Security Basics mailing list archives
RE: locked out of XP, need file access
From: Joey Peloquin <jpelo1 () jcpenney com>
Date: Mon, 29 Dec 2003 12:32:48 -0600
Grimshaw, [snip] ->To preface, I apologize if I am wrong. I also expect to be ->bashed for ->being harsh, but sometimes reality stings. On the contrary, I'm surprised someone, including myself, hasn't brought this up before. Or recently, at least, if it has been brought up before. ->A question that I have, is that if the box is his, and those ->files are his ->(and are important), how did he suddenly just "forget" the ->admin password? -> What has he been using to log in on a daily basis? Why isn't the ->password for this box the same as the other local admin ->passwords on the ->network? Why is he administrating an XP box and then throwing up ->comparisons to Windows 98 PWL files? Why not connect to the ->network and ->log on with domain administrator rights? If he does not have ->the access, ->why not call their helpdesk and have one of the ->administrators do this? ALL very valid questions. Naturally, it is very possible he _did_ forget his password ... We've all done it. However, it's also entirely possible the scenario Grimshaw laid out below is right-on. What I'd like to know is why someone is using the Admin account on a WinXP box (or ANY multi-user box, for that matter) as if it was a regular user? Do you realize the power you're giving away when an exploit yields privileges *of the logged-on user*? By the way, I would caution against setting every local admin password the same, network-wide. It could be the difference between cleaning up one "owned" server, as opposed to dealing with a data center *full* of "owned" boxes. ->While I agree that sharing of wisdom is vital to the growth of this ->mailing list, the temperance of such wisdom should be considered. I ->shared this email with my co-workers, and we all thought a ->laptop fell out ->of the back of a truck into the requestor's lap. -> ->Perhaps it is because I do not trust email's originating from ->a hotmail ->address asking for a hack. Anyone can get a hotmail address ->with any ->information provided. This is precisely why I typically don't answer these types of questions. [snip] Thanks for saying what I'm sure a lot of us were thinking. Joey Peloquin
The information transmitted is intended only for the person or entity to which it is addressed and may contain confidential and/or privileged material. If the reader of this message is not the intended recipient, you are hereby notified that your access is unauthorized, and any review, dissemination, distribution or copying of this message including any attachments is strictly prohibited. If you are not the intended recipient, please contact the sender and delete the material from any computer.
--------------------------------------------------------------------------- ----------------------------------------------------------------------------
Current thread:
- locked out of XP, need file access J. Yoon (Dec 24)
- Re: locked out of XP, need file access opticfiber (Dec 29)
- Re: locked out of XP, need file access Rade Bonifacic (Dec 29)
- Re: locked out of XP, need file access Brian Dunbar (Dec 29)
- Re: locked out of XP, need file access Gawshan R. Bhimjee (Dec 29)
- Re: locked out of XP, need file access Tate (Dec 29)
- Re: locked out of XP, need file access security (Dec 29)
- RE: locked out of XP, need file access David (Dec 30)
- Re: locked out of XP, need file access Vladimir B. Kropotov (Dec 29)
- Re: locked out of XP, need file access JGrimshaw (Dec 29)
- RE: locked out of XP, need file access Joey Peloquin (Dec 29)
- Re: locked out of XP, need file access Adam Hawliczek (Dec 31)
- Re: locked out of XP, need file access Brian Dunbar (Dec 29)
- Re: locked out of XP, need file access Maxime d'Esterno (Dec 30)
- Re: locked out of XP, need file access JGrimshaw (Dec 29)