Skip to main content


Showing posts from May, 2009

Make Windows more secure, use a blank password

Today I was attacking and pillaging a test windows machine from a linux box. Many windows machines are setup with a blank administrator password since people just hit the enter key when they are prompted for a password. I was testing to see what happens on these machines with this configuration. I also created another account with a blank password.

Using either of these accounts I was able to connect to manually created shares, but not to the admin shares (c$, d$, admin$). Beginning with Windows XP Home edition and later non-server editions of Windows, Windows implements the "ForceGuest" feature when the local Administrator account has a blank password. When a remote user authenticates to Windows XP (and later) as Administrator with a blank password (e.g. by mapping to one of the administrative shares), Windows will assign to their session a Guest access token, not an Administrator access token thereby preventing access to the entire C drive (a good thing).

These home users wh…