Windows Password Loophole

Author: @k$h@y // Category:
Windows Password Loophole

a. ok now, what you need to do is to run compmgmt.msc 

b. and click on local users and groups.

c. once you've gotten here you need to open up the 'users' folder.


at this point i am walking along with you and notice that there are several 
major security holes dealing specifically with the password:
1. double clicking on the any user name allows you a list that looks 
something like this:
"user name"

full name: -----------------------
|__________________|

description: -----------------------
|__________________|
--
|_| user must change password at next logon

--
|_| user cannot change password

--
|/| password never expires

--
|_| account is disabled

--
|_| account is locked out


"ok" "cancel" "apply"

ok if you can get past my cheesy drawing, i must ask, did you notice that 
the "password never expires" box is checked? if you did, then you may have 
realized that this means that you can also uncheck it!

2. if ure paying attention, you'll see that the 'user must change password 
at next logon' box is unchecked. if you put a check in this box of course, 
when you shut down the system will prompt for a new password!

3. going back to step c.,
right click on any account and notice the dialoge that appears:
set password...
all tasks
delete
rename
properties
help

i think you can handle it from here

ps. i wonder if you can access this data if this stuff is locked to the user 
by the admin by going in through the command prompt. i doubt it but if anyone 
finds a way let me know.


BY

ABEL THE LEGEND

0 Responses to "Windows Password Loophole"

Post a Comment