TechSpot

XP/2000/NT Secure? - I cannot believe it!

By rEMOTE_eVENT
Dec 10, 2003
  1. Xp - crowned as MS most secure OS to date - built on secure NT technology. Yeah right. I couldn't believe how easy it is to gain all logon passwords for these all these OS. This includes administrator passwords as well. Not only that, it is just as simple to change these passwords as well. this applies to W2K Servers as well.

    This must be the most serious flaw in Microsofts Operating Systems. A modified Linux Boot disk allows you to boot and mount all HDDs on a machine. All Drives that are used by Windows are recognised and can be accessed. Providing you can locate the SAM file within Windows Os (just browse for it if it isn't in its default location), it is possible to open this file and view / edit / modify / delete / do what ever the hell you want with it.

    I have to say I was shocked. I have tried it and this works. I have changed Administrator passwords, user passwords, etc.

    Oh, am I correct in also thinking that if files are encrypted on an NTFS drive using EFS, these files can be accessed by anyone without decryption on a FAT /FAT32 file system? I have heard the rumour. Something I will have to look into when I get some spare time.

    PS. I am not a hacker... but I have certain jobs to do that require me to find ways around problems ;)

    BTW, hello everyone. :grinthumb
     
  2. Didou

    Didou Bowtie extraordinair! Posts: 4,274

    You can't really judge the security of an Operating System when it's not running.:rolleyes:

    NTFS partitions are not encrypted by default.

    PS. Welcome to TechSpot. Hope you enjoy your stay.;)
     
  3. Phantasm66

    Phantasm66 TS Rookie Posts: 5,734   +7

    No system is secure.

    But security is a pretty abstract concept. Security from what? Under what context? Its not secure, or less secure than something else?

    In fact, any real security analyst will tell you that the human component in the equation is BY FAR the weakest link. Educate your users to work an OS and a computer properly and securely first before branding an OS a security failure.

    That said, its comparison to UNIX in terms of effectiveness is laughable. M$ have even turned their system backbones for the likes of Hotmail over to Linux during DDOS attacks and so forth, because Window$ is just so lame.

    These arguments sit infront of a very multi-facetted situation, where making sweeping statements can be misleading.
     
  4. rEMOTE_eVENT

    rEMOTE_eVENT TS Rookie Topic Starter

    Gaining access to all accounts and being able to then run that OS as any user including administrator allows me to judge the security of the OS (i.e. totally insecure).

    I know that NTFS partitions are not encrypted by default. Read my post; 'files' that are encrypted using EFS can be viewed on a FAt/FAT32 file system without having to decrypt them (I havn't tried this as of yet but I will).

    For example, get admin password, log on, find encrypted files, copy them onto a FAT/FAT32 partition and security is out of the window.

    Thanks for the welcome.
     
  5. Phantasm66

    Phantasm66 TS Rookie Posts: 5,734   +7

    I believe I do have that Linux Windows 2000 hack disk. It does not work on domain controllers, I think... or does it?? Anyway, yes its good.

    And yes - this DOES NOT MAKE YOU A HACKER. You are not even a script kiddie. You are just some dude who used a boot disk.
     
  6. rEMOTE_eVENT

    rEMOTE_eVENT TS Rookie Topic Starter

    I never said that any system was secure. All I posted was that I cannot believe how insecure the OS is and how easy it is to gain access to all data held on them.

    To clarify, in terms of user access and file protection...

    So you do not agree that the NT family are totally insecure?

    I suppose for the general novice user they will not have the knowledge or interest to find out the security flaws in the OS.

    However, this can easily change if a malicious user wants to mess things up etc (and how easy is it for this to be achieved?)
     
  7. rEMOTE_eVENT

    rEMOTE_eVENT TS Rookie Topic Starter

    Exactly, just some dude with a boot disk. This is my whole point and why I am trying to raise this issue. Maybe we could discuss why these security issues are so damn open and what effects this could have to NT users? (which I was hoping to do)

    PS. I am not one of those people whom hate MS. I have to work with all different systems on a daily basis... Infact I am taking an MCSE exam tomorrow and should really get back to some revision lol.
     
  8. Phantasm66

    Phantasm66 TS Rookie Posts: 5,734   +7

    I think making any kind of sweeping statement about computer security is misleading.

