Home page logo
/

basics logo Security Basics mailing list archives

RE: locked out of XP, need file access
From: Joey Peloquin <jpelo1 () jcpenney com>
Date: Mon, 29 Dec 2003 12:32:48 -0600

Grimshaw,

[snip]
->To preface, I apologize if I am wrong.  I also expect to be
->bashed for
->being harsh, but sometimes reality stings.

On the contrary, I'm surprised someone, including myself, hasn't brought
this up before.  Or recently, at least, if it has been brought up before.

->A question that I have, is that if the box is his, and those
->files are his
->(and are important), how did he suddenly just "forget" the
->admin password?
-> What has he been using to log in on a daily basis?  Why isn't the
->password for this box the same as the other local admin
->passwords on the
->network?  Why is he administrating an XP box and then throwing up
->comparisons to Windows 98 PWL files?  Why not connect to the
->network and
->log on with domain administrator rights?  If he does not have
->the access,
->why not call their helpdesk and have one of the
->administrators do this?

ALL very valid questions.  

Naturally, it is very possible he _did_ forget his password ... We've all
done it.  However, it's also entirely possible the scenario Grimshaw laid
out below is right-on.  

What I'd like to know is why someone is using the Admin account on a WinXP
box (or ANY multi-user box, for that matter) as if it was a regular user?
Do you realize the power you're giving away when an exploit yields
privileges *of the logged-on user*?

By the way, I would caution against setting every local admin password the
same, network-wide.  It could be the difference between cleaning up one
"owned" server, as opposed to dealing with a data center *full* of "owned"
boxes.

->While I agree that sharing of wisdom is vital to the growth of this
->mailing list, the temperance of such wisdom should be considered.  I
->shared this email with my co-workers, and we all thought a
->laptop fell out
->of the back of a truck into the requestor's lap.
->
->Perhaps it is because I do not trust email's originating from
->a hotmail
->address asking for a hack.   Anyone can get a hotmail address
->with any
->information provided.  

This is precisely why I typically don't answer these types of questions.
[snip]

Thanks for saying what I'm sure a lot of us were thinking.

Joey Peloquin


The information transmitted is intended only for the person or entity to
which it is addressed and may contain confidential and/or privileged
material.  If the reader of this message is not the intended recipient,
you are hereby notified that your access is unauthorized, and any review,
dissemination, distribution or copying of this message including any
attachments is strictly prohibited.   If you are not the intended
recipient, please contact the sender and delete the material from any
computer.

---------------------------------------------------------------------------
----------------------------------------------------------------------------

  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]
AlienVault