PC Pals Forum
Technical Help & Discussion => General Tech Discussion, News & Q&A => Topic started by: Reno on October 16, 2003, 06:12
-
I saw a post by a member asking about how best to protect a windows box from being used or tampered with while the owner was away. I red the post and thought the question shouldn't be how to protect but instead how to break into. In creating this topic i think it would enlighten everyone to the various ways in which a pc could broken into and way to prevent it.
to start this off, and not look like im pumping people for information for diabolical purposes i found a way to get around xp passwords about a year ago. Just restart the machine and press F8 when the diagnostic options are presented go into safe mode. if the installer of the os was lazy (like most) and didn't put a admin password enter the admin account and setup your own user accout. In safe mode you can access any and all of the other accounts making your attempt successful.
I haven't found a way to lock a windows machine from someone slaving it. But i have run into software that works with the bios. If the drive is put into another machine or it is made as a slave on its default box it has to have a password to access. It was a churches machine and the drive was going bad. i ghosted it and stuck the new drive in place. It did interest me though.
-
In windows xp, you can load up in NORMAL mode, press CTRL-ALT-DEL twice at the logon screen, and that will allow you to type in the "Administrator" name, with no password to access normally.
XP, being based on NT technology is quite secure - you can lock folders etc etc... which cannot be done on a 98 machine of course.
I have a special piece of software (Linux based) that boots from CD. It checks NT based security, and will check the SAM for passwords etc. The software will then let you clear individual passwords, or ever create a different password.
The only problem is, if you CLEAR, it also clears any stored internet/msn username and passwords.
There is no way to prevent this boot disk from gaining access to the SAM, unless you lock the pc box where no one can get physical access.
-
Just a word of caution as this thread progresses - please bear in mind we cannot discuss hacking on this forum.
Thanks folks! :)
-
That kinda ticks me off. I think education on these security flaws is the best way to be aware and prevention. Unless you want something like what we've said happen to you.
When i was in high school someone used the method i mentioned to break into my pc. It took me two weeks to figure out how he did it. I finally had to format the machine and put in a new admin password because they had locked me out of my own pc. Its crap like this people should be aware of, so the same situation doesn't repeat itself.
http://home.planet.nl/~faase009/Ha_hacker.html
If you read this you'll notice we are technical crackers. Even though im doing this to expose flaws that would potentially give me and others problems it is still cracking. Guess your right, maybe we should delete this topic for the safty of everyone. ;)
-
I'm sure that everyone realises that we have to err on the side of caution and that very mention of the word "hack" gives our hosts palpitations. The members of the forum fully appreciate where you are coming from Bob and greatly appreciate your input. Just be careful with the "H" word so that we can all sleep soundly in our beds at night. :lol:
-
Is this not the same as....
Go
START->RUN and type control userpasswords2
-
I'm with you Bob on this one [just to put the cat amongst the pigeons] ::)
Education is better than falling victim due to lack of it. For instance, it would be like rollocking those who expose ways of circumnavigating so called airport security, which would enable weapons/potential weapons to be smuggled aboard aircraft.
It is only the public boycotting products due to their exposed security flaws that pressures providers of such products to up their game.
-
I fully understand where Bob is coming from. All I'm asking is please don't let this thread turn into a discussion about ways to hack Windows. I wasn't 'rollocking' anyone, but we have to be aware of our hosts rules. Sorry if I didn't make myself clear.
-
i agree there should be no talk of hacking on this thread to protect the safty of PC Pals Forum. I guess we got this off on the wrong foot. Anyone know anyother cracks for windows that we should be aware of.
I have a special piece of software (Linux based) that boots from CD. It checks NT based security, and will check the SAM for passwords etc. The software will then let you clear individual passwords, or ever create a different password.
I knew linux had bootable software for diagnostic purposes but i didn't know it had security checker for NTFS. ???
-
Simon...Bro ;)
I didn't mean to infer or imply [ not sure which one I should be using] that you were "rollicking" Bob.
I mean would I ::) ;)
-
alright everyone, don't bust a nut all over your monitors. :-* I wasn't being rollicked, so don't worry. It was a simple misunderstanding thats been cleared up. :D
-
Don't worry Bob, me and Simon wont bust our nuts, we just wind each other up now and again, it's a sign of endearment you see. :)
-
In windows xp, you can load up in NORMAL mode, press CTRL-ALT-DEL twice at the logon screen, and that will allow you to type in the "Administrator" name, with no password to access normally.
Not with W2K Pro you carn't ;D
-
Tony, did I tell you I installed W2K Pro on one of these new builds? Well, it all went tits up when I tried to get the updates, It wouldn't let me install Norton AV or Firewall without getting the patches first and I kept getting infected with the Welchia worm, before I could get the patch! Catch 22, you might say. ;)
Anyway, eventually the hamster woke up in the wheel, and I got the patch onto a floppy using my own machine, installed it on the W2K machine, and then managed to get SP4, and all the other updates, however, each time I booted up, I was getting a 'program error' box. Just the box, with a red X in it, but no message to say what was wrong! Pretty useful, huh?
It was time to kill or cure, and as I didn't know what to cure, W2K Pro went to an early grave, and XP was installed with no problems.
-
Funny that Simon,
I've never been infected with a virus, when I have installed new or reformated and installed many many times with W2K Pro.
I always do install, then put all the security progs on first, Zone Alarm being the first. Then I go nowhere but MS update. First thing I then do is SP4, then all other patches. Then Norton updates, and only then do I, go else where on the Web, or set up email accounts, or install any programs.
