WinXP recovery console... again

LOL phish,

As I'm sitting here, I'm actually testing the exploit and it sure as hell works! Well, looks like we have to block booting not only with floppys but now with CDs!

Good grab!

Phish, I have all my machines boot straight to the main HD and nothing else anyways because of speed preformance. Plus to add, I don't want anyone being able to figure out a way around my security, and I guess I've been ahead of my time for years... I knew something like this had to be possible.

And yeah, who wants to download hotfixes like that? Though I'm surprised they won't just wait and put it in another Service Pack that will only be good for screwing up your computer and giving you a reason to format. Or say they aren't going to really worry about it because Xp Second Edition will be out shortly ;-)

How daft can you get... This is NOT a bug in M$ software (for a change)

Although many people don't seem to understand it, if someone can get physical access to boot off another medium, they don't need your administrator password to do *ANYTHING* !

Even things that the lame XP recovery console doesn't let you do, you can *STILL DO* with the right tools.

It is not a bug for them to let you do this, indeed, they cannot prevent it. There is at least one Linux boot disc that will let you recover an NT/2000 administrator password (+ many commercial tools)

slarty, I believe Phish has stated that he does NOT allow booting to any other media. If the Admin account has a password, and Recovery Console will allow you to use the Admin account WITHOUT a password, this is a bug!

Cheers,
vegas

If the administrator was smart and didnt want the users to have high access they would just take the cdrom out of the boot path and put a password on the bios... also the a: out aswell stopping using programs like the linux boot disk that changes passwords (cant remember name) - also bluecon will give the user the ability to change passwords aswell if the cd is able to be booted

so really i would just take the cdrom and floppy out of the boot path and password the bios.. only the administrator needs to access it

[edit] this was already mentioned above but it is still useful info and there is some extra .. my bad [/edit]

I am not sure how some of your companies are setup but the last company I did contract work didnt have network admins at most of the sites. All the server work and maintenance was done remotely via dameware or remote desktop. if the server was shutdown, they had lights out boards. What I did notice though was that every server was provided with a key on it, locked in front and back... there was a security camera at the top to see who was playing with the thing and when....yet as I went to more sights I began to notice server rooms were left unlocked (shared as the printer room, go figure). Some servers were out in hallways.. Then to top it off many had their servers unlocked cause it was more convienent when they had to replace the backup tapes (all they had to do was replace tapes daily). The reason i go on about this is because even though boot options were set to only boot from hard drive, and permissions for bios were inherently taken from the AD settings and couldnt be changed. If someone didnt have it setup like this, there is no bios password because most ppl dont set it on a server, all you have to do is reboot change options and reboot again. now you can use whatever exploit you need to do what you want. so in short great find. something to be on the lookout for.

-if someone wants into something badly enough they will find a way into your mighty castle...(ex. The big wooden trojan horse)

a lot of people wont want into something really badly they will just accidently stumble accross things from doing stuff of which they have no idea of what they are doing.. it is impossible to secure something 100% but u can secure something from people who dont really know much.

Or they will want into something and just give up after it is too hard or they dont succeed the first time.

(This is in my experience)