Re: Article: Windows XP Wide Open Using Windows 2000 CD-ROM
From: Petter Nordahl-Hagen (pnordahl@EUNET.NO)
Date: 02/20/03
- Previous message: Knouse, Jim: "Re: Article: Windows XP Wide Open Using Windows 2000 CD-ROM"
- In reply to: Donovan Bernauer: "Article: Windows XP Wide Open Using Windows 2000 CD-ROM"
- Next in thread: Thomas Kristensen: "Re: Article: Windows XP Wide Open Using Windows 2000 CD-ROM"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Date: Thu, 20 Feb 2003 15:19:38 +0000 From: Petter Nordahl-Hagen <pnordahl@EUNET.NO> To: NTBUGTRAQ@LISTSERV.NTBUGTRAQ.COM
On Wed, 19 Feb 2003, Donovan Bernauer wrote:
> There's a vulnerability in Windows XP that allows anyone who can modify
> the BIOS to boot from the CD (or to the NIC for RIS/BOOTP systems) and use
> the Windows 2000 cd-rom version of the recovery console to freely access
> the files on an XP box, regardless of most of the configured system
> security.
The reason win2k recovery console just allows access when tried on a XP
system is that there are differences in the registry file format.
XP has a more true hashing of the key indices in the registry than 2k has
(NT4 and 2k use simply the first four characters of the name as the index
"hash") I discovered this when working on support for XP registry write on
my regedit library for linux.
Recovery Console, by design, will let you in with full access if it
can't read the registry and the SAM to get at the admin password.
So recovery console 2k on XP system thinks the registry is corrupt, and
continues to let people recover their system.
I personally think a recovery tool should do just that, "hey, something is
wrong here, oh well, let the user fix it instead of assuming something"
Also, try to load a XP registry hive into regedt32 in 2k, it won't work,
at least not in the original 2k release.
-- Petter Nordahl-Hagen, pnordahl@eunet.no oooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooo Delivery co-sponsored by TruSecure Corporation oooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooo TICSA - Anniversary Special - Limited Time Become TICSA certified for just $221.25 US when you register before 3/31/03 with PROMO "TS0103" at www.2test.com. NO membership fees, certification good for 2 years. Price for international delivery just $296.25 US, with this offer. Offer cannot be combined with any other special and expires 3/31/03. Visit www.trusecure.com/ticsa for full details. oooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooo
- Next message: Thomas Kristensen: "Re: Article: Windows XP Wide Open Using Windows 2000 CD-ROM"
- Previous message: Knouse, Jim: "Re: Article: Windows XP Wide Open Using Windows 2000 CD-ROM"
- In reply to: Donovan Bernauer: "Article: Windows XP Wide Open Using Windows 2000 CD-ROM"
- Next in thread: Thomas Kristensen: "Re: Article: Windows XP Wide Open Using Windows 2000 CD-ROM"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Relevant Pages
|
