Windows XP - Integral Edition 2024 (The backdoor of Windows builds)

Video Statistics and Information

Video

Captions Word Cloud

Reddit Comments

Captions

hey guys so I tried something a little different on this video which was specifically to go through the installation process of an unknown operating system that was built or customized on the internet and then run some security scans on this particular operating system and give a verdict now I just want to give fair warning before anybody follows this that you're going to want to watch it to the end before you make the decision as to whether or not you want to run this operating system this is for XP the integral Edition so what do you say guys let's get into this and check this out together and see what this actually looks like so what we're going to do is we're going to just go to the basic installation I'm assuming the installation process is exactly the same as it was on every other version of XP but we'll find out together I'm not going to go super far into details if you need details on how to install XP I'll put the link to my other video on how to do an XP from ISO to full XP install um otherwise I'm just going to run through this so that way you guys can visually see it so far it's been about the same I did check the files as they were scrolling through the bottom there for the installation process and didn't see anything out of the norm for XP still looks pretty standard oh this is different since this is from the internet I have not enabled my network adapter this particular system is installing with no network adapter again not really sure what it does or what it offers so here we go attempt to accept the agreement here and click next so I will say that during the installation process I have noticed that it is quite a bit longer than a typical Windows XP um I would even argue that at this point it's probably been just as long to install the point of sales system as it is to install XP whatever this is um let's continue on here and see what else we get uh it looks like we're getting additional configuration updates for Post Service Pack 3 which means that we're getting the point of sell updates on our XP Pro machine here which I'm assuming this is built off of XP Pro and not XP Media Edition but it's possible it's on the Edition not 100% sure yet okay so we just went through all the checks there and it completed out and now it looks like we're rebooting again and coming back up into Windows XP interestingly enough we're starting log into Windows XP looks pretty normal so far so here's a major change I guess so what it's doing now is it's going to ask us to install additional configurations during the installation process and I would suggest you pause it here if you want to check this out before you go through the process because obviously it's going to give you a certain amount of time and timer to count down how many seconds you have before you actually got to continue um I'm going to leave it all uh see what happens so let's submit this guess the question will remain is once it's up is it stable and then the other question is is it secure so once we get this thing up and running I'm going to scan this thing to see if it comes back with anything that's weird um just because when you have these customizations in the OS I mean it gives the people who develop it the ability to add back doors or remote access into these system systems and frankly just never know so rather be safe than sorry once this thing comes up we're going to scan on it we'll check it out and see how it comes up and how it looks whether or not there's anything on it that's funky so I'm going to let this thing do its thing I'm going to pause this and we'll pick it up from The Next Step okay guys so it just finished doing all of its updates and now I am loaded officially into windows but it appears that it's going to do a reboot real quick I'm guessing to apply the updates and changes that just took place during the installation process um so let's pick this up as soon as the system comes back up okay guys so we're back up we just finished the installation um which went pretty smooth I can already tell we have myal 68 installed so we have the later version of the browser installed um which is supported uh the next thing we're going to do is we're going to actually take a look at the computer itself the configuration uh we have allocated 4 gigs of memory we have 4 GHz of processor and i51 gen Service Pack 3 is installed have a default system name I don't see I'm curious if we have any any customizations really system restore is still running so that's all pretty much normal um you know let's look and see what we have as far as updates interestingly we do have quite a bit of application installed incling codex now however the updates are installed they don't appear in here so we don't have let's see if we could see them in the command line oh interestingly so we do have updates installed but they don't come back as a KB they look like they're individual files so do show dual core so we do have two processors R x86 based it is based off of XP Professional I know was question before that was whether or not we were using XP Professional um we have a generic system name there's 659 Windows updates installed which is interesting because that would apply all of the updates plus more so we know from our wsus server that total on Windows XP all versions including the 64-bit Edition has somewhere around 1100 updates so we know that 659 of these updates are applied to this system which is interesting the question is is now what updates are not applied and also if we connect this to our wsus server will we see these updates have been applied or will the system try to additionally install the additional updates outside of that from a