Page 1 of 2 12 LastLast
Results 1 to 10 of 12

Thread: Logon as administrator with blank password on Winxp

  1. #1
    Just burned his ISO
    Join Date
    May 2006
    Posts
    4

    Default Logon as administrator with blank password on Winxp

    Hello,
    I was wondering whether it is at all possible to login to winxp box remotely as administrator with blank password. Since winxp has policy to only accept blank password logons from terminal.

    I'm not hoping for a tutorial on how to do it I'd just like to know if someone knows of a way to do it. And if there is some fairly universal method or if it's just too complicated for newbie to comprehend.

    I hate to spend a day researching something only to find out that I would need to invent it first to be able to do it

    P.S. Consider the hypothetical machine secured with only netbios port open and no other extra service running. Windows was just freshly installed with everything set to default and passwords left blank. You have no physical access to the box

    Thanks for any reply,
    Marc

  2. #2
    My life is this forum thorin's Avatar
    Join Date
    Jan 2010
    Posts
    2,629

    Default

    0) A quick session of google'fu can get you the answers you wish.
    1) I was able to find some MS documents that suggest a blank admin password is possible.
    2) I found a few references stating if FAT32 drives are used a few files can be removed to end up with a blank admin password (use a linux/dos boot disk to remove them etc).

    P.S. Consider the hypothetical machine secured with only netbios port open and no other extra service running. Windows was just freshly installed with everything set to default and passwords left blank. You have no physical access to the box
    If you don't have physical access to the box how can you ensure no password was set?
    I'm a compulsive post editor, you might wanna wait until my post has been online for 5-10 mins before quoting it as it will likely change.

    I know I seem harsh in some of my replies. SORRY! But if you're doing something illegal or posting something that seems to be obvious BS I'm going to call you on it.

  3. #3
    Just burned his ISO
    Join Date
    May 2006
    Posts
    4

    Default

    thanks for reply thorin,
    however:
    0) I've been googling for hours with no result
    1) if you're refering to this: hxxp://technet2.microsoft.com/WindowsServer/en/library/45acdbfd-7d8e-4b70-b332-97f9e2d975e11033.mspx?mfr=true
    Than it involves changing security policy and windows would no longer be in default configuration.
    2) I don't wish to remove the password, it is already blank. I want to logon remotely to the computer with blank administrator account.

    I'm not talking about specific machine, but method to gain access under mentioned conditions.

    My research suggested that this is not possible and I guess I was right.

    Thanks anyway for the effort

  4. #4
    Member elazar's Avatar
    Join Date
    Sep 2007
    Posts
    217

    Default

    Quote Originally Posted by Completebald View Post
    thanks for reply thorin,
    however:
    0) I've been googling for hours with no result
    1) if you're refering to this: hxxp://technet2.microsoft.com/WindowsServer/en/library/45acdbfd-7d8e-4b70-b332-97f9e2d975e11033.mspx?mfr=true
    Than it involves changing security policy and windows would no longer be in default configuration.
    2) I don't wish to remove the password, it is already blank. I want to logon remotely to the computer with blank administrator account.

    I'm not talking about specific machine, but method to gain access under mentioned conditions.

    My research suggested that this is not possible and I guess I was right.

    Thanks anyway for the effort
    You are correct, you would have to change the policy, there is no other way. By default, Windows XP and Windows 2003 will not allow blank administrator logons over the network unless the policy setting is explicitly disabled. Quote from the policy setting itself:

    Accounts: Limit local account use of blank passwords to console logon only

    This security setting determines whether local accounts that are not password protected can be used to logon from locations other than the physical computer console. If enabled, then local accounts that are not password protected will only be able to log on at the computer's keyboard.

    Default: Enabled.

    Caution:
    Computers that are not in physically secure locations should always enforce strong password policies for all local user accounts. Otherwise, anyone with physical access to the computer can log on using a user account that does not have a password. This is especially important for portable computers.
    If you apply this security policy to the Everyone group, no one will be able to log on through terminal services.

    Notes:
    This setting does not affect logons that use domain accounts.
    It is possible for applications that use remote interactive logons to bypass this setting.
    Note to the mods: This probably belongs in the "General IT" forum...
    dd if=/dev/urandom of=/mybrain

  5. #5
    Just burned his ISO
    Join Date
    May 2006
    Posts
    4

    Default

    thanks elazar,
    yeah it's not 'supposed' to be possible But I was wondering if any of those expert members here have ever managed to overcome this in their security testing.

    But I guess, you're right, it's nearly impossible to gain access remotely in this scenario.

    Thanks for your opinions.

  6. #6
    Senior Member
    Join Date
    Jan 2006
    Posts
    1,334

    Default

    Moved to General IT Discussion.

    Completebald: Please try to select an appropriate (sub)forum when posting......

  7. #7
    Developer
    Join Date
    Mar 2007
    Posts
    6,124

    Default

    Quote Originally Posted by Completebald View Post
    thanks elazar,
    yeah it's not 'supposed' to be possible But I was wondering if any of those expert members here have ever managed to overcome this in their security testing.

    But I guess, you're right, it's nearly impossible to gain access remotely in this scenario.

    Thanks for your opinions.
    In my experience if remote registry is left on then changing the policy's is fairly easy after that.

  8. #8
    Junior Member
    Join Date
    Nov 2007
    Posts
    51

    Default

    No you cannot but! you can create a new account and add the administrator to the local account/group

    I have no Idea why you would tho, you may as well share your drives too lol

  9. #9
    Just burned his ISO
    Join Date
    May 2006
    Posts
    4

    Default

    Ok thanks to all for their contributions.

    purehate: true, it would be fairly easy, unfortunately remote registry is off by default

    My question was meant more from security point of view than Windows mastery, if you know what I mean. I wanted to know whether it is possible to logon remotely without physical access,.

    But the more I read about it, the more I realize that my question was rather naive
    There are ways, but much more complex ones that I originaly imagined.

    For this reason, I would ask moderators to close this thread. The question is poorly formulated and the discussion has therefore little potential.

  10. #10
    Developer balding_parrot's Avatar
    Join Date
    May 2007
    Posts
    3,399

    Default

    Quote Originally Posted by Completebald View Post
    Ok thanks to all for their contributions.

    purehate: true, it would be fairly easy, unfortunately remote registry is off by default

    My question was meant more from security point of view than Windows mastery, if you know what I mean. I wanted to know whether it is possible to logon remotely without physical access,.

    But the more I read about it, the more I realize that my question was rather naive
    There are ways, but much more complex ones that I originaly imagined.

    For this reason, I would ask moderators to close this thread. The question is poorly formulated and the discussion has therefore little potential.
    There is potential here for knowledge to be gained, given the right kinds of answers from the right people.

    So for that reason, amongst many others, it will stay open for now, at least.

Page 1 of 2 12 LastLast

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •