win2k screensaver securty hole?

Posted by: bosky101

win2k screensaver securty hole? - 04/24/04 08:41 PM

Can we edit the registry so that screensaver points to some other file,so that we can run that file whenever the screensaver runs in the pre-login stage ... but if we could edit the reg in the first place,we would 'nt want to do this ! so can we do it without the registry bit ?but most systems have an option taht except for the superuser all changes to reg are returned on booting ?!
Posted by: n0mel

Re: win2k screensaver securty hole? - 04/30/04 09:22 PM

good question. you're probably right about being able to modify the registry. I believe you have to be in the administrator group, so, like you said, you wouldn't need to do this in the first place. I guess the benefit would be that you could modify the screensaver to let you on whenever you wanted (after keystrokes were pressed, or something similar). that way, you might be able to log in without using your account. so, this still would be beneficial if you had access to an administrative account (shouldn't be hard) for a short time.

I'll help verify that it'll work in the first place.

One of the things we used to do to get passwords is make a fake login screen. you can figure out the rest
Posted by: Mak

Re: win2k screensaver securty hole? - 07/23/04 11:00 PM

I dont know if it stil works, but if you delete the selected screen saver, and then make a copy of Cmd.com, then rename the the copy to the same as the screen saver, then when windows time out and execute the file you get commnd prompt with full admin access...

it might still work ;o)