Marcus Murray’s ‘Secret Windows Password’ Explained… It’s not.
Tuesday, June 17, 2008 12:13During TechEd 2008 Marcus Murray (http://truesecurity.se/blogs/murray/default.aspx) asked the audiance if they were aware of a ‘secret backdoor password’ in Windows. Although half of the audiance acknowledged this, the ‘demo’ following the statement had nothing to do with a ‘backdoor password’ in Windows (Vista or XP).
What he showed was that, if you (1) can gain physical access to a Vista or XP machine, and (2) get it to boot from something else then the harddrive and (3) you are not using drive encryption software like BitLocker, you can easily get access to the machine. Duh…
If you are not using drive encryption, and you can get the machine to boot from a CD/DVD or USB Stick you can easily replace the file called ‘utilman.exe’ in the Windows\System32 directory with something else; for example ‘cmd.exe’.
If you do this, for example by booting a Linux distribution that knows how to mount an NTFS drive and can write to it, you can now access the machine at the Vista/XP login prompt by starting Utilman from the login prompt. (Press CTRL-U). In stead of opening the accessibility options for logging on, you now get a command box that runs with the local system privileges. Therefore you can now easily change local user passwords by using simple NET USER commands.
Nothing to it… Secure your machine. Use drive encryption. This is not a security problem in Windows.
2 Responses to “Marcus Murray’s ‘Secret Windows Password’ Explained… It’s not.”
Leave a Reply
You must be logged in to post a comment.
Sandeep Kinjalkar says:
August 1st, 2008 at 3:35 PM
I changed the Administrator password in Win Xp.The procedure is available on the Internet.Use the NUSRMGR.CPL command at the command prompt.
tino says:
August 26th, 2008 at 11:32 PM
You can also change the administrators password simply by using the command;
[code]net user administrator password[/code]