Moving inside the box:
There are 2 security holes I found in Windows XP sp-2:
1) REPAIRING: When repairing the Windows XP, if we press Ctrl+F10 then the DOS prompt is popped up and you have the access (not administrator privilege) to the box.
2) RECOVERY CONSOLE: I’ve used a lot of third party software to protect my system but the best way I found was to physically block access to my PC…
I started googling around for getting administrator access to XP box without a third party program but it turned out to be either very time consuming or not working for sp-2 and so I started looking for the answer on my own, when I ended up with a Windows 2000 boot-able cd from a friend.
The game:
Most of you might have used the recovery console of Windows XP which asks the Administrators Password before letting you use itself, but what if we boot a XP sp-2 machine with Windows 2000 cd and start the recovery console present in it???
VOLA!!!! THE PASSWORD IS NOT REQUIRED
This is the most irritating fact the the machine with with XP’s latest service pack can easily be fooled.
The Steps:
a) Restart the system and pop in Windows 2000 bootable CD. (Check if the CD\DVD drive is set to primary boot over HDD in the bios system)
b) On the blue screen press R or F10 (f 9 worked fine on my lappy…) and the Press C to enter the recovery console.
c) Select the XP parathion from the menu and that’s it!
The access and stuff possible:
a) File and Folder: The XP recovery console does not allows even the Administrator to access all the drives but when using Windows 2000 recovery console the access is made easy and to all the drives.
b) Copying: The XP recovery console does not allows coping of files and folders to a removal media (only floppy at this instance) but by editing the registry it is possible but when using Windows 2000 recovery console, coping files and folders is not a big task, its simple and no “Access Denied” error is given. This feature also allows you to make new file and folder and change its attribute also.
c) The Net User: The XP recovery console does not provides the “net user username password” command but when using Windows 2000 recovery console this command worked successful for me on a friends FAT-32 XP partition
Conclusion:
I tested this security hole (recovery console) on my Laptop provide by the company for office work which has a lot of security features but in that case also I could get access to 60% of the resource and even had the power to format a parathion.
The method i described above is using Windows 2000 recovery console but using any Linux Distro will also allow you to have access to a lot of Resources. I would recommend Geexbox Distro for the same purpose.
After this finding of mine I strongly conclude that Windows XP is not a very secure operating system.
No comments:
Post a Comment
C & C are welcome.