Dear [EMAIL PROTECTED],
Best regards,
Arjun mailto:[EMAIL PROTECTED]
°°°°°°°°°°°°°°°°°°°°°°°°°°°°°°°°°°°°°°°°°°°°°°°°°°°°
This is a forwarded message
From: Tarun Anand <[EMAIL PROTECTED]>
To: [EMAIL PROTECTED]
Date: Monday, March 3, 2003, 12:28:00 PM
Subject: FW: [ilugd]: can gnuLinux break into winXP password flaw?
===8<==============Original message text===============
FYI...
-----Original Message-----
From: Raj Chaudhuri
Sent: Friday, February 28, 2003 1:32 PM
To: Tarun Anand
Subject: RE: [ilugd]: can gnuLinux break into winXP password flaw?
Yup. Here we go:-
1) The boot floppy trick mentioned by Arjun below can be used to root
any Linux installation as well. It's easier in fact.
2) The Windows 2000 recovery console trick mentioned in the orginal
mail allows users to ONLY SEE a DIR list. Period. No registry access.
No SAM access. No copying using COPY or XCOPY even. No changing text
files to remove passwords and stuff. See Unix !
http://www.securityfocus.com/columnists/144
3) The Linux boot floppy does have utilities to change the SAM, add
accounts, etc. However, if the XP machine were a member of a domain,
and if the files on an XP disk were protected by EFS, then the happy
hacker would not be able to view them. This is true even if you
grabbed the hard disk.
-----Original Message-----
From: Arjun [mailto:[EMAIL PROTECTED]
Sent: Tuesday, February 25, 2003 3:20 PM
To: Tarun Anand
Subject: Fwd: [ilugd]: can gnuLinux break into winXP password flaw?
Dear Tarun,
For your info.
Knoppix can break in as well :) with full write access.
Knoppix is a Linux distribution which runs off a CD and doesn't
require installation.
Its a great recovery tool. Also works on NT and 2000.
Also read HT TECH 4U, page 20, 24 Feb 2003.
for a free (GPL) copy of Knoppix download from knopper.net or write to me.
There is also a WinNT Password Recovery CD. Try this string in
google.
Best regards,
Arjun
mailto:[EMAIL PROTECTED]
°°°°°°°°°°°°°°°°°°°°°°°°°°°°°°°°°°°°°°°°°°°°°°°°°°°°
This is a forwarded message
To: Indian Linux User's Group-Delhi <[EMAIL PROTECTED]>
Date: Thursday, February 20, 2003, 7:54:48 PM
Subject: [ilugd]: can gnuLinux break into winXP password flaw?
===8<==============Original message text===============
have been reading about a reported flaw in winxp password feature. basically,
according to reports, boot from a win2k cd, enter the recovery console, and
voila! the whole hard disk of winxp, including user accounts and user data is
naked and wide-open, like adam&eve without the gravity-defying fig leaves.
so the question: can a similar access be granted if i chose to boot up from a
knoppix or a gnulinux recovery disk, such as from redhat or other distros?
anybody tried this? this would be quite interesting. and i do need to know
this urgently. your responses welcome.
:-)
LL
================================================ To unsubscribe, send email to
[EMAIL PROTECTED] with unsubscribe in subject header. Check archives at
http://www.mail-archive.com/ilugd%40wpaa.org
===8<===========End of original message text===========
===8<===========End of original message text===========
================================================
To unsubscribe, send email to [EMAIL PROTECTED] with unsubscribe in subject header.
Check archives at http://www.mail-archive.com/ilugd%40wpaa.org
