This image is hosted on an Environmentally Friendly™ host.
Right, So I actually did something similar. On some version of windows I noticed that ctrl-backspace was adding another character to the password, instead of deleting it. So I included it in my password. Then I updated to a new version of windows and got locked out since they updated the password backend to where it would actually delete the password instead of a adding the character, so I had no way of typing out my password. Ended up just nuking the computer.
Could have just researched what character was being inserted by the ctrl backspace and then used the keyboard to insert the character from its ascii or unicode code to login and then changed your password before nuking your computer
But with what computer?!
Your phone maybe?
Oh, you’re young
Oh yeah I forgot that your problem was on an old version of windows.
Your what? Like those things with the dial that are attached to the wall? How are you meant to do it with that?
Easy. You whistle in binary and say modem noises. The operator will patch you through to the internet.
I’m in.
I genuinely can’t tell if you and the person you responded to are doing a bit and committing to it, or are genuinely referring to:
Making weird modem noises to hack phones will always be the funniest 90’s hacker thing I’ve ever heard.
Ohhhh so like Terminator 3
I’m sure this version of windows was before phones had screens attached, and likely before the internet was ubiquitous. They likely had one computer and would have had to go somewhere else to look it up if that was even an option.
And a time when if you had a phone capable of the internet it would probably cost 5€ per minute.
It looks like it was the ASCII char 127 (delete char). https://superuser.com/questions/33142/ctrlbackspace-inserts-a-small-box-instead-of-erasing
Yup, I tried doing the keystrokes I found online that promised to put the ASCII character in, but it wasn’t working for me and gave up eventually.
Or just cleared the SAM password altogether. Windows is trivially easy to break into if you have physical access and the volume isn’t encrypted.
My go-to solution is to simply replace some kind of accessibility feature executable, such as onscreen keyboard, with cmd.exe. It runs under SYSTEM.
Does SYSTEM have enough permission to write to the SAM file?
I actually did do that! I found the ASCII code but couldn’t get it inputted correctly to the password. The nuking came after I gave up and decided it wasn’t worth it. What’s life without restarting every now and then?
Was that the same version of Windows where you could click “cancel” to bypass the login prompt?
early win98 and i think even into second edition you could just click the close window x button on the login window and it would just dump you onto the desktop. my parents thought adding a password would stop late night gaming… nope worked till i got discovered one fateful nigbt and i was grounded till i revealed how i found out what the password was.
was eye opening for my father who then started just taking the power cords off the monitor and psu.
My parents had the power cord in locked box, so you need a key to turn the computer on, which only they have.
Me and all my siblings learnt to pick lock.What did you use as tools, or was it a masterlock?
masterlock… just touch it… breathe on it … threaten it with a speed square…
threaten it with another masterlock…
TBF, my parents tried that power cord solution first as I was the “techy type” in the family. It just taught me to hide the fact that I had extras. 🤪
There was one like that? I remember the sticky-keys bypass but not that.
All the login prompt did back then was let users save user specific settings. Your best bet back then was a BIOS password.
I know, this is easier said than done for someone unfamiliar with this stuff, but maybe still good to know that this is an option in future:
You can prepare a “Linux Live USB” and select in the BIOS that it should boot off of that.
It’ll start a complete OS off of that USB, so you can access the hard drive (assuming you didn’t enable disk encryption) and at the very least backup your files, or sometimes even resolve whatever keeps you from accessing Windows.Remember: Those were probably the times of a single computer at home and having a spare laptop somewhere ready for that is not the default.
Those were the times when I had to pull out my hard drive, ride my bike to my best mate’s house, and plug it into their PC so I could finish up a report due the next day. All because Windows 95 didn’t shut down cleanly and refused to boot.
I did actually remember that, but figured, they must have had some way of reinstalling Windows, too.
I guess, though, they might have had a physical Windows install disk at home. So, yeah, would have had to prepare a Linux Live CD before disaster struck…
CD? Windows 98 first edition was released on floppies. And Linux was not some simple thing. Red hat hadn’t even created yum and Debian hadn’t even created apt.
The late 90’s was a chore of library visits and 14.4k baud XModem transfer interruptions.
Sounds painful without a packet manager…Ouch!
You can also create a Windows installer USB stick, boot off of that, and start its command line to access the files on the installed Windows system. There you can copy CMD.exe over the file path of the accessibility options app.
Then boot back to your installed system’s login screen and hit the button for accessibility options, which now opens a working command line logged into the installed system with admin rights. You can use that to reset your admin password.This hack has worked in some form since Windows 3.11 .
This sort of nonsense right here is why infosec people warn about having physical access to machines
It’s not just because of nonsense, it’s more that it doesn’t really matter what you do - the only thing stopping someone with physical access to your machine is their level of determination.
At some point, there’s no stopping the laws of physics. Your data is physically stored there. You can do a lot to make it really difficult to access it, but the best you can do is full disk encryption with a sufficiently strong key, and only store that key on external hardware that isn’t accessible to the attacker.
Even then, you better make sure that your encryption key wasn’t hanging around cached anywhere in memory before you shut down your computer.
You can’t really prevent physical access to a machine. Using Bitlocker is a lot better recommendation, because it prevents this kind of attack in most of the cases.
this i do all the time. you can even make a persistance on the drive so its not just like a fresh install every boot. really nice if you wont have access to internet on the host hardware so if you need sometool inparticular you can have it installed already
Lol and they say Windows is great with being backwards compatible…
I did the exact same thing with my password at work
Some internal software at my job does that and I hate it
Huh, that’s what it looks like when you comment \0
\0/
deleted by creator
I mean the \0 literal
deleted by creator
My lemmy mobile client just crashed. This is me on the web interface, lol.
Always leave it to the actual users to find any bugs you didn’t think of, lol.
Actual Josh from “Let’s game it out” energy.
seems to work as expected.
Infinity for Lemmy didn’t crash, lol.
Doing that to annoy devs who didn’t sanitize their database inputs is like walking along parking lot just to see if anyone has forgotten to lock their car, just to put a post it in the steering wheel.
Nah man, not sanitizing Inputs could pose serious security risks as someone could use this shit to escape and run arbitrary database queries potentially leaking passwords or other info or just wiping it (Afa I have learnt on the internet)
Just like @[email protected] said, leaving your car unlocked is a serious security issue and you’d be lucky if someone walked by and just left a post-it note
Title text: My password is just every Unicode codepoint concatenated into a single UTF-8 string.
Now I want to try this.
Now I want to try this."; DROP TABLE ‘users’;
ftfy
I really want to start a synth band called Robert and the’); DROP TABLE ‘artists’;
Little Bobby Tables
Is this anything that a simple admin password reset wouldn’t fix? It’s not like admins can see your passwords anyways. (if the system is even remotely competent)
if the system is even remotely competent
…
At least he’s not holding it by the top of the screen like Black Hat Guy.
My password is just every Unicode codepoint concatenated into a single UTF-8 string.
Actually….it’s called NUL
deleted by creator