Showing posts from February, 2022

The strange case of Windows 'default credentials'

Windows has some odd quirks that have been around probably since the dawn of Windows 3.11, and which still exist (at least in part) today for backwards compatibility. One of these has to do with connecting to remote file shares over SMB (CIFS). When you try to connect to a share - \\mycomputer\myshare.  By default windows will attempt to login to that share using the same username/password combination that you are currently logged in with. This is rather convenient, because otherwise every time you connect you get prompted, again & again & again for your username and password.'s also a bit of a security problem, if I setup my own share on my own computer, and send links to others, and those others click on those links, windows will send my computer your username and password (though technically it sends me a secret code that is derived from your password, not your password itself). I can then use this information to calculate what your password could be, using somet