There was (and still is) misconception regarding that screen. That screen is for authenticating on the network. I believe you could also just close the dialog. It’s not for authenticating a local user account. Failing to authenticate you just couldn’t access network shares.
We very much for sure used this trick (and others) to go around network authentication back in college days: we had individual network accounts and only the admin had a local account. Poor fella ended giving up cleaning our mIRC and Starcraft installs.
I recall being able to just cancel that dialog back in the day. There was a group policy to require network authentication added at some point, but I don't know when.
This one makes sense to me, if someone has access to the console during boot, there's not much sense in preventing them from logging in. At that point they could just pull the drive and mount it in a different computer and replace passwd and shadow.
If you want to prevent this you need full disk encryption
Just full disk encryption does not solve the problem fundamentally. Malicious user with physical access could just install keylogger into bootloader which would log the password on the next boot.
To protect from that threat you need secure boot which verifies checksums from BIOS to kernel.
Full disk encryption alone suffices against device theft, presuming the device is turned off. More complicated threat models like an evil-maid attack are much harder to defend against.
Secure boot, and temper-evident device seals, form the outline of a solution. As far as I know though, these are still far from foolproof. Really I would say defending from an evil maid attack is still an open problem.
Something very similar holds for theft of devices that are still on.
I didn't know that one back then but there was another one, where you could remove a file(or rename it) from C:/Windows(I don't remember which one it was, but 10 year old me definitely knew, but somehow I think it was C:/Windows/passwd) from DOS. Then you type in any password and it let you in and then you just swap the file with the old one once you are done. Sigh the number of times my classmates asked me to use it on our math teacher's computer in order to copy the tests...
That's not exactly the same, because it's essentially modifying the operating system files to bypass the security checks, whereas this article and the gif are basically loopholes in the OS that gives you access.
Well technically that is possible in any OS. You can mount the drive elsewhere or to a live cd, change root password. That is the recommended way to recover from lost root password (assuming FS is not encrypted - which was the case you were talking about)
Let us assume one can’t easily modify the filesystem or special boot options are not available
Don't forget hypercard, that let us run whatever we wanted on Macs.
On windows though, we discovered that if you use the save or open dialogs you can just browse wherever, right click, and run the exe.
It sounds like that was a bit before your time, security was even more laughable then. Oddly, the network was set up perfectly, at least according to the standards of the time.
You could bypass the screensaver lock this way. If the C: drive was shared over the network (and more often than not it was!) you could just rename c:\windows\scrnsave.exe and the process would crash.
Compared to today, when I see Win9x & WinXP I feel a strange bit of innocence and how simple it was back then, both for individual developers & industry as a whole. (kinda difficult to articulate what I want to say)
May be its not the Windows but 90s & early 2000s ... don't know.
Absolutely - I'd like to know why exactly MS decided to make the classic theme unaccessible.
On early Windows 10 versions, you were able to re-enable it by stopping the window manager from creating the modern theme resources, I'm not sure if that still works but it leads me to think that they did it for brand reasons. Classic theme is distinctly "old" and they probably wanted to get rid of that conception.
Also, you could drop into the Visual Basic editor from any office program: the File > Open dialog would happily launch any executable under Novell lol.
I'll be that guy and mention that Windows 9x had no local security and this was considered NOTABUG. You could also press F8 to drop to DOS and run something like win.exe /nonetwork.
Android FRP is also bypassed by various tricks like this. (usually involving starting Talkback, going into help, there clicking on YouTube video, clicking something to open browser...etc)
Heh! Memories! RM Networks ~1998/1999 when I was in School... You would login and then you got their interface popup saying you were over your space allowance and clear files or you can't login...
I did this exact same trick (passed network login though) to get out of it! Although, mine was to go to c:\windows, type . then right click explorer.exe and click open!
For me, it was boredom and cheapness. Once my trial copy of Win2k ran out and it confronted me with it, I tried hitting ctrl+alt+del. To my surprise, it worked. So from there I was just able to launch explorer.exe.
I was a kid then. Kids these days are finding these sorts of "exploits" in phones and whatnot all the time.
You have to understand the data at a structural level and how it flows through the application. Then you can identify entry points to access that data using non-traditional methods that the developers may not have considered when implementing security features.
