Comments on: Sidestepping Windows Login Credentials

By: Hans Kokx

Hans Kokx — Tue, 06 Sep 2011 23:56:41 +0000

Yes, Steve, but you need to keep in mind: this post isn’t about a third party utility to edit/change/remove your password, this is about the inherent security flaw of the Windows login process. I challenge you to find a single user who a) knows how to encrypt their drive and b) has encrypted their drive that isn’t an industry professional.

This is not the most effective way of getting into a box, and it isn’t supposed to be a howto for hacking a computer, but rather a call to arms for Microsoft to fix some of the glaring security holes that has made their OS such a tragic example of how not to be a secure OS over the past 25 years.

By: Steve Bostedor

Steve Bostedor — Mon, 05 Sep 2011 16:38:11 +0000

A much easier way to get access to a Windows box that you have access to physically. http://www.pogostick.net/~pnh/ntpasswd/

Any operating system can be rooted pretty easily as long as you have physical access to the unencrypted drive.

If you encrypt your hard drive with EFS, your hack won’t work.

By: Mike

Mike — Tue, 05 Oct 2010 02:53:37 +0000

Another interesting trick is to edit the registry and change the login screensaver to explorer.exe.

By: Hans Kokx

Hans Kokx — Thu, 15 Jul 2010 18:18:41 +0000

True. Keep in mind, if you can touch it: you can own it. Nothing is immune from being cracked, however this is a silly mistake for Microsoft to make.

By: Pritpaul

Pritpaul — Thu, 15 Jul 2010 17:55:25 +0000

How is this different from mounting a Linux partition and changing the root password in /etc/passwd to a password of your choice? You can pretty easily root any system you have physical access to unless the drive is encrypted (and even then you could wipe and install a new OS).