DISCLAIMER: Please be responsible with this knowledge I am sharing. Only use this on a computer you own and have permission to access. I assume absolutely no liability if you disregard this advice. Please be ethical!

Now I know what you’re thinking. Oh wonderful, another techie thinking they know it all by pointing out the flaws of Windows just like the rest of the Linux loving jerks. Now although I do think Linux has its security advantages that triumph well over Microsoft’s Windows, allow me to at least explain myself in a respectful manner why Microsoft, to put it bluntly, needs to get its stuff together with Windows.

As IT professionals we really should want to keep things as secure as we possibly can. Encryption for the most part hardly goes through the average user’s mind. Tonight I decided to launch my Oracle Virtualbox software and boot up a virtualized Windows XP machine I created a few months ago. Now we as humans of course make mistakes, there’s no denying that. Given the fact that I created this virtual machine months ago I didn’t remember the Administrator password I set for its account. Did I panic? No. Did I have to go and re install Windows XP on the virtual machine? That could have been an option but why waste all the time doing that when there was a simpler, easier method.

Now although the popularity of this all purpose recovery CD called “Hirens Boot CD” may not be that high, I knew of a certain program on this disc that could remedy my problem in a much quicker fashion than completely re installing Windows. That program, bundled with Hirens Boot CD, is called NTPWEdit. Now remember earlier in the post how I mentioned encryption and the fact that many people disregard its importance? To tell you the honest truth, encryption is the only method to thwart this program’s power.  The first step I took was inserting the Hirens Boot CD .ISO file into my virtual machine’s disk drive(Essentially the same exact thing as taking a disc and putting into a physical computer’s drive.) I then booted into one of its features called Mini Windows XP. It is exactly that. A miniature form of Windows XP all running from a disc without having to install anything.  I will also mention since there is no encryption existent I have full access to the C drive even with the actual Windows operating system being inactive. So what does this mean for me? I can change the password to anything I choose with very little effort.  Windows has a file called the SAM file which is one of the most important components of the Windows Operating System. This special file has a configuration of all user accounts and passwords existent on the Operating System. Without encryption this is easily changeable and accessible to anyone including users running Windows 7. At a later point in time I will test this on Windows 8 as well as the Windows 10 Preview build, but for now I will show you proof of concept that this tool actually does indeed work.

Now you may think at this point I have to replace the password with a new one. This is not the case. Not only can I remove the original password for any user account I wish, I can simply make the password blank and not even have to remember a password ever again. Now personally I wouldn’t recommend this but for example purposes let’s go and do that. Now as you can see I was able to access all the accounts and also remove the password in its entirety with no hassle whatsoever. To summarize the point I am trying to make, Microsoft, please fix this very serious vulnerability for your users’ security. Admin Has No Password NowNTPWEdit Program on Hirens Windows XP SAM File No Protection Existent Windows XP Password RemovedpngBooting into Hirens

Advertisements