You can bypass Windows XP passwords by using a W2k boot disc!

M$ tried to make XP the securest version of Windows OS. This hole in the security are the norm not the exception! Since the flaw was found, why not use it for something.

So if you are the proud owner of a w2k CD or have access to one, just pop it into the CD rom and boot the computer. Now you can go into the W2k recovery console. If you use a W2K CD on a W2K computer you need a password to start the recovery console, no such thing in XP. In recovery console you can now access all files on the computer you can copy and paste them to a disk or or other removeable media - memory stick anyone!

So with unrestricted access to the computer it does not matter if you password protected the forlders any file by any owner can be accessed. This now opens the door for that same person to install programs. They can setup a backdoor program and grant themsef full access or what if a nice keystroke logger was installed. Next time they have access to the computer they can retrieve that data and get passwords you used.

On a XP pro you can at least protect your files with EFS (encrypted file system) if you have installed XPP with NTFS. With XP Home you are out of luck, EFS are not enabled with the home version.

If you are usig a computer in a place like a college campus, at work, for travel or at home with multiple users you can turn on 1 protection. (this works for desktops and laptops alike)

Turn on the BIOS Password with a BIOS password in place the CD can not bypass and boot your computer. So until M$ releases a patch for this flaw, turn on BIOS password and make sure it's not the same as your regular password and store it in a secure place.

Nils

I wonder if Microsoft can actually release a Patch for this one.

I assume that the Boot disk does not interfere with the boot files already stored on the system. It loads up in memory seperately and accesses the drive and there is absolutely nothing between its path to stop it and ask for authorisation. And may be because of this, the other security systems except EFS failed. So until and unless those files are not encrypted, developing a patch for the above flaw is difficult.

The patch that will be released will have to protect the files compltely just like EFS. So instead of developing a new system altogether for encryption, microsoft might go with the EFS thing. So in the next patch, microsoft may decide to enable EFS for WinXP home edition which is again going to cost microsoft a lot.

Well this is only a thought..

You are right, if you pop a XP disk in the recovery console it asks for the Administrator password. Pop the W2k disk in and you start the W2k recovery console and bypass the whole XP system including passwords on files and folders.

The solution are a patch that chagnes the permission for boot disks, xp works in XP. w2k works in w2k both are password protected. There should be an easy task to add code for the xp os to prompt for a password when w2k is in the cd drive. The technology is already there to prompt for a pwd it's already working for xp.

Nils

just wondering NilsC, you want to be good network admin?

Do you mean here or in real life? because that's what I do for a living...

Nils

aah.. I am confused. I dont think there are any files in HDD which grant access to these CD's.. If there is, the patch is possible. But if the files on the HDD make no diffrence for the Bootdisk. The bootdisk can work its way out to the data and open the way for people to access it.

AS for windows XP, The bootdisks purposely access the part of the drive and check if the system is accessible, and if it is, it is designed to ask for authorisation.

Do I got a point here ?

I think you just said the solution, "if the system is accessible" xp does it for xp w2k does it for w2k. I have not tried the other way around.. I have a w2k server that is scheduled for a restart this weekend. I'll try to put the xp recovery disk in it to see if it bypasses the password sequence.

what is it looking at to deem it accessible? a registry key? add one for w2k. Does it check bios? I have to read up on that. I have the resource kit documentation for xp pro so maybe I can find something there.

As for a point... off course you can have a point....

Nils

Ehm dude? I don't see the flaw? If i want to get on a NTFS partition I boot Knoppix with NTFS support, it even boots from floppy. If you have physical access to the computer and the data is NOT encrypted, chances are that 99 out of 100 times you can at least READ the data. Booting another OS would do, or the w2k boot disc.

Anyways, this so called 'exploit' was found quite a while ago.

http://www.ms-bs.com/modules.php?name=News...article&sid=542

I know the exploit is not a new one. I have bios password on all the xp computers at work due to this exploit.

Thanks for the link to one of the articles.

For an OS that are supposed to be security oriented I consider this a flaw. My place of work are considering removing all the cd / dvd players in user pc's and the 3.5" disks are gone in most og them also.
For a home school environment it may not be a flaw, for work it's a flaw. I can hang out after hours and hack someone elses computer ! (Wait! I can do that I"m the admin... ) As for security flaws, I hate all the messenger programs that are in use.. .

Nils

protect your server?

use your bios settings;
1. set to ONLY boot from your hd;
2. set passwords for your bios.

get that? now nobody can boot your system using other boot disk/cd. it cannot be breached. the only people that can override that are the one who have physical access to the servers and able to reset the CMOS jumpers.