Microsoft Windows Vista Community Forums - Vistaheads
Recommended Download



Welcome to the Microsoft Windows Vista Community Forums - Vistaheads, YOUR Largest Resource for Windows Vista related information.

You are currently viewing our boards as a guest which gives you limited access to view most discussions and access our other features. By joining our free community you will have access to post topics, communicate privately with other members (PM), respond to polls, upload content and access many other special features. Registration is fast, simple and absolutely free so , join our community today!

If you have any problems with the registration process or your account login, please contact us.

Driver Scanner

login in Windows Vista without any credential

microsoft.public.windows.vista.security






Speedup My PC
Reply
  #1 (permalink)  
Old 02-27-2007
=?Utf-8?B?QWJoaXNoZWsgQ2hvdWRoYXJ5?=
 

Posts: n/a
login in Windows Vista without any credential
There is a serious bug found in Windows Vista Ultimate, which allow the user
to login in to Window Vista System without providing any credential. It just
requires the attacker to access the victim system, for the first time. To
gain access to victim system, follow these steps.

1) Open System32 folder of your windows.
2) Copy Cmd.exe, Magnify.exe and paste it in two different locations, for
safety purpose.
3) Rename the cmd.exe to Magnify.exe on the backup location.
4) Copy & paste the renamed cmd.exe to system32 folder, this asks for
replacing the Magnify.exe, just continue with replacing.
5) Now restart the system.
6) After restarting the system, the login screen will come, now select the
utility manager, which is on the below left on the screen.
7) Now check the Magnify check box, to open the Magnify.exe, but now this
will open the cmd.exe.
7) In the command prompt, just type the explorer.exe, this will open the
explorer.exe, and desktop, without login in to the system. The user account
provided for login is the system account, so u can do anything with the
system.
You can also play with the windows registry, services, user account change,
and deletion of user accounts, anything you want.


I don’t understand why Microsoft is failed to look in to simple problems.
This is the simplest way to hack the windows vista, without any detailed
hacking knowledge.



----------------
This post is a suggestion for Microsoft, and Microsoft responds to the
suggestions with the most votes. To vote for this suggestion, click the "I
Agree" button in the message pane. If you do not see the button, follow this
link to open the suggestion in the Microsoft Web-based Newsreader and then
click "I Agree" in the message pane.

http://windowshelp.microsoft.com/com...sta.sec urity
Reply With Quote
Sponsored Links
  #2 (permalink)  
Old 02-27-2007
 

Posts: n/a
Re: login in Windows Vista without any credential
"Abhishek Choudhary" <Abhishek Choudhary@discussions.microsoft.com> wrote in
message news:84B823DA-703D-4A9A-AC36-EA623537E69F@microsoft.com...
> There is a serious bug found in Windows Vista Ultimate, which allow the
> user
> to login in to Window Vista System without providing any credential. It
> just
> requires the attacker to access the victim system, for the first time. To
> gain access to victim system, follow these steps.
>
> 1) Open System32 folder of your windows.
> 2) Copy Cmd.exe, Magnify.exe and paste it in two different locations, for
> safety purpose.
> 3) Rename the cmd.exe to Magnify.exe on the backup location.



And ... what access rights do you need to have to the system for step 4,
which writes to the system32 directory?

> 4) Copy & paste the renamed cmd.exe to system32 folder, this asks for
> replacing the Magnify.exe, just continue with replacing.


Oh, yes, that's right, it requires you have administrator access to write to
that directory.

So, if you're an administrator, you can hack the machine so that you don't
have to log on.

Brilliant.

I can do that with a couple of registry entries.

