asked on
Remote install on a PC with no password
I think I might have shot myself in the foot. I have a customer who has several PCs dedicated to viewing cameras. So I created a user with no password. The computer boots, logs in and runs the camera viewing software. Works great. The problem is that Windows Defender quarantined my remote access software by mistake and I haven't found a way to reinstall it. I know the admin username but the password is blank and I thing that is what is stopping me. The allow blank passwords option. Does anyone know how to access a remote computer that doesn't have a password? Specifically so I can remotely install my remote access software?
Completely disagree. Just because you can't doesn't mean a skilled person - or an unskilled person with the right scripts - can't. Ever hear of Metasploit?
ASKER
You are allowed to disagree but you don't have enough insight into the application or usage to really make the calls you are making.
OK boys... I often see the rationale for no password in all sorts of special situations. But that is not the issue at hand. Its how to get in control of this particular remote PC.
If you don't have RDP enabled and don't have a domain, where you can upload policies or commands, it seems your only hope is a human on site with a keyboard, mouse and monitor.
There are many outfits that provide remote techs. Here are a few...
https://fieldnation.com/get-started
As I said before, you need a person in front of the machine if it's not on a domain with configuration options possible via group policy.
Otherwise, you can use tools like the Metasploit framework to find a vulnerability and exploit it. Pen Testers do this all the time. Leaving a camera system unprotected (no password) is a gift to a Pen Tester and to a hacker trying to gain physical access to the premises. And potentially the network if this system is on any accessible network segment.
I would advise extreme caution and, in particular, get customer sign-off if you intent to use pen testing tools on the network, lest you get yourself into a deeper negative situation.
The hacking will continue until security improves.
ASKER
All things aside no password isn't really that bad of an idea. I know the username, ip address and everything yet can't hack it. No one can type in a password as there is no keyboard or mouse on it. Complete turnkey.