Re: Is root the same as Administrator?
@David12
Yes, you are right. They are both labels to an underlying ID. As you stated on Windows, Administrator has the relative ID (RID) of 500 (0x1F4 as you stated) and this can't be changed. There's also the administrators group (544). Here's the full list of Windows SID's and RID's
There are reserved ranges in Windows, so typically user ID's start at 1000. As you stated security tools take advantage of this information, i.e. to find the real name of the admin account, others just use the well known SID's and RID's.
For extra fun, rename administrator, then create a new account called administrator, with no permissions and set it to be disabled. This will prevent account lockout on the real administrator account and it makes it easy via the logs to see any attempted login by unexpected parties. The new administrator account will have a RID of >1000.
Finally, there are tools that can display the mapping of users to SID's, there are even powershell cmdlets that give this info, so its always possible to see the mapping.
Its the same on Linux, root is user ID (UID) 0 and Group ID (GID)=0. The mappings can be found in /etc/passwd and /etc/group
Linux/Unix also has the same layout of special ID ranges and users start at 1000.
Apologies for the Wikipedia article but I couldn't easily find a list of the linux reserved ranges, other than a systemd article . Both init and systemd have the same sort of approach.
There are similarities on reserved ranges for special purposes (0-99).
The same sort of attacks are possible on Linux for the same reasons.
Given Unix came first and all OS's need to map friendly names to underlying data structures that are generally based around INT's, its easy to see why all OS's (Linux, Windows, etc) share a lot of common approaches in this regard.
Like Windows, you *can* rename root, but the level of OS understanding needs to be higher, since some 3rd party tools and scripts check the text, not the ID. This means that generally only larger organisations or those with increase risk profiles and who understand the impacts actually do it.