Mysteriously replaced Windows XP user password-vulnerability warning-the black bar safety net

ID MYHACK58:62200613326
Type myhack58
Reporter 佚名
Modified 2006-12-18T00:00:00


Windows XP startup script(startup scripts)is a computer in the login screen to appear before running the batch file, which functions similar to the Windows 9×and DOS automatically executed batch file, the autoexec. bat. Using this feature, you can write a batch file to re-set the user password, and mysteriously replaced Windows XP user password it is added to the startup script, so that you reach the purposes.

The following is a specific step, assuming the system directory is C:\Windows.

  1. Using a Windows98 startup disk to start the computer. Writing a recovery password batch file a. bat, the content just need a“net user”command:“Net user rwd 1 2 3 4 5 6 7 8”in.

This command means is the user rwd set the password to“1 2 3 4 5 6 7 8”about the Net command usage, refer to Windows Help. Then the file will be a. bat Save to“C:\windows\system32\GroupPolicy\Machine\Scripts\Startup”.

  1. Write a startup/shutdown script configuration file scripts. ini, this file name is fixed and cannot be changed. The content is as follows:

[Startup]0CmdLine=a. bat0Parameters=

  1. The file scripts. ini Save to“C:\winnt\system32\GroupPolicy\Machine\Scripts”. scripts. ini holds the computer startup/shutdown script to set the data content of the document usually contains two data segments: the[Startup]and[Shutdown] on. [Startup]the data segment the following is a startup script configuration[Shutdown]data segment is the shutdown script configuration.

Each script entry is divided into script name and script parameters of the two parts of the storage, the script name is saved in the XCmdLine keyword, the parameters are stored in the XParameters keyword, where X represents from 0 to start the script number to distinguish between multiple script entries and mark each of the script entries of the operation order.

  1. Remove the Windows 9 8 boot disk, restart the computer, wait for startup scripts to run. Startup scripts run after the end user rwd the password is restored to“1 2 3 4 5 6 7 8”in.

  2. After a successful login delete the above steps to create the two files.

Description: The PC is using the FAT32 file system, if you use the NTFS file system, can this block the hard disk from the disk mode attached to the other can recognize NTFS file system, such as Windows 2 0 0 0 or Windows XP computer for the above operations. The present method can recover the administrator Administrator's password. On the Windows2000 system in the local computer of the user and the domain user password recovery equally effective.