During my daily web crawl I encountered a very interesting gif that I haven’t seen in a long time. It was a hack of an unspecified version of Windows 95, which showed how to bypass the login screen with the help of the menu and printing dialog. However, after a brief check, I found a fair amount of people stating that “just hitting the cancel” button would do the same. Sharp-eyed viewers would notice that it was the very first action taken in the picture. In order to find out if the hack is real at all, I decided to reproduce it and document it for the good of the internet.
↫ David Polakovic
So this hack is actually a lot more involved than I thought it was going to be, and yet, it still feels utterly insane that operating systems were this easy to get into, passwords were this easy to decrypt, and security settings were this trivial to disable. Anyway, the gif is sort-of real, in that yes, you can ‘hack’ Windows 95’s login security through the printing and help subsystems.
Things were different back then, man. I vaguely remember that my high school used to lock us out of the desktop, File Explorer, the Control Panel, and so on, making it impossible for us to access DOS or the games built into Windows 9x. I don’t remember the exact things we used to do, but most of us were aware and used several different methods of bypassing the school lockdowns just to mess around. We never did anything malicious – this is pre-internet, and we just wanted to play some Solitaire or Pinball – but anybody with malicious intent surely could’ve.
In high school, we had Novell on top of Windows 98. So to get what we needed, I think we just loaded Office 97 and then opened Explorer.exe through the file chooser. Or maybe VB script, I don’t remember, but it was easy.
We could also crash the system by sending a link longer than 256 characters, I believe.
HACK THE PLANET!
Fascinating. I teach network intrusion and detection and every semester I demonstrate successfully hacking Windows 10 (now 11) and Linux. What nonsense is the idea that machines used to be so easy to crack but NOW we’re sooo protected. Sounds incredibly naive to me. The surface area that needs protecting these days is much greater, so the attack vectors are much greater. Individual resources are pretty much just as vulnerable as they were back in the day, not by their individuality, but by the network of their combined surfaces. My guess is that if you think we’ve come so far is that you probably feel secure – good on you, love the optimism. As for me, I’ll take security through obscurity and be glad that knowledgeable attackers aren’t interested in my assets.
decuser,
I take your point that today’s computers can still have vulnerabilities and we are still using unsafe languages after all. We have examples like eternal blue…
https://en.wikipedia.org/wiki/EternalBlue
However I don’t think we should be claiming that today’s operating systems are as vulnerable as they used to be. Today’s operating systems are far more secure than they were. In the 90s was so vulnerable that children were stumbling into ways to circumvent security measures using nothing more than microsoft’s own bundled software. And OS code vulnerabilities were so prevalent that normal users would regularly trigger blue screens. These errors are avenues by which a hacker could take advantage of bugs to create exploits. Microsoft even famously triggered a crash during a microsoft press event. Anyone who used computers at the time knows that modern OS security is nowhere near as bad as it used to be.
The difference is that dos (and win3x/9x, macos <=9, amigaos etc) were inherently single user systems and had no concept of users or file permissions. They were designed on the principle that the user was also the owner of the "personal computer" on which it was running. You could implement some superficial veneer of access control through the ui layer, but it was not enforced at the os level at all.
Unix, VMS, MacOSX and later NT based windows actually are designed to support multiple users, although windows still suffers from problems where the kernel was designed for multi user but a lot of the ui and userland were carried over from 9x which wasn't.
bert64,
Indeed, that was a further weakness at the time. While systems that can be physically tampered with are inherently vulnerable to evil maid attacks, the old single user operating systems had almost no security barriers in place to stop malicious processes/users and could easily be compromised without even requiring privilege escalation.
You would be interested to know that a similar hack was used to bypass parental control on Android.
https://www.androidpolice.com/exploit-bypass-android-parental-controls-web-browsing/
This happened multiple times even. This one uses a contact trick to pop up the embedded, unrestricted browser and then going to google’s homepage from which a person can then search for and access any website from within the browser embed since it doesn’t use Chrome’s parental controls. An older trick of that vein used the google account settings page. The chrome browser embed doesn’t obey the parental control rules unlike the Chrome app, so any time a person finds a way to get into google’s homepage from one of the Android embeds it becomes a control bypass.
Google has no idea what they’re doing with their so-called “parental controls”.