machine. Ken says the crocked compiler was never distributed. Your editor has heard two separate reports that suggest that the crocked login did make it out of Bell Labs, notably to BBN, and that it enabled at least one late-night login across the network by someone using the login name `kt'.
:cool:
Just wanted to say that runningduck, you have made my night. On the "ResistanceIsFutile" note, I think I am going to bed. Thanks for the laugh.
hjack
i think you have to search for windows2000 global password.... if there is one..... you can search for windowsXP .........
The only way to do this as far as i know is use a NTFS driver one is available which has a Distro of Linux on it and it enables the user to edit the registry and also change passwords for user accounts.
Other then that there is really no other way.
NTFS is supposed to be a secure enviroment but nothing is too secure.
A driver with a distro of Linux on it? What? AFAIK drivers cannot contain operating systems. I think you had that backwards.
What you could do is boot linux from a floppy (like the offline password and registry editor which contains NFTS drivers) which has a script, and enables you to go in and look at all acounts on the machine and change the passwords of any of the accounts.
there is a universal password (for the default administrator acct.), and it is < > until you change it, which you won't do unless you happen to boot into safe mode - which a large % of windows users have never even heard of...
to finish that last thought - the account is not accessible, nor is it even visible unless one is in safe mode... |:-]
Yes it is the offline ntfs pw prog but i do think you will find this is a linux distro and also contains what is commonly known as a NTFS Driver
It wouldn't supreise me too much if the backoor was there...the hard part is finding it and useing it...rember Quake had a backdoor built into it (when we found out about that it explaned why people kept breaking into our firewall box as it had linux quake server runing :rolleyes: ) and so did sendmail and ftpd for a while (I wonder if the MS impalmantation of FTP still has it :) )
I have never heard of such a thing and i really doubt that it exists, like somebody said earlier, we would have had it already if it did exist, so my vote goes for not true.
THE-OMEN, Right. In your first post you said NTFS drver with a distro of Linux on it. You were right the second time. It is a distro of Linux with a NTFS driver on it. My point was drivers cannot contain OS's, should be the other way around. (and your right, in my haste I typed NFTS, a typo). We're talking about the same thing, but in your fisrt post it wasn't clear.
Meloncholy oops my mistake gotta start proofreading what i write. =0)
Check out this thread :-
http://www.antionline.com/showthread...hreadid=242541
I personally don't believe it but however I always believe that there is ALWAYS a back door
Never heard of a universal password, good thing too. If only to restate, he is probably referring to the administrator password.
http://www.wininformant.com/Articles...rticleID=38072
This article seems to fit in perfectly with this topic
If this is true ms could be in a lot of trouble.Quote:
Windows XP Wide Open Using Windows 2000 CD-ROM
hahaha!
if you want pass window login in password screen all you have to do is go in to dos mode a and delete password file and then you can type any password you want a it will take it and the person you hack will not ever know
you could also rename the .pwl files to something like .xyz or .zzz and it will not only accept anything you enter, it will make that the new password.
um... the *.pwl files are only with 95/98 and 2000 and xp have changed.
also that would be pointless as you dont need a password for 95/98 you just press escape or enter and it will allow you access regardless.
nothing about works for 2000+
I know the universal winxp password, it is in code to keep the lamers from finding out : C.H. pxot zpv mjlf b xipsf , as a hint for the cryptically challenged the first two letters are B.G.