    Totally insecure implies a complete lack of security, which is not true. How would your boot disk help you to get into my home directory, when that's on a server to which you have no physical access? You might change the administrator password on a workstation - but that's not a complete defeat of the security, because you were only able to change the password, not see what it originally is, so I am left aware that a breach has taken place, as I see that I am unable to use my old administrator password.

    There are many such tricks for breaking into a UNIX system if its not been properly secured, some of which just as effective and DON'T require a boot disk.

    Also, your bootdisk example (as I hinted at above) hinges on physical access. If I take that away, what are you left with? And if I give you it back, why you might as well just open the machine and take the HDD out if you want data off it - what OS or security can help that? Encrypt it? OK. Now we have a whole other set of problems as well.
     
  9. rEMOTE_eVENT

    rEMOTE_eVENT TS Rookie Topic Starter

    I stand corrected, but at the same I am talking here about physical access. I have never implied anything else within these posts about remote access. only in my handle ;)

    Security of computer systems encompasses a massive array of implementations including locked server rooms, authorised access etc. I know that much.

    Also, can you completely take away physical access to computer systems, when connected to a network. The network is the computer system so the fact is; if your server is on the network I have physical access to it whether you like it or not. Snooping, infaltrate data etc. You really cannot get away from it.

    I think I may have opened a can of worms here.
     
  10. Justin

    Justin TS Rookie Posts: 942

    I just tried your "theory" about EFS file copying. You are wrong. Doesn't work at all, not even under linux.

    remote event, it seems to me you started this thread just to rile people up. ANY machine without native encryption that you can gain physical access too can be compromised extremely easily. That has nothing at all to do with computer security, in my opinion. That has everything to do with protecting your own physical access. Doors have locks for a reason, you know.
     
  11. conradguerrero

    conradguerrero TS Rookie Posts: 310

    and for doors i recommend a steel security door with two commercial-grade deadbolt locks, at least one of which should require a key to lock from either side.

    :D
     
  12. Justin

    Justin TS Rookie Posts: 942


    A 6 foot 8 300lb armed guard couldn't hurt, either.

    Or maybe that could hurt...
     
  13. Krugger

    Krugger TS Rookie Posts: 173

    to be fair, they just claimed it was their 'most secure' o/s ever, which is probably true. it's not 'the most secure' ever though, that's obvious.
     
  14. Nodsu

    Nodsu TS Rookie Posts: 5,837   +6

    BTW, if you can get a boot floppy/CD access to a Linux/UNIX box, getting the user passwords is just a little bit bigger hassle than with Windows, but nothing some ramdom kid with a prewritten scirpt can't do.

    You can get acess to all Linux partitions with a bootable CD too and modify them as you like, including the plaintext password and configuration files..
     
  15. Tarkus

    Tarkus TechSpot Ambassador Posts: 621

    Actually the SAM file is encrypted, and you need special software to write a new SAM file to a NTFS partition. There are bootable floppy programs to read a NTFS partition and password cracking programs out there. a simple alpha string is the easiest to crack taking at most 10 minutes for dictionary words and up to an hour for brute force, alpha+numeric may hold it off for a few hours and alpha+numeric+special characters can hold it off for a day or two. I've used these tools in the past. They're expensive but worth the investment if you have need of them on a regular basis.

    To secure a computer from local access you would want to use BIOS password protection, disable floppy CD and USB boot and have a locking case panel.
     
  16. Phantasm66

    Phantasm66 TS Rookie Posts: 5,734   +7


    The more I think about that sentence, the more inane it seems.

    I would, in the nicest possible way, urge you not to go around saying things that like in front of people who might know better.

    TOTALLY insecure? Get a grip.

    I am not trying to start a flame war (and won't be taking part in one) but you must surely realise what an inaccurate, sweeping statement that is?
     
  17. Krugger

    Krugger TS Rookie Posts: 173

    in other words, no, neither he, nor anyone esle thinks so... ;)
     
  18. sagar

    sagar TS Rookie

    hi

    i have forgotten the administrator password and i have to break that , i have got a win 2000 professional os with ntfs partition . i couldnt boot from floppy or bootable cd of win 98 since my partition is a ntfs partition . can any1 gve me the link from where i can get the ntfs bootable floppy and how cum i break the administrator password . :confused:
     
  19. Mictlantecuhtli

    Mictlantecuhtli TS Evangelist Posts: 4,345   +11

Topic Status:
Not open for further replies.

Similar Topics

Add New Comment

You need to be a member to leave a comment. Join thousands of tech enthusiasts and participate.
TechSpot Account You may also...