# Windows XP: the security holes



## Abhishek Dwivedi (Nov 8, 2007)

Microsoft Windows XP has been the most successful of the Windows Range of Operating Systems by Microsoft.
When I got my very first Computer assemble I had no knowledge about operating system, so the computer shopee guy installed Windows XP sp-2 on to my machine.
Since then this little piece of clicks and tricks has fascinated me a lot.

When I got internet connection on my system 3 years back, XP turned out to be a nightmare. I always had an updated AVG but still due  to all my downloads I had enough virus’s  which forced me to Reinstall the whole OS once in 2 weeks and that was when I started looking on the security features Provided by Windows XP.


Moving inside the box:


There are 2 security holes I found in Windows XP sp-2:

1)      REPARING: When repairing the Windows XP, if we press Ctrl+F10 then the DOS prompt is popped up and you have the access (not administrator privilege) to the box.
2)      RECOVERY CONSOLE: I’ve used a lot of third party software to protect my system but the best way I found was to physically block access to my PC…lol…


I started googling around for getting administrator access to XP box without a third party program but it turned out to be either very time consuming or not working for sp-2 and so I started looking for the answer on my own, when I ended up with a Windows 2000 bootable cd from a friend.


The game:


Most of you might have used the recovery console of Windows XP which asks the Administrators Password before letting you use itself, but what if we boot a XP sp-2 machine with Windows 2000 cd and start the recovery console present in it???

         VOLA!!!! THE PASSWORD IS NOT REQUIRED
This is the most irritating fact the the machine with with XP’s latest service pack can easily be fooled.


The Steps:

a)      Restart the system and pop in Windows 2000 bootable CD. (Check if the CD\DVD drive is set to primary boot over HDD in the bios system)
b)      On the blue screen press R or F10 (f 9 worked fine on my lappy…) and the Press C to enter the recovery console.
c)      Select the XP parathion from the menu and that’s it!


The access and stuff possible:


a)      File and Folder: The XP recovery console does not allows even the Administrator to access all the drives but when using Windows 2000 recovery console the access is made easy and to all the drives.
b)      Copy-ing: The XP recovery console does not allows coping of files and folders to a removal media (only floppy at this instance) but by editing the registry it is possible but when using Windows 2000 recovery console, coping files and folders is not a big task, its simple and no “Access Denied” error is given. This feature also allows you to make new file and folder and change its attribute also.
c)      The Net User: The XP recovery console does not provides the “net user username password” command but when using Windows 2000 recovery console this command worked successful for me on a friends FAT-32 XP partition

Conclusion:

I tested this security hole (recovery console) on my brothers HP Laptop provide by the reliance company for his office work which has a lot of security features but in that case also I could get access to 60% of the resource and even had the power to format a parathion.
The method i described above is using Windows 2000 recovery console but using any Linux Distro will also allow you to have access to a lot of Resources. I would recommend Geexbox Distro for the same purpose.
After this finding of mine I strongly conclude that Windows XP is not a very secure operating system.


----------



## Gigacore (Nov 8, 2007)

Nice tut! Keeeeeeeeeeeep Going >>>>>>>>>


----------



## Abhishek Dwivedi (Nov 8, 2007)

thx giga...


----------



## infra_red_dude (Nov 8, 2007)

This is a serious issue! Abhishek, IMO you should remove the procedure to gain access and only post about the security hole.


----------



## Garbage (Nov 8, 2007)

infra_red_dude said:
			
		

> This is a serious issue! Abhishek, IMO you should remove the procedure to gain access and only post about the security hole.


WHY ??? Afterall it's a loophole in Operating System. M$ should be knowing that.

Open Source community also improved itself this way.. by discussing loopholes and coming with solutions. M$ should also get his chance !! 

BTW, Very gr8 find Abhishek !!
Keep it up !!!


----------



## infra_red_dude (Nov 8, 2007)

I'm asking the author to keep the info about the loophole but remove the procedure of breaking into the system. Thats it


----------



## Abhishek Dwivedi (Nov 8, 2007)

thx guys....and INFRA_RED_DUDE...i think shirish_nagar is right...

