Windows XP Home Edition Administrator Account Exploit 

Introduction:

Many users have chosen Windows XP Professional over the Home version, but, for the average user, there are not many reasons to choose Professional and Home has become a widely used operating system.

In this case, physical access equals root access by using the vulnerable administrator account to reset passwords, create users and more.

Scenario:

You have physical access to a working Windows Home box. The system boots to the "Welcome Screen" but you do not have an account or do not know or cannot remember the password for an existing account.

Procedure:
 

Step 1.          Reboot the computer. Click Start – Turn Off – Restart. If you are unable to turn off the computer via software, hold down the power button or yank the power cord.

Step 2.          Boot to Safe Mode.  F5 or F8 while booting should do the trick. Choose Safe Mode if prompted

Step 3.          Login. When the Welcome page appears, select administrator. What is the password you ask…..well…..in safe mode, the administrator password is blank.

Step 4.          Complete your agenda: reset your password, create a new admin user, format the box and install Debian….whatever you want, the future is yours.

Informational:

The administrator account does not show up at the welcome screen using the default Windows settings; therefore, most users are not even aware that it exists and a password is usually not set. Even if a password is set, I am under the impression (please correct me if I am wrong) that a separate password needs to be set in Safe Mode. This exploit has worked on every Windows XP Home Edition computer that I have tried it on.