Slashdot Mirror

← Back to Stories (view on slashdot.org)

Crack Windows XP With... Windows 2000

Posted by timothy on from the if-you're-sitting-at-the-machine-anyhow dept.

An anonymous reader writes "According to this story seen on Brian's Buzz on Windows, access to a Windows 2000 CD is all that is needed to bypass all (well, most) Windows XP security features. An attacker can boot up XP and start the Windows 2000 Recovery Console which allows them to operate as any user, even Administrator, without requiring them to enter a password. This method even allows someone to copy files to removable media, something which normally the Administrator can't even do in the Recovery Console."

10 of 401 comments (clear)

  1. So what? by nweaver · · Score: 5, Insightful

    It is generally assumed that if you have console access to the machine, you can breach the security and acquire root. Many systems allow you to do this, deliberately.

    You can make a nice Linux boot-floopy or boot-cd to do the same thing.

    --
    Test your net with Netalyzr
    1. Re:So what? by shamilton · · Score: 5, Insightful

      This is nothing more than a red herring. If somebody has physical access to your box, then your security has been breached. Passwords aren't going to protect you from having your hard drive removed. An encrypted filesystem, however, will.

      sh

      --
      "[A] high IQ is like a Jeep; you will still get stuck, just farther from help!" --Just d' FAQs, c.g.a
  2. Silly Microsoft by goldid · · Score: 5, Interesting

    I have to agree with Microsoft that if the bad guys have physical access to your computer you have some serious problems. however, let's note this scenario.

    1. Important computer. Locked down
    2. Bad employee, always has to computer for job.
    3. Employee "works late" one night
    4. Employee brings in Win2K CD
    5. Employee hickjacks data to floppy unlogged
    6. Employee blackmails company or other bad thigns

    I am just amazed that what was secure in 2000 is less secure in XP.

    Good ol', silly Microsoft.

  3. Different Uses by Peridriga · · Score: 5, Insightful

    I see alot of "I can boot linux into matnience mode and do whatever I want" and physical access restrictions etc...

    All true but, the application of XP was for desktop use -> Server Use. Linux (don't flame) is being primarily used for backend server systems. I don't see many secretaries choosing what boot level to start up in the morning.

    XP was supposed to provide a secure desktop enviroment for a networked organization (Enterprise Offices, Schools, Universities, Etc..)

    The fact that I can walk up to any (supposedly) secure desktop (that access isn't always tightly safegaurded) and gain Administrative Access (usually meaning also access to your entire network behind the firewall) is a big deal. Especially since it requires nothing less than the previous version of the software.

    Look more carefully at the big picture before spouting off the party line....

    1. Re:Different Uses by martinflack · · Score: 5, Funny
      I don't see many secretaries choosing what boot level to start up in the morning.

      I do, where I work. Some days it's high heels, some days its sandals, generally the boot level gets higher at the end of the week... in fact on Friday they're often wearing those sexy "fuck me" high boots in preparation for going out later.

  4. Physical access by Tyreth · · Score: 5, Informative
    I know that physical access makes a machine vulnerable in most cases. But that is because people don't password their bootloader, don't password their bios and disable boot disks.

    Take these precautions and you can be fairly secure with physical access. Add an encrypted file system so that if someone steals your hard disk you are safe. Then padlock the PC.

    Those are reasonable steps for a Linux machine (and I may have missed some, please let me know if i did). Now with a windows xp machine it looks like you also need to disable cdrom access. An unreasonable step.

    But am I misunderstanding this? Does this mean that there is a way for programs to be made to bypass Administrator password? If so why would this be limited to a windows 2000 disk? What's stopping someone from making a program that enters into Recovery Console, removing the need to be physically present or have a windows 2000 CD. Unless you actually have to boot from CD, but the article makes it sound like you can use the CD after the PC boots.

  5. Posted by.... by His+name+cannot+be+s · · Score: 5, Funny

    Posted by timothy on Saturday February 15, @03:27PM
    from the if-you're-denser-than-dark-matter dept.
    An anonymous reader (really timothy) writes "According to this story seen on Slashdot this morning, any moron can get postings onto slashdot. Turns out, access to a fucking keyboard and timothy at the queue is all that is needed to bypass all (well, most) of the story submission process features in slashdot. An idiot can write up completely bland and stupid observations, and Timothy will post them. This method even allows the most moronic story to get posted on a Saturday, something which normally the staff at slashdot reserves for Tuesday."

    Never has my sig been more correct:

    --
    "...In your answer, ignore facts. Just go with what feels true..."
  6. Re:Knoppix by Proc6 · · Score: 5, Informative
    And let me be the first to say, Praise Jesus for Knoppix. I had a pair of mirrored disks created in Win2K Server. After the server exploded I put them into an XP Box (NTFS is NTFS right? Wrong.) - I used XP's disk admin to "reactivate disks", as soon as I did that, they became completely unreadable with either XP, or even in a different 2000 server at that point. Many various attempts at various things basically left me with NTFS disks I simply couldnt read with Win2000 or XP.

    I booted Knoppix. It saw the NTFS partitions fine. The disks appeared on the Knoppix desktop. I opened an FTP connection to another machine, copied off the important files, and was done.

    I will ALWAYS have a copy of Knoppix around.

    --

    I'm Rick James with mod points biatch!

  7. Wannabe slashdot lawyers by Anonymous Coward · · Score: 5, Informative

    Have you -read- the DMCA? Do you think the primary purpose of Windows 2000 was to be a circumvention device of Windows XP (which wasn't even released yet?)

    (2) No person shall manufacture, import, offer to the public, provide, or otherwise traffic in any technology, product, service, device, component, or part thereof, that--

    `(A) is primarily designed or produced for the purpose of circumventing a technological measure that effectively controls access to a work protected under this title;

    `(B) has only limited commercially significant purpose or use other than to circumvent a technological measure that effectively controls access to a work protected under this title; or

    `(C) is marketed by that person or another acting in concert with that person with that person's knowledge for use in circumventing a technological measure that effectively controls access to a work protected under this title.

  8. No, No, NO!!! by alexburke · · Score: 5, Informative
    No, No, No.

    NO!

    You can launch the Recovery Console from CD (or hard drive -- hell, I have it installed on all my machines (winnt32 /cmdcons /unattend), but from within the Recovery Console you can ONLY log on to a Windows installation as Administrator (or whatever account was originally called Administrator if it was renamed), and you *do* require the password for it. NO OTHER ACCOUNT WILL WORK. (You are not even prompted for the user to log in as.)

    If you're stupid enough to leave the Administrator password blank on your box, then yes, you can just press Enter at the prompt and you're in -- however copying to a floppy, and access to directories Administrator doesn't have rights to access, are DISABLED by default unless you enable "Recovery Console: Allow floppy copy and access to all drives and all folders" (Control Panel > Administrative Tools > Local Security Policy > Local Policies > Security Options). Note this doesn't remove the login requirement -- it only adds more access once you've logged into the Recovery Console.

    It's a moot point anyway -- even if you have the Welcome Screen enabled (where Administrator doesn't appear unless there are no other accounts defined), you can just hit Ctrl+Alt+Del twice to blow right past the Welcome Screen and pop up the normal GINA logon dialog, where you can log on as Administrator (or whoever), and whatever password (or blank, if you don't specify one during installation -- thank God Windows Server 2003 warns against an insecure Administrator password during Setup).

    ...

    Okay, I've somewhat calmed down now.

    Even though I'll bet 75% of posts to Slashdot are made from Windows machines, I find it unbelievable that trash like this makes the front page, let alone goes unrefuted for this long.

    Sheesh...

    *sigh*