• Sign in to Neowin Faster!

    Create an account on Neowin to contribute and support the site.

Sign in to follow this  

Cracking through the WinXP login...

Recommended Posts

Phinal Phantasm    0

I have a question, that in my mind seems kinda stupid, but it's a favor for a friend of mine. Well, here it goes. She thinks her son is breaking through the Windows XP Logon screen on her system. She claims she just changed all the passwords and he's had no way to see them or know what they are since she used a password generator. So my question for all of you out there is this. Do you know of anyway to get around the Windows XP logon without knowing any passwords? To be exact, this is WinXP Home. In my mind there is no difference. But I could be very wrong. Please let me know so she can stop thinking he can hack her system. lol Ask me any question about the sys. I checked it all out so I can answer most anything. Thanks in advance!!

Share this post


Link to post
Share on other sites
MxxCon    0

i don't know her son's skills so can't say for sure...

i made linux boot disk which can read fat/ntfs(only on internal ide, not scsi or external controler), it dumps SAM database and can decrypt, not bruteforce, nt/2k/xp passwords in about 15min

also if i'm not mistaken, all users on xphome are either limited guest or admin...admin account can change passwords on any other account

Share this post


Link to post
Share on other sites
akaj23    0

Yeah, you can use the Administrator loophole to change anyone's passwords. Some people don't set an Administrator password during Setup and end up using a different account anyway, so hitting Ctrl+Alt+Del twice at the logon screen will let you logon as anyone, including Administrator with the blank password.

I doubt anyone could do it with brute force; there has to be a loophole. Windows XP uses MD5 encryption for passwords, and it's computationally infeasible to break that encryption on thousands of computers, let alone one.

Share this post


Link to post
Share on other sites
Phinal Phantasm    0

As far as skills go, he has never heard of linux and he doesn't know how to find the passwords in 98 or Nt. So that's out... but I wonder if when they bought it it had come setup with an admin password... hmmm... I need to check that...

Share this post


Link to post
Share on other sites
Mike11212    0

When she set the passwords did she set password reminders.

If you click the question mark next to the arrow on the login screen it gives you a Hint and if the hints obvious well anyone can get the password

Share this post


Link to post
Share on other sites
Rudy    457

maybe he goes on the computer by using the guest account

btw why doesnt she just let him use the damn computer lol

Share this post


Link to post
Share on other sites
Phinal Phantasm    0
Originally posted by Mike11212

When she set the passwords did she set password reminders.

If you click the question mark next to the arrow on the login screen it gives you a Hint and if the hints obvious well anyone can get the password

Good queston... that's what I thought at first, but she didn't. She did on one but the question is like "What's 1 + 1" and the answer is like "Brussel Sprouts" You know? lol

Share this post


Link to post
Share on other sites
Phinal Phantasm    0
Originally posted by Rudy

maybe he goes on the computer by using the guest account

btw why doesnt she just let him use the damn computer lol

The main reason being is he steals their credit cards and subscribes to pron accounts. I'm serious. He's racked up over $200 as it is now just in the last 3 months. Other reasons being he doesn't know what DLLs are and killed the last system they had "Making room" by taking them out. haha

Share this post


Link to post
Share on other sites
Rudy    457

hahah ok well then i guess i understand now ;)

Share this post


Link to post
Share on other sites
digitallaughter    0

LOLOL funny story. Mabye she should tell the kid not to use the computer LOL. But anyway why dont you use a bootpassword so when your computer strats you go enter it before you can even get to windows

Share this post


Link to post
Share on other sites
drewster2100    0
Originally posted by digitallaughter

LOLOL funny story. Mabye she should tell the kid not to use the computer LOL. But anyway why dont you use a bootpassword so when your computer strats you go enter it before you can even get to windows

thats what i was thinking, just set it up in bios

Share this post


Link to post
Share on other sites
JBond007NBC    0

Taken from Windows XP Pro Tips And Tricks Super Site

125. Securing your WINDOWS XP computer

You can provide added level of security to your WINDOWS XP System. This is called securing your Windows XP accounts database. You can store all information related to your accounts in a encrypted form on a floppy disk. What this would do is that if You do not have access to your floppy disk, You can not access the system. I am not sure You realized what I just said ! Even if You know your userid/password, You will not be able to access the system unless and until You have this startup disk.

Process of generating the this secure startup floppy disk is simple. Go to START-RUN and type syskey. You would see a window coming up. Click on Upgrade command button. You would see another window poping up which will give You the option of storing the encrypted accounts database either locally or on your floppy disk. Choose floppy disk and click OK and let the process complete. You are done.