Alun.
~~~~
--
Texas Imperial Software | Web: http://www.wftpd.com/
23921 57th Ave SE | Blog: http://msmvps.com/alunj/
Woodinville WA 98072-8661 | WFTPD, WFTPD Pro are Windows FTP servers.
Fax/Voice +1(425)807-1787 | Try our NEW client software, WFTPD Explorer.


Reply With Quote
  #3 (permalink)  
Old 02-27-2007
Robert Firth
 

Posts: n/a
Re: login in Windows Vista without any credential
Yes pretty pointless. It allows you to access the computer again later. You
already have to have access. I propose a better secury leak. Go to control
panel, users profiles. Setup a second administrator account. Bam, you can
access the account later. Full access through that account. I have to
admit, the magnifier.exe thing is pretty sneaky though. This is only a
security threat if your live in a community environment and forget to lock
your computer.

Physical security is just as important as anything Microsoft can do. If you
leave your computer logged in for anyone to use, that is a security threat
that you created. The whole point of an administrator account is to have
access to everything. That same user that messes with the windows\system32
folder could also install a rootkit or spyware on your computer. A physical
person can easily bypass all the UAC prompts, do whatever they please. Heck,
they could plug in a USB key and copy all your private data straight to it,
or delete it.

--
/* * * * * * * * * * * * * * * * * *
* Robert Firth *
* Windows Vista x86 RTM *
* http://www.WinVistaInfo.org *
* * * * * * * * * * * * * * * * * */

<alun@texis.invalid> wrote in message
news:B34E9C22-B805-4F95-AEA7-94B15BB3A986@microsoft.com...
> "Abhishek Choudhary" <Abhishek Choudhary@discussions.microsoft.com> wrote
> in message news:84B823DA-703D-4A9A-AC36-EA623537E69F@microsoft.com...
>> There is a serious bug found in Windows Vista Ultimate, which allow the
>> user
>> to login in to Window Vista System without providing any credential. It
>> just
>> requires the attacker to access the victim system, for the first time. To
>> gain access to victim system, follow these steps.
>>
>> 1) Open System32 folder of your windows.
>> 2) Copy Cmd.exe, Magnify.exe and paste it in two different locations, for
>> safety purpose.
>> 3) Rename the cmd.exe to Magnify.exe on the backup location.

>
>
> And ... what access rights do you need to have to the system for step 4,
> which writes to the system32 directory?
>
>> 4) Copy & paste the renamed cmd.exe to system32 folder, this asks for
>> replacing the Magnify.exe, just continue with replacing.

>
> Oh, yes, that's right, it requires you have administrator access to write
> to that directory.
>
> So, if you're an administrator, you can hack the machine so that you don't
> have to log on.
>
> Brilliant.
>
> I can do that with a couple of registry entries.
>
> Alun.
> ~~~~
> --
> Texas Imperial Software | Web: http://www.wftpd.com/
> 23921 57th Ave SE | Blog: http://msmvps.com/alunj/
> Woodinville WA 98072-8661 | WFTPD, WFTPD Pro are Windows FTP servers.
> Fax/Voice +1(425)807-1787 | Try our NEW client software, WFTPD Explorer.
>
>


Reply With Quote
  #4 (permalink)  
Old 02-27-2007
Malke
 

Posts: n/a
Re: login in Windows Vista without any credential
Robert Firth wrote:
> Yes pretty pointless. It allows you to access the computer again later.
> You already have to have access. I propose a better secury leak. Go to
> control panel, users profiles. Setup a second administrator account.
> Bam, you can access the account later. Full access through that
> account. I have to admit, the magnifier.exe thing is pretty sneaky
> though. This is only a security threat if your live in a community
> environment and forget to lock your computer.
>
> Physical security is just as important as anything Microsoft can do. If
> you leave your computer logged in for anyone to use, that is a security
> threat that you created. The whole point of an administrator account is
> to have access to everything. That same user that messes with the
> windows\system32 folder could also install a rootkit or spyware on your
> computer. A physical person can easily bypass all the UAC prompts, do
> whatever they please. Heck, they could plug in a USB key and copy all
> your private data straight to it, or delete it.
>


Yes, it always amuses me when people are "outraged" that Windows can be
accessed by booting with other operating systems, etc. As you have so
well explained, *any* computer running *any* operating system is
vulnerable if there is physical access by a skilled person with a bit of
time and a few tools. I can get into my Linux and OS X systems, too.


Malke
--
Elephant Boy Computers
www.elephantboycomputers.com
"Don't Panic!"
MS-MVP Windows - Shell/User
Reply With Quote
  #5 (permalink)  
Old 02-27-2007
 

Posts: n/a
Re: login in Windows Vista without any credential
"Malke" <notreally@invalid.invalid> wrote in message
news:%23dvwTEnWHHA.5108@TK2MSFTNGP06.phx.gbl...
> Yes, it always amuses me when people are "outraged" that Windows can be
> accessed by booting with other operating systems, etc. As you have so well
> explained, *any* computer running *any* operating system is vulnerable if
> there is physical access by a skilled person with a bit of time and a few
> tools. I can get into my Linux and OS X systems, too.



Although...

Encryption is one protection that mitigates physical access - under one
condition. The encryption keys must be unloaded when you leave the encrypted
device alone - often, this means turning off your computer.

I like to call it "defence in death" - even if the system is stolen and can
be probed by serious hackers, they will not be able to get access to data on
an appropriately encrypted drive.

Other than that, of course, you're right - physical access to systems,
particularly while they are on and logged on, cannot be used as the starting
point for a "vulnerability", because the vulnerability is precisely that you
left the machine logged on and running.

Alun.
~~~~
--
Texas Imperial Software | Web: http://www.wftpd.com/
23921 57th Ave SE | Blog: http://msmvps.com/alunj/
Woodinville WA 98072-8661 | WFTPD, WFTPD Pro are Windows FTP servers.
Fax/Voice +1(425)807-1787 | Try our NEW client software, WFTPD Explorer.


