Thread: login in Windows Vista without any credential
View Single Post
  #3 (permalink)  
Old 02-27-2007
Robert Firth
 

Posts: n/a
Re: login in Windows Vista without any credential
Yes pretty pointless. It allows you to access the computer again later. You
already have to have access. I propose a better secury leak. Go to control
panel, users profiles. Setup a second administrator account. Bam, you can
access the account later. Full access through that account. I have to
admit, the magnifier.exe thing is pretty sneaky though. This is only a
security threat if your live in a community environment and forget to lock
your computer.

Physical security is just as important as anything Microsoft can do. If you
leave your computer logged in for anyone to use, that is a security threat
that you created. The whole point of an administrator account is to have
access to everything. That same user that messes with the windows\system32
folder could also install a rootkit or spyware on your computer. A physical
person can easily bypass all the UAC prompts, do whatever they please. Heck,
they could plug in a USB key and copy all your private data straight to it,
or delete it.

--
/* * * * * * * * * * * * * * * * * *
* Robert Firth *
* Windows Vista x86 RTM *
* http://www.WinVistaInfo.org *
* * * * * * * * * * * * * * * * * */

<alun@texis.invalid> wrote in message
news:B34E9C22-B805-4F95-AEA7-94B15BB3A986@microsoft.com...
> "Abhishek Choudhary" <Abhishek Choudhary@discussions.microsoft.com> wrote
> in message news:84B823DA-703D-4A9A-AC36-EA623537E69F@microsoft.com...
>> There is a serious bug found in Windows Vista Ultimate, which allow the
>> user
>> to login in to Window Vista System without providing any credential. It
>> just
>> requires the attacker to access the victim system, for the first time. To
>> gain access to victim system, follow these steps.
>>
>> 1) Open System32 folder of your windows.
>> 2) Copy Cmd.exe, Magnify.exe and paste it in two different locations, for
>> safety purpose.
>> 3) Rename the cmd.exe to Magnify.exe on the backup location.
>
>
> And ... what access rights do you need to have to the system for step 4,
> which writes to the system32 directory?
>
>> 4) Copy & paste the renamed cmd.exe to system32 folder, this asks for
>> replacing the Magnify.exe, just continue with replacing.
>
> Oh, yes, that's right, it requires you have administrator access to write
> to that directory.
>
> So, if you're an administrator, you can hack the machine so that you don't
> have to log on.
>
> Brilliant.
>
> I can do that with a couple of registry entries.
>
> Alun.
> ~~~~
> --
> Texas Imperial Software | Web: http://www.wftpd.com/
> 23921 57th Ave SE | Blog: http://msmvps.com/alunj/
> Woodinville WA 98072-8661 | WFTPD, WFTPD Pro are Windows FTP servers.
> Fax/Voice +1(425)807-1787 | Try our NEW client software, WFTPD Explorer.
>
>

Reply With Quote