Tuesday, November 3, 2009

Microsoft Windows user authentication, is it a Joke ?

Share Orkut

A Microsoft Windows computer cannot be called 'secure' in the least bit, at least as far as the user authentication is concerned. I'll tell you how this is true.

  • Boot your computer with any live CD / DVD that supports mounting a NTFS drive (preferably live CDs of any Linux) .
  • Proceed with mounting the Windows root drive from your live CD session and navigate to the "%WINDIR%\System32" folder.
  • Here, create a backup copy of 'utilman.exe' by renaming it as 'utilman.exe.bak' and rename 'cmd.exe' to 'Utilman.exe'.
  • Now restart the computer and boot the Windows OS, when you are at the login screen you have to invoke the Utility manager by pressing 'Ctrl+U'; but instead of the utility manager in this case you are presented with a 'no holds barred' command prompt, with SYSTEM privileges.

And that is how your lil bro can pwn Windows.
Surely a brand of operating systems thats almost getting its seventh version out must do something about this scenario, considering that it is a major player in the business.

EDIT: LOL ... even windows 7 is not secure against this; and this works even if 'cmd.exe' replaces other applications like the onscreen-keyboard(osk.exe), which are accessible from the login screen; you just have to follow the procedure to start whatever 'exe' you replaced with 'cmd.exe', to be able to access the prompt.

I'm trying to come with a workaround to this problem, been tinkering with the registry. I'll post the solution as soon as possible.


Post a Comment

Write your comment here