usability standpoint so far it looks pretty much standard I don't see anything that's funky as far as things that would be questionable um I do note that the Windows Firewall was turned off on boot so once we got into the system I do see that the firewall itself is set sorry I'm just so I I do see the firewall itself is just disabled um interesting we have bit Locker reader in here so I'm wondering if we could see en crypted thumb drives so let's uh get the system connected to the domain for a second once we get it on our domain let's do a test let's see if wsus server can see it um let's also check to see if there's any Group Policy configurations in the system before we do so um and then let's check with uh our tenable scanner and scan it to see what it comes back with from a security perspective okay so before we do anything let's uh check to see what we have specifically from a group policy standpoint let's see if anybody's got policy strip slimmed into the actual machine so to do that we're going to go to a command prompt we're going to make a directory called tools um then let's do a GP result now let's see um okay so we go and it does not look like we have any policy configuration of any kind on here so I think what we'll do is we're going to rename this system and then we're going to scan it with our tenable scanner before we add it to the domain to see what it comes back with and then after we do that we'll add it to the domain and then we'll add the policies to it and scan it again to see if it comes back with anything different but we should be able to use our notes from our XP video uh from yesterday we could pull that information back and we could do a comparison of the unsecured version of XP versus this version of XP that claims to have the additional Security in it to see if it actually does have any additional Security in it okay guys well welcome over to our tenable Nesta scanner here um I added that system to my network gave it a static IP address um I also gave myself authentication into it by creating an additional account to authenticate into it so I could leave the original one that's intact out of the box uh configured so that way when we run our scan we could actually see what that account is doing if anything um and then I configured the scanner on this side to scan it for the outof thebox um configuration and we could see it here here now just a quick refresh um Windows XP no policy we ran this this is what our vulnerability show so we we had 129 critical 266 High 43 medium and 134 infos um that's the original scan on the XP machine with all the updates without any policy configuration so that's basically you got XP you had it at home you installed all the updates that's what that result would show so let's take a look now at this uh integral system that was created on the internet um and as we can see here it's actually better so we have to 24 total vulnerabilities and if we drill into there we have two critical one high three medium one low and 29 info and if we drill into this thing we could actually see what we have so I mean obviously the critical is going to be the unsupported operating system but who cares because we already know it's unsupported right um then we have Windows XP we have Windows we have multiple issues we have two listed unsupported OS again not a big deal we already know that and we have another one here too we have uh SMB null session authentication which means that the built-in admin account when it was created is set for no password versus some kind of password that's baked into the registry so on the configuration of that thing just change the password for the admin account that should resolve that issue um then we have terminal Services turned on so remote desktop Services is enabled inbound on that thing so that's something else that would also turn off because it's built by the internet and only God knows if they have another way into that system so I would disable the terminal services or change the listening port and then add the username and password to authenticate into it if you must have terminal Services enabled inbound um so if we continue on down here and we look at specifically what else we have um yeah here we go remote desktop protocol server man in the- Middle weakness um that's a problem so at this point I would say that that system is in questionable like why why does the protocol on that XP machine have all these additional you know uh vulnerability fixes on it but then allow remote access into it uh without you know the privileged to account I something's off here with this so I would actually go into that system and change that or at this point honestly because I'm a security nut I don't think I would run it but again if you're looking for a system that hauls all the updates and you're really not going to store anything on it it's more of a hobby I guess you could check it out um we already know that's not fips compliant I mean that should be pretty much a given um the question is is though is once we go through this again and add this thing to The Domain add all the group policies to it and lock down the terminal server and then scan it again will this look different will it actually show better so if we jump back to the actual scan and we do the XP with policy we could see that there was only six vulnerabilities found and there were info vulnerabilities found in the original vanilla out of thebox Windows XP configuration with all the updates so that's all things considered wsus installed all the updates pushed the registry changed for the point of sales system um all the patching and then the CIS Benchmark Group Policy configuration for Windows 10 so what we're going to do now is we're going to add this integral system to The Domain once we add it to the domain we'll apply