You must be working in an unsterile enviroment. ::)
-
That exactly what I did do, Tony. Getting the updates first, I mean. I think it may have been because I was trying to install Norton 2003. Maybe if I had put an earlier version on at first, then updated it later, it would have been OK. Literally, I must have only been online a few minutes, before the Welchia thing struck. Maybe having a static IP doesn't help in these situations? Anyway, the problem is now solved, as I have the Blaster / Welchia patch on a Floppy Disc, so with this latest build, I installed it before going online, and everything was OK. It does show, however, how quickly this thing can infect a PC. I wonder how many people have it without even realising?
-
Not with W2K Pro you carn't ;D
Um, W2K has the login box anyway, just type in your user/pass.
On XP you have the little pictures, with your usernames, so the only way to type in Administrator is through the login box.
Or have I missed something from your post?
-
I knew linux had bootable software for diagnostic purposes but i didn't know it had security checker for NTFS. ???
Yes, very handy tool. I cannot remember where I downloaded it from originally (it is freeware I think, search google for LINUX boot disk SAM password or something).
-
I've used that one myself K, on PCs that people have forgotten the Admin password for.
It seems to work well. The latest version works with NT, Win2K and XP (as long as it's on an NTFS partition).
To allay your fears about hacking tools Simon. This one is not much use for hacking as you have to have physical access to the PC to make it work. It is however a very useful tool for PC Technicians ;) :)
-
Not with W2K Pro you carn't ;D
Um, W2K has the login box anyway, just type in your user/pass.
On XP you have the little pictures, with your usernames, so the only way to type in Administrator is through the login box.
Or have I missed something from your post?
K, I must have miss read this remark from you.
>In windows xp, you can load up in NORMAL mode, press CTRL-ALT-DEL twice at the logon screen, and that will allow you to type in the "Administrator" name, with no password to access normally.<
you obviously don?t mean what I read it to mean.
-
That exactly what I did do, Tony. Getting the updates first, I mean. I think it may have been because I was trying to install Norton 2003. Maybe if I had put an earlier version on at first, then updated it later, it would have been OK. Literally, I must have only been online a few minutes, before the Welchia thing struck. Maybe having a static IP doesn't help in these situations? Anyway, the problem is now solved, as I have the Blaster / Welchia patch on a Floppy Disc, so with this latest build, I installed it before going online, and everything was OK. It does show, however, how quickly this thing can infect a PC. I wonder how many people have it without even realising?
Yes I think you have to download at least W2K SP2 or later before you can install Norton 2003
-
>In windows xp, you can load up in NORMAL mode, press CTRL-ALT-DEL twice at the logon screen, and that will allow you to type in the "Administrator" name, with no password to access normally.<
sorry, I'll clarify - hope this clears up my original post:
In windows xp, you can load up in NORMAL mode (as opposed to SAFE mode), which will display your log in pictures* press CTRL-ALT-DEL twice at this logon screen, which will display the normal logon box, and that will allow you to type in the "Administrator" name, with no password to access normally (if the admin account has no pass).
*if you have only one account with no pass, it will automatically log in to windows. Simply log off first I think then follow procedure from the *
-
Ah yes that does clear it up >(if the admin account has no pass)<
:)
-
That is a genuinely useful bit of of advice K - :thanks:
I often need to log in as administrator on some badly configured ( :not: ) PCs at work and usually have to resort to Safe Mode to get at the Administrator account.
Giving the two-fingered salute twice is a damn sight easier to use :D 8)
-
I have a friend that used the accout option in win98 and he is firm on the fact that its more secure than xp's. I never found a way of getting into his machine so i think he might have had a point.
-
Apart from clicking cancel on the login screen? Booting from a floppy disc (and deleting the password files)? Going into safe mode? etc.
;)
-
Sorry Bobscrachy XP beats 98 hands down on security.
As Dack says, it is easy peazy to get into a 98 machine without the password. The only thing that makes it slightly more difficult is if it authenticates on a network. Even then, it is possible to reveal the password by decoding the .pwl file.
XP has security built-in not tagged on as an after thought.
-
This is for Windows NT in the case you need full admin access to a pc youve been locked out of.
If you can log in as an account , drop to DOS start -> run -> cmd, at the C: prompt type the following (assuming default install
locations)
C:\> cd \winnt\system32
C:\winnt\system32> copy logon.scr logon.scr.old
C:\winnt\system32> del logon.scr
C:\winnt\system32> copy cmd.exe logon.scr
Now log off the machine, logon.scr is the screen saver that will kick in after 15 minutes of not touching the keyboard/mouse at the
logon screen. Wait 15-20 minutes and a DOS prompt with FULL SYSTEM rights will pop up, then just to
C:\> net user administrator <newpassword>
and then log in with the new account.
Try this, might work, as long as he didn't change default permissions on C:\winnt and C:\winnt\system32 you should be golden.
-
another xp security hole ;) sorry adept xp isn't as secure as some think, there are ways of bypassing win9x logins.
Watch out for people putting cds into your machine on bootup, its never a good thing.
Now, you can log-on winxp, without even having any account, any passwords . Read carefully:
Its very easy to bypass the windows XP Admin logon window. When u started your computer , u got a message something like that:
Admin or (whatever u make a account!!!)
Password: ..... blah blah
some people think that its impossible to break through this, but through my
article u can make it easy to break this cripy .
In order to break the Windows XP admin logon , you simply boot yr computer through Windows XP CD and boot up a windows XP box and start windows XP recovery Console, its a troubleshooting program.
BINGO!
Windows XP then allows us to operate victim's computer as an Administrator without a admin password, even if the Administrator account has a strong password.
You can also operate other user accounts that may be present on, even if those accounts have passwords.
Finally u can do anything u want on the victim's computer, copy/delete the files whatever u want .