Thursday, July 7, 2022
  • Home

Vista Recovery Command Prompt

June 16th, 2007 by Patrick S

As good as the recovery console in is Windows-it really aint that secure at all. Did you know that the Command Prompt tool found in Vista’s System Recovery Options doesn’t require a User Name or Password? And that the Command Prompt provides Administrator level access to the hard drive? For multiple versions of Windows? All you need is a Vista Install DVD and you’re all set to go.

Just boot from the DVD and select the Repair option:

Then select the Command Prompt:

Here you have full access to this computer, not only as an administrator but also as a system account user. After this you can insert usb-memory and copy any non-encrypted file from this computer to usb-memory and steal information without leaving any marks to the system or event viewer logs.
Also, you could for example copy SAM-file (contains names and passwords of local users) from c:\windows\system32\config to usb-memory and start cracking computer’s user password at  remote computer.

A cracker can:
1. … copy files from hard disk to USB, floppy or network server
2. … create / modify / delete files and folders
3. … use most of the MS-DOS like commands
4. … use this method in Vista, XP, 200x

To protect you computer or workstation, try to:

setup bios boot order so that booting from other media than hard disk is not possible

  • setup startup password from your bios (mainly in home computers)

  • use hard disk encryption software, if possible (such as bit locker)

  • encrypt files and folders using EFS, if mechanisms above are not possible

  • This kind of reminds you of a Windows XP Home feature. The Administrator account password for XP Home is blank by default and is hidden in Normal Mode. But if you select F8 during boot for Safe Mode, you can access the Administrator account and have complete access to the computer.

    For more proof of the concept check out find more details from Mr. Kimmo Rousku and F-Secure

    Posted in MS News, Products, Security, Windows Vista, Windows XP | 5 Comments »

    This entry was posted on Saturday, June 16th, 2007 at 4:16 am and is filed under MS News, Products, Security, Windows Vista, Windows XP. You can follow any responses to this entry through the RSS 2.0 feed. Both comments and pings are currently closed.

    5 Responses

    1. Vista Recovery Command Prompt : ¡es un agujero de seguridad! : Says:

      […] comunidad MSBLOG (que se dedica a ayudar a mejorar los sistemas operativos de Windows) están preocupados por un […]

    2. New Media & IT » Cracking Windows using a bootable Vista DVD Says:

      […] MSBlog has an interesting post about how much you can do with a Vista bootable DVD. […]

    3. Windwos Vista: Recovery Command Prompt » D’ Technology Weblog: Technology News & Reviews Says:

      […] Source:→ MSBlog […]

    4. t001z Says:

      Reminds me of the good ole days, you remember the ones, before Security was the top priority at Microsoft!! Well good thing there is nothing important on the local machines, right??


    5. MEMEyou Says:

      duh? simply keep your doors locked. by default, physical security is assumed to be taken care of. if someone can boot the cd – they can also circumvent the bios password easily.

      if you are paranoid – use encryption – but this hits on performance.