Reply With Quote
  #6 (permalink)  
Old 02-27-2007
Malke
 

Posts: n/a
Re: login in Windows Vista without any credential
alun@texis.invalid wrote:
> "Malke" <notreally@invalid.invalid> wrote in message
> news:%23dvwTEnWHHA.5108@TK2MSFTNGP06.phx.gbl...
>> Yes, it always amuses me when people are "outraged" that Windows can be
>> accessed by booting with other operating systems, etc. As you have so well
>> explained, *any* computer running *any* operating system is vulnerable if
>> there is physical access by a skilled person with a bit of time and a few
>> tools. I can get into my Linux and OS X systems, too.

>
>
> Although...
>
> Encryption is one protection that mitigates physical access - under one
> condition. The encryption keys must be unloaded when you leave the encrypted
> device alone - often, this means turning off your computer.
>
> I like to call it "defence in death" - even if the system is stolen and can
> be probed by serious hackers, they will not be able to get access to data on
> an appropriately encrypted drive.
>
> Other than that, of course, you're right - physical access to systems,
> particularly while they are on and logged on, cannot be used as the starting
> point for a "vulnerability", because the vulnerability is precisely that you
> left the machine logged on and running.
>
> Alun.
> ~~~~


True, true. Thanks for mentioning the encryption. Since my client base
is made of home users and small businesses, I usually don't think of
encryption since in that client base encryption often equals "I
encrypted my data and [fill-in-blank] so now I can't get my data.
Certainly BitLocker on corporate laptops is A Good Thing.


Malke
--
Elephant Boy Computers
www.elephantboycomputers.com
"Don't Panic!"
MS-MVP Windows - Shell/User
Reply With Quote
  #7 (permalink)  
Old 02-27-2007
Robert Moir
 

Posts: n/a
Re: login in Windows Vista without any credential
Abhishek Choudhary wrote:
> There is a serious bug found in Windows Vista Ultimate, which allow
> the user to login in to Window Vista System without providing any
> credential..


Priceless. Just priceless. Had to blog this one...
http://robertmoir.com/blogs/someone_...or-access.aspx


Reply With Quote
  #8 (permalink)  
Old 02-28-2007
=?Utf-8?B?QWJoaXNoZWsgQ2hvdWRoYXJ5?=
 

Posts: n/a
Re: login in Windows Vista without any credential
You are correct, but what if the Administrator delete the account, which you
have created, because it display all the account name at the time of login,
so victim can see that a new account has beed created, and he will know that
there is some hacking activity is done on his machine.

