chimera15 Posted January 30, 2009 Share Posted January 30, 2009 Almost all my xp machines are set up on my network with null passwords, but have sharing enabled. Is there a way to log into a remote xp machine with a null password? Maybe if I dumped a trojan in a shared folder or something?(although I don't like this method cause it would compromise security of course) Currently I can't use remote desktop or anything, even with the client installed on the remote machine, it still wants the system password. I have been able to receive remote desktop help from gateway though with remote service, is there a special one that isn't based on vnc or something like that? Would a remote password changer work? Quote Link to comment Share on other sites More sharing options...
Sparda Posted January 30, 2009 Share Posted January 30, 2009 It was speculated that Windows XP without a password set was the most secure way to have XP set up becasue it flat doesn't allow remote access except for guest which has access to nothing. Quote Link to comment Share on other sites More sharing options...
SomethingToChatWith Posted January 30, 2009 Share Posted January 30, 2009 No access for users with blank passwords except for guest as described. Quote Link to comment Share on other sites More sharing options...
chimera15 Posted January 31, 2009 Author Share Posted January 31, 2009 No access for users with blank passwords except for guest as described. Yeah, I know that. That's the response I've gotten on every post I've ever seen or made, but how does it stop it then? At least what's the logic of it. Does it say, because there's no password, I'm not letting anyone in, or is it just that noon can give the right password, so it doesn't let anyone in? For instance, maybe there's a character set that you could input that would equal a null password. There has to be some vulnerability somewhere. The machines still have ports open, so they must be vulnerable through that at least? How did gateway remote control my system, was it through rdp or something? The machine is still susceptible through virus's and trojans, so how would that work, and which ones? My next idea was to try to make use of a remote password changer, to change the password from null to something, but never got around to actually doing it. Quote Link to comment Share on other sites More sharing options...
Sparda Posted January 31, 2009 Share Posted January 31, 2009 There has to be some vulnerability somewhere. The machines still have ports open, so they must be vulnerable through that at least? There probably is, but that is a different vulnerability to a password. With out a password set Windows doesn't allow remote access unless you start another services which is separate to windows (such as remote assistance). Quote Link to comment Share on other sites More sharing options...
chimera15 Posted January 31, 2009 Author Share Posted January 31, 2009 There probably is, but that is a different vulnerability to a password. With out a password set Windows doesn't allow remote access unless you start another services which is separate to windows (such as remote assistance). I see. So what I need really is like a worm that I could drop into the shared folder and it'd then install itself or something... Quote Link to comment Share on other sites More sharing options...
chimera15 Posted January 31, 2009 Author Share Posted January 31, 2009 I see. So what I need really is like a worm that I could drop into the shared folder and it'd then install itself or something... It'd be easier if I could find a software that already worked without having to use a password though wouldn't it? Then figure out how to remote install it without having to log into the machine... I mean I've tried everything I can find, I've even tried like prorat and stuff like that, and no go. sigh Quote Link to comment Share on other sites More sharing options...
digip Posted January 31, 2009 Share Posted January 31, 2009 You would probably have to make a rule in group policy to allow it, but by default, windows does not allow RDP (or Termincal Services) and Remote Assistance to allow anyone to connect without a password. If you were on the same lan, you could access shared folders with simple file sharing turned on, but you won't be able to logon using RDP unless a password is set for the account you want to login with. Third party RDP software might allow it, allthough I wouldn't want software that allowed such a thing. The alternative is Metasploit and a reverse shell to do whatever you want to the machine, and that only works if one of the flaw is not patched on the target machine. Quote Link to comment Share on other sites More sharing options...
chimera15 Posted January 31, 2009 Author Share Posted January 31, 2009 You would probably have to make a rule in group policy to allow it, but by default, windows does not allow RDP (or Termincal Services) and Remote Assistance to allow anyone to connect without a password. If you were on the same lan, you could access shared folders with simple file sharing turned on, but you won't be able to logon using RDP unless a password is set for the account you want to login with. Third party RDP software might allow it, allthough I wouldn't want software that allowed such a thing. The alternative is Metasploit and a reverse shell to do whatever you want to the machine, and that only works if one of the flaw is not patched on the target machine. Ah that's interesting. I haven't heard of a reverse shell before.. I'll research that. I had read about a bunch of metasploits that would allow it that were patched. Thanks a lot. Quote Link to comment Share on other sites More sharing options...
SomethingToChatWith Posted January 31, 2009 Share Posted January 31, 2009 Its probably one of MS's well kept secrets buried deep in the registry, but available for modification nevertheless if you know of it. For example, I prefer UAC password requirement even for the administrator, but Vista Home Premium doesnt have group policy in order to change the behavior like Business and Ultimate do, so upon registry diving I found the sub-values that determine the behaviors for both standard and adminstrator users. I bet I could even make the standard user run stuff without having to enter a password if I wanted to, but that would defeat the purpose of UAC and open the machine to attack even for non-administrative users. Quote Link to comment Share on other sites More sharing options...
chimera15 Posted February 1, 2009 Author Share Posted February 1, 2009 Its probably one of MS's well kept secrets buried deep in the registry, but available for modification nevertheless if you know of it. For example, I prefer UAC password requirement even for the administrator, but Vista Home Premium doesnt have group policy in order to change the behavior like Business and Ultimate do, so upon registry diving I found the sub-values that determine the behaviors for both standard and adminstrator users. I bet I could even make the standard user run stuff without having to enter a password if I wanted to, but that would defeat the purpose of UAC and open the machine to attack even for non-administrative users. Yes I read about a way to make the machine completely open, with no password, but I don't want to do that, because of the reason you said. I'm trying to go for a null password that will keep everyone else out but me. If you do it with a password, it's been shown it's way too easy to hack. Quote Link to comment Share on other sites More sharing options...
SomethingToChatWith Posted February 1, 2009 Share Posted February 1, 2009 Ok here's what I do... I setup all of my personal machines with the same userid/password and configure permissions on the shares/printers so that only those accounts and maybe the administrator groups only get access to it. Remove the everyone permission. Disable the guest account. Than as long as you have the same userid/password it won't prompt you over the network for the share you're connecting to. This way, you still have a password but never haft to worry about providing it manually. Quote Link to comment Share on other sites More sharing options...
chimera15 Posted February 7, 2009 Author Share Posted February 7, 2009 You would probably have to make a rule in group policy to allow it, but by default, windows does not allow RDP (or Termincal Services) and Remote Assistance to allow anyone to connect without a password. If you were on the same lan, you could access shared folders with simple file sharing turned on, but you won't be able to logon using RDP unless a password is set for the account you want to login with. Third party RDP software might allow it, allthough I wouldn't want software that allowed such a thing. The alternative is Metasploit and a reverse shell to do whatever you want to the machine, and that only works if one of the flaw is not patched on the target machine. After a week of intense study and experimentation I finally totally figured out what this post meant entirely. My problem was simple file sharing. There's no way into a machine with that turned on, even if you know the password, have the firewall down, and everything is there? What about even like remote registry editing? Is there an ipc$ exploit which you can still connect to that works with metasploit, that you can then get in and disable sfs? Alternatively, I've tried some stuff with metasploit framework, but nothing seemed to do the trick, is there one for an xp pro sp3 system that's commonly used that will let me drop sfs? I guess I have to do some more research. lol Quote Link to comment Share on other sites More sharing options...
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.