@shirish_nagar: hey ur a mem at igniteds too...chears bro...me too...strange_abhi der...


----------



## Garbage (Nov 8, 2007)

Abhishek Dwivedi said:
			
		

> thx guys....and INFRA_RED_DUDE...i think shirish_nagar is right...
> 
> @shirish_nagar: hey ur a mem at igniteds too...chears bro...me too...strange_abhi der...


 yeh... I'm a die hard fan of IG. In fact Mr. Anup Girdhar and Vineet Kumar (Founders of National Anti-Hacking Group) are my friends !!

@ Aniruddha, 
Can u please tell me why u want NOT to disclose the procedure ??


----------



## Abhishek Dwivedi (Nov 8, 2007)

shirish_nagar said:
			
		

> yeh... I'm a die hard fan of IG. In fact Mr. Anup Girdhar and Vineet Kumar (Founders of National Anti-Hacking Group) are my friends !!
> 
> @ Aniruddha,
> Can u please tell me why u want NOT to disclose the procedure ??




cool man...


----------



## NucleusKore (Nov 8, 2007)

You can report it to Microsoft, only thing is they might ask if you have licenses for your XP and Windows 2000
As for Linux, I think any should do. From my linux partitions I can access system32\config too. Ophcrack uses slax to access windows partitions.


----------



## choudang (Nov 8, 2007)

XP is not secure in FAT-32 file system. Even admin password can be changed thru recovery [shift+F10].

Time ago, i was successful in installing staffs in Win2000 without having a power user or adminstrator rights. Do not use the system folder for installation, use diff drive and it will get installed. 

The bottom line is that Microsoft is having lots of security holes, even they are using Genuine Validation method, which can be over passed (already done in IE7 and WMP 11 with an small java script)


----------



## Abhishek Dwivedi (Nov 8, 2007)

@Nucleuskore: a frnd informed me dat MC already knows dis sumhow...so its useless reporting.

@warrior: XP isn't safe in NTFS, i cud change ma pass thru dis trick in NTFS patation...


----------



## infra_red_dude (Nov 9, 2007)

@shirish
For safety reasons of corz! Until Abhishek posted, I didn't know that it could be done. Now anybody can read this post and try to hack into precious data (i'm talking about office environment, a lot of people visit this forum which includes huge no. of unregistered users all over the world).


----------



## Abhishek Dwivedi (Nov 9, 2007)

@INFRA_RED_DUDE: yar i've not given ne kinda step by step tut...i've just xplained it up and dats it...if da mods think its harmfull..den dey can remove it...


----------



## praka123 (Nov 9, 2007)

It is the responsibility of windows users to "protect" their machines "physically",even in office circles.I dont think @abhishek's writing harms.he shared his knowledge.that it.btw,congos for the article


----------



## Abhishek Dwivedi (Nov 9, 2007)

thx prakash.....and ur right....physical security is da best at da moment...


----------



## tech24 (Jun 18, 2008)

well their site is back now... they were down for a long and i just came across with their site yesterday night...  when i saw their new interface then i thought some other one might have started that awesome community again but when i went through the member names, then i saw that they were the same admins, members etc etc.... actually one of my frnd told me abt their return back news so i just googled them and got them again 

edited the post again... just forgot to add their name... i was talking about igniteds community...  i think u people will be very happy to hear about this news after a long time hehehee


----------



## topgear (Jun 20, 2008)

Good one.....Page Saved


----------



## Garbage (Jun 20, 2008)

tech24 said:


> well their site is back now... they were down for a long and i just came across with their site yesterday night...  when i saw their new interface then i thought some other one might have started that awesome community again but when i went through the member names, then i saw that they were the same admins, members etc etc.... actually one of my frnd told me abt their return back news so i just googled them and got them again
> 
> edited the post again... just forgot to add their name... i was talking about igniteds community...  i think u people will be very happy to hear about this news after a long time hehehee


Hey, thanks bro for the news... Let me check the site !!


----------