"Robert Firth" wrote:

> Yes pretty pointless. It allows you to access the computer again later. You
> already have to have access. I propose a better secury leak. Go to control
> panel, users profiles. Setup a second administrator account. Bam, you can
> access the account later. Full access through that account. I have to
> admit, the magnifier.exe thing is pretty sneaky though. This is only a
> security threat if your live in a community environment and forget to lock
> your computer.
>
> Physical security is just as important as anything Microsoft can do. If you
> leave your computer logged in for anyone to use, that is a security threat
> that you created. The whole point of an administrator account is to have
> access to everything. That same user that messes with the windows\system32
> folder could also install a rootkit or spyware on your computer. A physical
> person can easily bypass all the UAC prompts, do whatever they please. Heck,
> they could plug in a USB key and copy all your private data straight to it,
> or delete it.
>
> --
> /* * * * * * * * * * * * * * * * * *
> * Robert Firth *
> * Windows Vista x86 RTM *
> * http://www.WinVistaInfo.org *
> * * * * * * * * * * * * * * * * * */
>
> <alun@texis.invalid> wrote in message
> news:B34E9C22-B805-4F95-AEA7-94B15BB3A986@microsoft.com...
> > "Abhishek Choudhary" <Abhishek Choudhary@discussions.microsoft.com> wrote
> > in message news:84B823DA-703D-4A9A-AC36-EA623537E69F@microsoft.com...
> >> There is a serious bug found in Windows Vista Ultimate, which allow the
> >> user
> >> to login in to Window Vista System without providing any credential. It
> >> just
> >> requires the attacker to access the victim system, for the first time. To
> >> gain access to victim system, follow these steps.
> >>
> >> 1) Open System32 folder of your windows.
> >> 2) Copy Cmd.exe, Magnify.exe and paste it in two different locations, for
> >> safety purpose.
> >> 3) Rename the cmd.exe to Magnify.exe on the backup location.

> >
> >
> > And ... what access rights do you need to have to the system for step 4,
> > which writes to the system32 directory?
> >
> >> 4) Copy & paste the renamed cmd.exe to system32 folder, this asks for
> >> replacing the Magnify.exe, just continue with replacing.

> >
> > Oh, yes, that's right, it requires you have administrator access to write
> > to that directory.
> >
> > So, if you're an administrator, you can hack the machine so that you don't
> > have to log on.
> >
> > Brilliant.
> >
> > I can do that with a couple of registry entries.
> >
> > Alun.
> > ~~~~
> > --
> > Texas Imperial Software | Web: http://www.wftpd.com/
> > 23921 57th Ave SE | Blog: http://msmvps.com/alunj/
> > Woodinville WA 98072-8661 | WFTPD, WFTPD Pro are Windows FTP servers.
> > Fax/Voice +1(425)807-1787 | Try our NEW client software, WFTPD Explorer.
> >
> >

>
>

Reply With Quote
  #9 (permalink)  
Old 03-05-2007
Sergei Ivanov
 

Posts: n/a
Re: login in Windows Vista without any credential

A similar procedure can be done in XP using a Computer GP script that runs
cmd. As Roberts says the only use of this is to emphasize how important
physical security is.

