XP Home backdoor...

[ViRaL1]

I'm sure this is probably already common knowledge to many but since I hadn't done a great deal of service work on XP machines until recently I just found this out about a week ago. If you have XP Home and haven't set a password on the Administrator account (which isn't normally even accessible under home), you can boot into Safe Mode and log in as Administrator with full admin privileges, including changing the default user's password if I'm not mistaken. I don't know if this is something that they've closed with SP1 or SP2, but I do know that after a clean install from the original XP Home CD, it's still accessible.

[stiltman]

1st thing you do with ALL OSs is rename the admin account and give it a strong password.

In fact, I rename all built-in accounts. I create a dumby administrator account and limit its access to everything.

BTW, just as bad is the everyone group having full access to your hard drives. Hackers dream!

[ViRaL1]

The problem is, most XP Home users don't even know the account exists since it's not even listed in the Users section.

[Shocker Milwaukee]

I'm sure this is probably already common knowledge to many but since I hadn't done a great deal of service work on XP machines until recently I just found this out about a week ago. If you have XP Home and haven't set a password on the Administrator account (which isn't normally even accessible under home), you can boot into Safe Mode and log in as Administrator with full admin privileges, including changing the default user's password if I'm not mistaken. I don't know if this is something that they've closed with SP1 or SP2, but I do know that after a clean install from the original XP Home CD, it's still accessible.

I just stumbled upon this the other day. A client of mine recently stated that he didn't want a computer my company was cleaning/restoring for him. When I hooked it up to check it out, there were four accounts, all password protected. As you stated, when I booted in Safe Mode, I was able to log in with Administrator Priveleges, allowing me to delete all accounts save one (which I left as my new account).

[offline]

The real problem is that you can image boot into any XP or
2k box and reset the Admin account with ease.
The only way to block is to remove access to all removable media or block soft/hard resets.

[ViRaL1]

Image boot? Elaborate.

[bazooka]

This was taken care of months ago, I believe.

Microsoft released several patches to keep people with a 2000 disc from accessing the admin account on an xp machine.

[offline]

This was taken care of months ago, I believe.

I was not aware of that. What about bootable NTFS readers?

[offline]

Just tried it... failed. You were right Bazooka!

[offline]

Image boot? Elaborate.

By making or copying a bootable NX image on floppy
or cdrom to boot into windoze and reset the admin password.
Most use Isolinux. There are copies avail on the
net. It will still work on non patched XP and Y2k systems.

Search for cd040818.zip

[Treebeard]

All you need is a tool called CIA commander, then you can access any PC that has a ntfs drive. it allows you to change the pwd of whichever user you want to change.

Gives a new meaning to physical security of computers.