Security Basics mailing list archives
using Administrator-Account with empty password
From: Scan_it <Scan_it () gmx net>
Date: Sun, 01 Jun 2008 19:31:56 +0200
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 hi guys, I got the following iussue here. I have two Computers, both Win xp pro SP2 (no passwords for Administrator's account set). I assume that no one has local access to the computer. so the only way to get to the data(shares, ipc$) is by remote (home network, internet) When I try to establish a connection via ipc$ or a connection to a network share , using the Administrator account (e.g. with Sysinternals tools), Windows declines the connection. If i set the same password on both computers, i can establish a connection, use administrative priviliges, network shares etc. So my question is why should I even bother to set up a strong password for my Admin Account (which can be broken by BruteForce or Wordlist), when Windows denies any connection with an empty password. Wouldnt it be a lot more secure to configure a system without a Password? Or is there any way to trick Windows into accepting a connection with an empty password or to run a programm from the command line without a password? Your input is pretty much appreciated. Greets Scan_it -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.7 (MingW32) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org iD8DBQFIQt0MVrIRd1HzN0oRAkAdAJ9+KjowdW6A/xk+ILVMflilsNhS2gCgo7zt tdfFFO5a9Y2TdwoEqz7yMs4= =8u+X -----END PGP SIGNATURE-----
Current thread:
- using Administrator-Account with empty password Scan_it (Jun 02)
- Re: using Administrator-Account with empty password Ansgar -59cobalt- Wiechers (Jun 02)
- RE: using Administrator-Account with empty password Craig Wright (Jun 03)
- Re: using Administrator-Account with empty password dupes Mothepu (Jun 03)
- Re: using Administrator-Account with empty password Scan_it (Jun 03)