mailing list archives
Re: using Administrator-Account with empty password
From: Ansgar -59cobalt- Wiechers <bugtraq () planetcobalt net>
Date: Mon, 2 Jun 2008 17:40:47 +0200
On 2008-06-01 Scan_it wrote:
I have two Computers, both Win xp pro SP2
(no passwords for Administrator's account set).
I assume that no one has local access to the computer.
so the only way to get to the data(shares, ipc$) is by remote (home
When I try to establish a connection via ipc$ or a connection to a
network share , using the Administrator account
(e.g. with Sysinternals tools), Windows declines the connection.
If i set the same password on both computers, i can establish a
connection, use administrative priviliges, network
"Blank Password Restrictions")
So my question is why should I even bother to set up a strong password
for my Admin Account (which can be broken by BruteForce or Wordlist),
when Windows denies any connection with an empty password.
Wouldnt it be a lot more secure to configure a system without a
For Windows XP, if you can guarantee that no unauthorized user will be
able to get physical access: yes. Earlier versions don't have this
restriction, so you have to have a strong password there.
Or is there any way to trick Windows into accepting a connection with
an empty password or to run a programm from the command line without a
None that I'm aware of. Which of course doesn't mean that there aren't
"All vulnerabilities deserve a public fear period prior to patches
--Jason Coombs on Bugtraq