Next time You reboot the computer and get to the logon prompt, make sure that You have the floppy disk available in A: drive else You can not log on.

IMPORTANT DISCLAIMER: If You loose your disk in any way or it becomes defective, You would not be able to access the desktop. You would have no choice except to reinstall everything.. XPTOOLS is not responsible for any such damage that may occur as a result of your applying these changes. Don't try it if You are not sure. Use at your own risk.

Share this post


Link to post
Share on other sites
y_notm    8

If the kid has his own account name or can log into the guest account there's a good chance he knows about the "control userpasswords2" exploit in which any user of any level can access the old passwords cpl item and change *anyones* password and play with any accounts he chooses

Share this post


Link to post
Share on other sites
Jewelzz    7

My daughter used to get my credit card info also and charge things. My solution...take the keyboard whenever I wasn't around :D . It really works lol

Share this post


Link to post
Share on other sites
Mr magoo    1

syskey works in 2000 btw...

simple answer? dont store credit cards in the browser history! its simple to do it!!!

Advanced answer: disable all accounts on the computer: you only want a admin, guest, and user accounts on it. Guest should be locked out; admin should be a password of a multiple of 7 - e.g 7,14,21,28 etc... charactors long -windows encrpyts in 7 bit steps so this is the most secure method of making passwords. user accounts should only be active if there is a user to use them!!!!!

If shes concerned- then why doesnt she add her self to the basic user group - that way she has limited system access....

boot passwords are a great idea.

CHOOSE A GOOD PASSWORD!! alphanumeric - the works!!

Share this post


Link to post
Share on other sites
Phinal Phantasm    0
Originally posted by Mr magoo

syskey works in 2000 btw...

simple answer? dont store credit cards in the browser history! its simple to do it!!!

If shes concerned- then why doesnt she add her self to the basic user group - that way she has limited system access....

boot passwords are a great idea.

CHOOSE A GOOD PASSWORD!! alphanumeric - the works!!

Well, to let you know about her kid... he doesn't take the card numbers from the system... he literally sneaks into their room at night to hunt for their wallets, then writes the card info down and sneaks out. They've got it now so he can't get the cards. But they assume he still has the numbers written down somewhere. As far as her adding herself to basic users. I've suggested that... and she feels if she does that she's a prisoner at her own computer because of her son (don't ask... lol). As far as the boot password goes... it would work, and it's been suggested, but they don't want to have to turn the system off each time they leave. They want to just log out.

As far as everything else. No, he doesn't have his own account, and I've checked and made sure the Guest account is disabled. I've told them about taking the keyboard or monitor cord and stuff, but they feel it's too much work. Yeah, I'm serious... you can't make this stuff up. hahaha

So far this is REALLY good advice and I'll have to see if I can convince her to take it... but as it is, so far without having a lot of computer knowlege, there is no way to hack into someone elses account without having the password, right? I mean, if the Guest account is turned off and the Admin has a password (which he doesn't know). Just making sure... I want to get as many people saying I'm right so she believes me and doesn't think her son can hack her system. lol So what is more than likely going on is he's seen what she's typed in. I'm almost positive of it, but she doesn't think so. haha She's convinced there has been no way for him to see it... but I doubt that.

Share this post


Link to post
Share on other sites
Jewelzz    7

Cancel the credit card. Once a new one or new ones are received, lock'm up.

Share this post


Link to post
Share on other sites
Phinal Phantasm    0
Originally posted by Jewelzz

Cancel the credit card. Once a new one or new ones are received, lock'm up.

That's pretty much what they've done. They bought a lock box to put everything in. But they don't want him to do other things. He's just recently realized that you can download porn off of WinMX and things... and now he's been trying to do that. So, being as how they're my friends I figured I'd help. I already locked the kids system down hard. I took out MSN messenger & explorer completely... every last part. All that's left is IE. I've had them lock up the Network card for that system... and I've gone through IE and made sure NO site that can help him reinstall things can be accessed (No other browsers either). Even the normal MS download sites. hahaha So he's pretty much given up on that system. But now he's set his eyes on hers. haha

Share this post


Link to post
Share on other sites
Jewelzz    7

Best of luck to her, I still say taking the keyboard is the best answer. But if she feels it's too much of a hassle, he'll keep doing it because she's basically letting him. She's the parent and he needs to know this.