the group policy to the system and we'll lock down those changes or the the the vulnerabilities that this thing finds and then run a scan again and see what we get as a result so before we continue on guys I want to just give you a quick heads up on a couple things that were discovered in the process of adding the system to The Domain the first one is is that the terminal server configuration is baked so in other words the PE system that runs the configuration baked 3389 into the system and if you change the service host configuration or the registry configuration to use a customized Port it throws an error reboots the system and then reapplies the PE configuration for 3389 this is also true of the remote assistance application so you can't disable it once you try to disable it the system will throw an error the PE will reinstall the remote assistance application and the remote assistance application just happens to be set to not allow authentication or user interaction so it allows remote access without any user being present or required user to interact with them to say it's approved for them to connect i' also like to add that while I was able to disable or delete the built-in admin account I couldn't change the password because the password is tied to the registry for the remote desktop services so even though I was able to change the password or delete the account recreate the account I had to delete the Sid in the goid and then even after I did that I located in the SMB configuration in the registry the username and password that were originally configured which is null is set for an authentication into SMB without any authentication meaning that your dollar sign your shares like your admin dollar sign your C dollar sign those are all enabled and there's no way to password protect or secure them they're configured for the original account that's set up for the system okay guys so let's get to it right we added that machine we found all those flaws within the configuration um and I don't want to speak ill of anybody it's possible that the individuals that created this just didn't know any better um maybe this is just a passion where it's a labor of love and you know they they didn't remember I again I can't say for sure who did it but based off of what I see I would not run this operating system um with access to the internet uh that said how did it do well once we made the changes to the registry and we registry hacked the system to remove the uh user authentication account we were able to change the remote desktop listening Port once we changed the remote desktop listening Port we created uh an additional firewall configuration to block out uh connections on 3389 just to disable that completely and then also added an additional Group Policy to force the remote assistance to not support the protocols that are only supported at XP in other words we basically forced remote assistant to require authentication but to use ntlm uh authentication which is not available on XP not out the box anyway and from what I could tell it's not part of this build package so in doing that that disabled our remote assistant and our remote desktop on the default Port so we did see that that helped from a security perspective now when we go into the XP enabled configuration the GPO enabled we do have two critical we have one high and we have 63 info and if we drill down further we will still see the SMB no authentication here and the reason why this exists still is because even though we've killed the account somewhere in the registry there's an additional location where where this is baked in so as previously stated this gives access to your dollar sign shares on your Windows system now it's possible that you could block Port 445 on the system and create your additional firewall configuration through grp policy to block that port to block Cs and to block the ability to access this but the fact that it exists in the first place on this system is concerning especially when we consider that the system that I built previously that didn't have any of these customizations in it didn't have these critical high and mixed alerts that were part of the actual original operating system so these are these are additions software additions configuration additions added to this XP machine that have created holes in the actual security so while there's no viruses at least from what I could tell on the system there are some questionable or suspect security configurations on here so as a result I would suggest not running this and suggest just going with the vanilla configuration you would be better off spending the time building out your wsus server and building out your XP machines and using the patches pushed from the wsus server and then manually installing the browser you needed then you would be running this custombuilt operating system because at this point I would say that we've provided information as to why from a security perspective you would never want to run this hopefully you guys enjoyed this ride and enjoyed this video like And subscribe for more videos you guys have a good one

Info

Channel: Tech Guy One

Views: 16,530

Rating: undefined out of 5

Keywords: #windows, #Windows XP, #XP, #Legacy, #Computers, #Windows 10, #Windows 11, #Windows 2000, #windows 98, #WindowsNT, #NT4, #NT5, #NT6, #Embedded, #POS, #POS Embedded, #Windows XP POS, #windows XP Embedded, #windows XP POS Embedded, #Registry Hack, #Windows NT, #Windows2k, #Official, #Security, #cyberSecurity, #hobby, #Lab, #ESU, #ExtendedSupport, #TechSupport, #Firewall, #CIS, #CisBenchmark, #windows7, #WindowsVista, #microsoft, #microsoftwindows, #Support, #techworkersUnion, #breached, #compromised, #desktop, #TGO

Id: fReKyXEiwJo

Channel Id: undefined

Length: 19min 35sec (1175 seconds)

Published: Tue Mar 19 2024