login in Windows Vista without any credential

[Guest]

There is a serious bug found in Windows Vista Ultimate, which allow the user
to login in to Window Vista System without providing any credential. It just
requires the attacker to access the victim system, for the first time. To
gain access to victim system, follow these steps.

1) Open System32 folder of your windows.
2) Copy Cmd.exe, Magnify.exe and paste it in two different locations, for
safety purpose.
3) Rename the cmd.exe to Magnify.exe on the backup location.
4) Copy & paste the renamed cmd.exe to system32 folder, this asks for
replacing the Magnify.exe, just continue with replacing.
5) Now restart the system.
6) After restarting the system, the login screen will come, now select the
utility manager, which is on the below left on the screen.
7) Now check the Magnify check box, to open the Magnify.exe, but now this
will open the cmd.exe.
7) In the command prompt, just type the explorer.exe, this will open the
explorer.exe, and desktop, without login in to the system. The user account
provided for login is the system account, so u can do anything with the
system.
You can also play with the windows registry, services, user account change,
and deletion of user accounts, anything you want.


I don’t understand why Microsoft is failed to look in to simple problems.
This is the simplest way to hack the windows vista, without any detailed
hacking knowledge.



----------------
This post is a suggestion for Microsoft, and Microsoft responds to the
suggestions with the most votes. To vote for this suggestion, click the "I
Agree" button in the message pane. If you do not see the button, follow this
link to open the suggestion in the Microsoft Web-based Newsreader and then
click "I Agree" in the message pane.

http://windowshelp.microsoft.com/co...9f&dg=microsoft.public.windows.vista.security

 

[Guest]

There is a serious bug found in Windows Vista Ultimate, which allow the
user
to login in to Window Vista System without providing any credential. It
just
requires the attacker to access the victim system, for the first time. To
gain access to victim system, follow these steps.

1) Open System32 folder of your windows.
2) Copy Cmd.exe, Magnify.exe and paste it in two different locations, for
safety purpose.
3) Rename the cmd.exe to Magnify.exe on the backup location.

And ... what access rights do you need to have to the system for step 4,
which writes to the system32 directory?

4) Copy & paste the renamed cmd.exe to system32 folder, this asks for
replacing the Magnify.exe, just continue with replacing.

Oh, yes, that's right, it requires you have administrator access to write to
that directory.

So, if you're an administrator, you can hack the machine so that you don't
have to log on.

Brilliant.

I can do that with a couple of registry entries.

Alun.
~~~~

 

[Robert Firth]

Yes pretty pointless. It allows you to access the computer again later. You
already have to have access. I propose a better secury leak. Go to control
panel, users profiles. Setup a second administrator account. Bam, you can
access the account later. Full access through that account. I have to
admit, the magnifier.exe thing is pretty sneaky though. This is only a
security threat if your live in a community environment and forget to lock
your computer.

Physical security is just as important as anything Microsoft can do. If you
leave your computer logged in for anyone to use, that is a security threat
that you created. The whole point of an administrator account is to have
access to everything. That same user that messes with the windows\system32
folder could also install a rootkit or spyware on your computer. A physical
person can easily bypass all the UAC prompts, do whatever they please. Heck,
they could plug in a USB key and copy all your private data straight to it,
or delete it.

--
/* * * * * * * * * * * * * * * * * *
* Robert Firth *
* Windows Vista x86 RTM *
* http://www.WinVistaInfo.org *
* * * * * * * * * * * * * * * * * */

 

[Malke]

Yes pretty pointless. It allows you to access the computer again later.
You already have to have access. I propose a better secury leak. Go to
control panel, users profiles. Setup a second administrator account.
Bam, you can access the account later. Full access through that
account. I have to admit, the magnifier.exe thing is pretty sneaky
though. This is only a security threat if your live in a community
environment and forget to lock your computer.

Physical security is just as important as anything Microsoft can do. If
you leave your computer logged in for anyone to use, that is a security
threat that you created. The whole point of an administrator account is
to have access to everything. That same user that messes with the
windows\system32 folder could also install a rootkit or spyware on your
computer. A physical person can easily bypass all the UAC prompts, do
whatever they please. Heck, they could plug in a USB key and copy all
your private data straight to it, or delete it.

Yes, it always amuses me when people are "outraged" that Windows can be
accessed by booting with other operating systems, etc. As you have so
well explained, *any* computer running *any* operating system is
vulnerable if there is physical access by a skilled person with a bit of
time and a few tools. I can get into my Linux and OS X systems, too.


Malke

 

[Guest]

Yes, it always amuses me when people are "outraged" that Windows can be
accessed by booting with other operating systems, etc. As you have so well
explained, *any* computer running *any* operating system is vulnerable if
there is physical access by a skilled person with a bit of time and a few
tools. I can get into my Linux and OS X systems, too.

Although...

Encryption is one protection that mitigates physical access - under one
condition. The encryption keys must be unloaded when you leave the encrypted
device alone - often, this means turning off your computer.

I like to call it "defence in death" - even if the system is stolen and can
be probed by serious hackers, they will not be able to get access to data on
an appropriately encrypted drive.

Other than that, of course, you're right - physical access to systems,
particularly while they are on and logged on, cannot be used as the starting
point for a "vulnerability", because the vulnerability is precisely that you
left the machine logged on and running.

Alun.
~~~~

 

[Malke]

Although...

Encryption is one protection that mitigates physical access - under one
condition. The encryption keys must be unloaded when you leave the encrypted
device alone - often, this means turning off your computer.

I like to call it "defence in death" - even if the system is stolen and can
be probed by serious hackers, they will not be able to get access to data on
an appropriately encrypted drive.

Other than that, of course, you're right - physical access to systems,
particularly while they are on and logged on, cannot be used as the starting
point for a "vulnerability", because the vulnerability is precisely that you
left the machine logged on and running.

Alun.
~~~~

True, true. Thanks for mentioning the encryption. Since my client base
is made of home users and small businesses, I usually don't think of
encryption since in that client base encryption often equals "I
encrypted my data and [fill-in-blank] so now I can't get my data.
Certainly BitLocker on corporate laptops is A Good Thing.


Malke

 

[Robert Moir]

There is a serious bug found in Windows Vista Ultimate, which allow
the user to login in to Window Vista System without providing any
credential..

Priceless. Just priceless. Had to blog this one...
http://robertmoir.com/blogs/someone...r-computer-and-gain-administrator-access.aspx

 

[Guest]

You are correct, but what if the Administrator delete the account, which you
have created, because it display all the account name at the time of login,
so victim can see that a new account has beed created, and he will know that
there is some hacking activity is done on his machine.

 

[Sergei Ivanov]

A similar procedure can be done in XP using a Computer GP script that runs
cmd. As Roberts says the only use of this is to emphasize how important
physical security is.