Home page logo
/

basics logo Security Basics mailing list archives

using Administrator-Account with empty password
From: Scan_it <Scan_it () gmx net>
Date: Sun, 01 Jun 2008 19:31:56 +0200

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

hi guys,

I got the following iussue here.

I have two Computers, both Win xp pro SP2
(no passwords for Administrator's account set).

I assume that no one has local access to the computer.
so the only way to get to the data(shares, ipc$) is by remote (home
network, internet)

When I try to establish a connection via ipc$ or a connection to a
network share , using the Administrator account
(e.g. with Sysinternals tools), Windows declines the connection.

If i set the same password on both computers, i can establish a
connection, use administrative priviliges, network
shares etc.

So my question is why should I even bother to set up a strong password
for my Admin Account (which can be
broken by BruteForce or Wordlist), when Windows denies any connection
with an empty password.
Wouldnt it be a lot more secure to configure a system without a Password?

Or is there any way to trick Windows into accepting a connection with an
empty password or to
run a programm from the command line without a password?

Your input is pretty much appreciated.

Greets

Scan_it
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.7 (MingW32)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org

iD8DBQFIQt0MVrIRd1HzN0oRAkAdAJ9+KjowdW6A/xk+ILVMflilsNhS2gCgo7zt
tdfFFO5a9Y2TdwoEqz7yMs4=
=8u+X
-----END PGP SIGNATURE-----


  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]
AlienVault