Home Messages Index
[Date Prev][Date Next][Thread Prev][Thread Next]
Author IndexDate IndexThread Index

Re: [News] Windows 'Administrator' - False Sense of Security

In comp.os.linux.advocacy, Johan Lindquist
<spam@xxxxxxxxxxxxxx>
 wrote
on Wed, 23 Aug 2006 09:36:01 +0200
<14dtr3-j9f.ln1@xxxxxxxxxxxxxxxxxxx>:
> So anyway, it was like, 09:01 CEST Aug 23 2006, you know? Oh, and, yeah,
> Roy Schestowitz was all like, "Dude,
>
>> How to hack windows XP admin password
>>
>> http://www.it.iitb.ac.in/~sudhir/Hacking/Win_XP_Hack.html
>>
>> That's the equivalent of letting any local user become root.
>
> In all fairness, if you used a file system without permissions on any
> unix-like system, it would be as easy to edit /etc/passwd to "hack"[1]
> that system, too.

Pedant Point:

/etc/shadow, nowadays, though it might depend on one's
PAM settings.

>
> A "limited account" does not get to write to files in system32 on a
> properly setup xp box with ntfs (nor 2000 or nt4 either, I'd guess),
> so you'd have to assume that the target is using a fat32 file system
> for his "hack" to work.

Oh yeah, there's a well-protected system.  *smirk*

>
> Then again, this /is/ the way most factory-installed workstations are
> delivered even today, it seems.

Ick.

>
> [1] ..and I use the term loosely since none of his tricks seem very
>     clever (using the /policy editor/ to turn off cd autoplay?!?)
>


-- 
#191, ewill3@xxxxxxxxxxxxx
Windows Vista.  Because it's time to refresh your hardware.  Trust us.

[Date Prev][Date Next][Thread Prev][Thread Next]
Author IndexDate IndexThread Index