"Abhishek Choudhary" <AbhishekChoudhary@discussions.microsoft.com> wrote in
message news:742F5AAE-D467-45EE-8966-8991390B2D3E@microsoft.com...
> You are correct, but what if the Administrator delete the account, which
> you
> have created, because it display all the account name at the time of
> login,
> so victim can see that a new account has beed created, and he will know
> that
> there is some hacking activity is done on his machine.
>
> "Robert Firth" wrote:
>
>> Yes pretty pointless. It allows you to access the computer again later.
>> You
>> already have to have access. I propose a better secury leak. Go to
>> control
>> panel, users profiles. Setup a second administrator account. Bam, you can
>> access the account later. Full access through that account. I have to
>> admit, the magnifier.exe thing is pretty sneaky though. This is only a
>> security threat if your live in a community environment and forget to
>> lock
>> your computer.
>>
>> Physical security is just as important as anything Microsoft can do. If
>> you
>> leave your computer logged in for anyone to use, that is a security
>> threat
>> that you created. The whole point of an administrator account is to have
>> access to everything. That same user that messes with the
>> windows\system32
>> folder could also install a rootkit or spyware on your computer. A
>> physical
>> person can easily bypass all the UAC prompts, do whatever they please.
>> Heck,
>> they could plug in a USB key and copy all your private data straight to
>> it,
>> or delete it.
>>
>> --
>> /* * * * * * * * * * * * * * * * * *
>> * Robert Firth *
>> * Windows Vista x86 RTM *
>> * http://www.WinVistaInfo.org *
>> * * * * * * * * * * * * * * * * * */
>>
>> <alun@texis.invalid> wrote in message
>> news:B34E9C22-B805-4F95-AEA7-94B15BB3A986@microsoft.com...
>> > "Abhishek Choudhary" <Abhishek Choudhary@discussions.microsoft.com>
>> > wrote
>> > in message news:84B823DA-703D-4A9A-AC36-EA623537E69F@microsoft.com...
>> >> There is a serious bug found in Windows Vista Ultimate, which allow
>> >> the
>> >> user
>> >> to login in to Window Vista System without providing any credential.
>> >> It
>> >> just
>> >> requires the attacker to access the victim system, for the first time.
>> >> To
>> >> gain access to victim system, follow these steps.
>> >>
>> >> 1) Open System32 folder of your windows.
>> >> 2) Copy Cmd.exe, Magnify.exe and paste it in two different locations,
>> >> for
>> >> safety purpose.
>> >> 3) Rename the cmd.exe to Magnify.exe on the backup location.
>> >
>> >
>> > And ... what access rights do you need to have to the system for step
>> > 4,
>> > which writes to the system32 directory?
>> >
>> >> 4) Copy & paste the renamed cmd.exe to system32 folder, this asks for
>> >> replacing the Magnify.exe, just continue with replacing.
>> >
>> > Oh, yes, that's right, it requires you have administrator access to
>> > write
>> > to that directory.
>> >
>> > So, if you're an administrator, you can hack the machine so that you
>> > don't
>> > have to log on.
>> >
>> > Brilliant.
>> >
>> > I can do that with a couple of registry entries.
>> >
>> > Alun.
>> > ~~~~
>> > --
>> > Texas Imperial Software | Web: http://www.wftpd.com/
>> > 23921 57th Ave SE | Blog: http://msmvps.com/alunj/
>> > Woodinville WA 98072-8661 | WFTPD, WFTPD Pro are Windows FTP servers.
>> > Fax/Voice +1(425)807-1787 | Try our NEW client software, WFTPD
>> > Explorer.
>> >
>> >

>>
>>


Reply With Quote
Reply


Thread Tools
Display Modes

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

vB code is On
Smilies are On
[IMG] code is On
HTML code is Off
Trackbacks are On
Pingbacks are On
Refbacks are Off

Similar Threads
Thread Thread Starter Forum Replies Last Post
XP Can't access Vista Share TedF microsoft.public.windows.vista.networking sharing 12 04-30-2010 14:12
I have a problem with Vista - Windows Explorer keeps crashing =?Utf-8?B?TWljaGFlbA==?= microsoft.public.windows.vista.performance maintenance 28 06-29-2008 19:57
Dave Pogue Reviews Vista in the NYT "Vista Wins on Looks. As for lacks..." Chad Harris microsoft.public.windows.vista.general 28 03-01-2007 20:46
Windows Vista WLAN issue =?Utf-8?B?QXRla2lkbw==?= microsoft.public.windows.vista.networking sharing 1 02-24-2007 20:49
Windows Vista Ultimate =?Utf-8?B?RHVq?= microsoft.public.windows.vista.security 1 02-01-2007 21:29




All times are GMT +1. The time now is 16:07.




Driver Scanner - Free Scan Now

Vistaheads.com is part of the Heads Network. See also XPHeads.com , Win7Heads.com and Win8Heads.com.


Design by Vjacheslav Trushkin for phpBBStyles.com.
Powered by vBulletin® Version 3.6.7
Copyright ©2000 - 2014, Jelsoft Enterprises Ltd.
Search Engine Optimization by vBSEO 3.6.0 RC 2

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 91 92 93 94 95 96 97 98 99 100 101 102 103 104 105 106 107 108 109 110 111 112 113 114 115 116 117 118 119 120