My daughter used to call me at work yelling because the keyboard was locked up in my bedroom and she wanted to go online. To have the upper hand can be a great thing...being a biotch helps too :D

Hope you can find a solution for her

Share this post


Link to post
Share on other sites
Gergith    0
Originally posted by Jewelzz

Cancel the credit card. Once a new one or new ones are received, lock'm up.

i say you leave the old ones exactly where they are, and let him look at him, but dont tell, or show him the new ones, make sure he has NO access to them...

but like, i think she is just far too paranoid... like, if all the accounts that she has, are password protected, and he doesnt know them, hes not oging to get in.... but like, she should just change her pass word every time.. and if its something random like a7s7d7fHGE45g as a password, then just rotate it every time, so one week her pass would look like :

a7s7d7fHGE45g the next:

7s7d7fHGE45ga the next:

s7d7fHGE45ga7

you get the picture

Share this post


Link to post
Share on other sites
cranch    0

No offense intended here, but why doesn't she talk to the kid about it. Why try to confront the kid about it by using the computer?? Sure everyone looks at a little porn, but for the most part kids don't go stealing credit card numbers to buy porn (or at least the ones I know). Just my opinion, but maybe he needs some help???

Share this post


Link to post
Share on other sites
Phinal Phantasm    0
Originally posted by Gergith

i say you leave the old ones exactly where they are, and let him look at him, but dont tell, or show him the new ones, make sure he has NO access to them...

but like, i think she is just far too paranoid... like, if all the accounts that she has, are password protected, and he doesnt know them, hes not oging to get in.... but like, she should just change her pass word every time.. and if its something random like a7s7d7fHGE45g as a password, then just rotate it every time, so one week her pass would look like :

a7s7d7fHGE45g the next:

7s7d7fHGE45ga the next:

s7d7fHGE45ga7

you get the picture

Good point. But this all started cause she changed her password using a random password gen and got something like 4jd896U8f but within a week she cought him logged on to her system. So that's why she thought he could crack through the login. She's convinced there is NO way he could have seen her type it so he must have know some way around it. *I* perdonally think he saw her type it in. The point of all of this was so I could prove to her that there was no way for him to get around it... and he MUST have seen it. lol
Originally posted by Jewelzz

Best of luck to her, I still say taking the keyboard is the best answer. But if she feels it's too much of a hassle, he'll keep doing it because she's basically letting him. She's the parent and he needs to know this.

My daughter used to call me at work yelling because the keyboard was locked up in my bedroom and she wanted to go online. To have the upper hand can be a great thing...being a biotch helps too

Hope you can find a solution for her

Well, I've almost got her to the biotch point. hahaha I think after I tell her everything I found out she'll be using a combo of everything on here. Lock up the keyboard, use syskey... the works. Well, at least I hope she does. hahaha

Share this post


Link to post
Share on other sites
xEonBuRn    0

I say this kid needs some phsycological help with his pr0n prob ;)

This kid sounds like he'll be having bad relationships for the rest of his life if he's that crazy...

MxxCon: Hey, can u let me know the specifics of ur boot disk? Perhaps sending a zip of it? plz. My email is

xeonburn@hotmail.com

Share this post


Link to post
Share on other sites
McKrout    0

i say move the computer into the parents room. when they leave, lock the door to the room. by doing this, the kid cant use it when they are not home and he can try to use it at nite either because he would wake his parents and if they dont want to do that, then i agree with the keyboard thing, take it away.

TS

Share this post


Link to post
Share on other sites
Phinal Phantasm    0
Originally posted by cranch

No offense intended here, but why doesn't she talk to the kid about it. Why try to confront the kid about it by using the computer?? Sure everyone looks at a little porn, but for the most part kids don't go stealing credit card numbers to buy porn (or at least the ones I know). Just my opinion, but maybe he needs some help???

She's actually confronted him a bunch of times. He says most things are her and her husbands fault. He does a lot more than just things online. He's threatened to shoot people (though he has no gun or way to get one), he's also mollested a 10 yr old girl, but they ruled it an isolated incedent and nothing happend. He's also done some breaking and entering of a gang members hous and they had to send him out of the state to avoid him getting killed. His step-father agrees with most people about getting him help or something... but she has this "He was my first child" thing going on. She's just now starting to see how he truly is. They had him seeing a shrink, but it actually made him worse. But yeah, there is a lot more going on than just the porn prob, but that's what I was asked to help with, so that's what I'm doing. What a nice guy I am! :D

And with what xEonBuRn was saying, he more than likely never have a good relationship... I've yet to explain that part of him to all of you. Let's say it's just as scary as the rest. hahaha

Share this post


Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
Sign in to follow this  

  • Recently Browsing   0 members

    No registered users viewing this page.