Government Security
Network Security Resources

Jump to content

Photo

Administrator With Null Password


  • Please log in to reply
4 replies to this topic

#1 Player

Player

    Private First Class

  • Members
  • 65 posts

Posted 30 April 2005 - 05:59 AM

Can someone explain the lack of security on a xp box that doesn't have a password set for the Administrator account? When trying to access c$ for example, a password is still requested. Thank you

#2 whi7er

whi7er

    Private First Class

  • Members
  • 89 posts

Posted 30 April 2005 - 06:07 AM

if i understand your question... if a password is still being asked for then do one of these:

1. press enter (to keep a blank password)

2. change your syantax (net use x: \\<IP>\<SHARE> "<PASSWORD>" /user:<USERNAME>

and for the second one if the password is blank just do "" for the password

example:

net use x: \\127.0.0.1\C$ "" /user:Administrator

where "" = blank/no password

example 2

net use x: \\127.0.0.1\C$ "easypassword" /user:Administrator

where easypassword is the password.

hope that helps.

#3 Terminal

Terminal

    Sergeant First Class

  • Sergeant Major
  • 536 posts

Posted 30 April 2005 - 06:45 AM

By default, Windows XP Professional systems that are not connected to a domain use a network access model called "Simple File Sharing," where all attempts to log on to the computer from across the network will be forced to use the Guest account. This means that network access through Server Message Block (SMB, used for file and print access), as well as Remote Procedure Call (RPC, used by most remote management tools and remote registry access) will only be available to the Guest account.


So if ur admin account has empty passwords still no one can access it remotely until "Simple file sharing" is enabled .





But if a 2k box has empty password then everything can be accessed remotely using psexec or some tools like that ...

#4 White Scorpion

White Scorpion

    Sergeant First Class

  • Sergeant Major
  • 674 posts

Posted 30 April 2005 - 09:50 AM

There's even a nicer option in XP as well:

by default network access is denied to accounts which don't have a password... you can change this option in the group policy but that probably won't help you since you have to be able to access it .....
The path of access leads to the server of wisdom..

The Syringe - My Latest Project.
Errors, Vulnerabilities & Exploits explained.
----
www.white-scorpion.nl
www.info-sec.eu
www.info-sec.info

#5 Player

Player

    Private First Class

  • Members
  • 65 posts

Posted 30 April 2005 - 06:42 PM

Thanks for the replies. That's the impression that I was under, that file sharing had to be enabled. I've always read having a null password for Administrator is not a good idea, which makes sense. So many users on the network here where I live that I admin are in this case; so I was concerned.




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users