Not long ago, a news appeared on the network, saying that foreign Windows experts found that using the Win 2000 installation CD to boot the computer can not enter the Windows XP administrator password into the Windows XP Recovery Console mode. Is this true? I did some testing.
Teach you to enter Windows XP without a password: The Wndows XP version I use is Windows XP Proessional, and the Windows 2000 version is Windows Proessional Simplified Chinese version with SP3 integration. I first installed Windows XP Proessional on the C drive (FAT322 file system), and set the Administraor account password when installing. In order to confirm that the Administrator password has been set successfully, I switched to the classic Windows login mode, and then log in using the Adndnistrato account. It can be seen that the password is already required when logging in, and the password setting of the Administrator account is no problem.
The author restarted the computer, booted using the Windows 2000 Poessional installation CD, and selected Windows 2000 in the Wndows2000 installation selection interface (press R); then select to use the faulty console to repair (press C), the system will scan now Some versions of Window2000/XP. Since the author has only one operating system, only one login option is listed (l:C:\\Windows). Press l from the keyboard, then press Enter. At this time, as it is reported abroad, Window XP does not require the administrator password to be entered, but directly logs into the Recovery Console mode (if you are using the Windows XP installation CD) Startup, it is required to enter the administrator password. The administrator here refers to the system's built-in Administraor account). Friends familiar with Windows know that the Recovery Console can perform any xp system download level operations, such as copying, moving, deleting files, starting, stopping services, and even destructive operations such as formatting and repartitioning.
It should be noted that for various reasons, some Windows 2000 installation CDs on the market cannot display the faulty console login option, so this vulnerability cannot be exploited. At the same time, due to the limitations of the faulty console mode itself, this vulnerability cannot be exploited from the network. In other words, this vulnerability is limited to a single machine, so the harm is not very large.
Note: Because I still have a Windows 98, I can't convert the C drive to the NTFS file system. So the test based on the NTFS file system was tested in the VMware virtual machine.
Next, the author installed the SPI patch for Windows XP, and then used the WindowS 2000 installation CD to boot, repeat the above operation, and found the same result, there is still no password input request, because the previous use of the FAT32 file xp system download. The author guessed whether this was caused by the FAT3Z file system. Then use the Convert command in Wndows XP to convert the FAT3Z file system to NTFS file xp system, then use the Windows 2000 installation CD to boot again, repeat the above operation, and find the same result, there is still no password input request. It seems that this vulnerability is really there.
I also used the official version of Wndows 2000 Server integrated with SP3 to start the CD. I found that the vulnerability still exists. It seems that the Chinese version has this problem. The English version also has this problem.