Go Back   Wireless and Wifi Forums > News > Newsgroups > alt.computer.security
Register FAQ Forum Rules Members List Calendar Search Today's Posts Advertise Mark Forums Read

 
Reply
 
LinkBack Thread Tools Display Modes
  #1 (permalink)  
Old 11-29-2006, 09:06 PM
Chris Suckling
Guest
 
Posts: n/a
Default Password Decoding

I would like to know if there is a way of decoding a password which has been
set up using microsoft windows XP within a laptop that i have recently
purchased through an auction, (have authority from the company to prove
authenticity).... If there is anyone that can provide me with software or
let me know what sort of software that can be used for this program to find
out whether there is anything untoward on the laptop please let me know.....







Reply With Quote
  #2 (permalink)  
Old 11-29-2006, 09:19 PM
Gerard Bok
Guest
 
Posts: n/a
Default Re: Password Decoding

On Wed, 29 Nov 2006 22:06:54 GMT, "Chris Suckling"
<csba17084@blueyonder.co.uk> wrote:

>I would like to know if there is a way of decoding a password which has been
>set up using microsoft windows XP within a laptop that i have recently
>purchased through an auction, (have authority from the company to prove
>authenticity).... If there is anyone that can provide me with software or
>let me know what sort of software that can be used for this program to find
>out whether there is anything untoward on the laptop please let me know.....


If your problem is just the Window's password:
http://sourceforge.net/projects/ophcrack

If, however, the password is on the laptop itself, you may find
yourself in very deep water :-)

--
Kind regards,
Gerard Bok

Reply With Quote
  #3 (permalink)  
Old 11-29-2006, 10:14 PM
Chris Suckling
Guest
 
Posts: n/a
Default Re: Password Decoding

The problem i have is with the password related to the username which are on
the pc...from the sake of curiosity there are four usernames on pc two of
which do not require a password... however i would like to find out what has
been put on the harddrive to ensure that there is nothing dodgy whatsoever
on there....from this i would like to find out who last used the pc and for
what purpose, it is not at present internet connected.... tho im not sure
whether that is the case when the last user had the pc......



"Gerard Bok" <bok118@zonnet.nl> wrote in message
news:456e0732.33986314@News.Individual.NET...
> On Wed, 29 Nov 2006 22:06:54 GMT, "Chris Suckling"
> <csba17084@blueyonder.co.uk> wrote:
>
>>I would like to know if there is a way of decoding a password which has
>>been
>>set up using microsoft windows XP within a laptop that i have recently
>>purchased through an auction, (have authority from the company to prove
>>authenticity).... If there is anyone that can provide me with software or
>>let me know what sort of software that can be used for this program to
>>find
>>out whether there is anything untoward on the laptop please let me
>>know.....

>
> If your problem is just the Window's password:
> http://sourceforge.net/projects/ophcrack
>
> If, however, the password is on the laptop itself, you may find
> yourself in very deep water :-)
>
> --
> Kind regards,
> Gerard Bok




Reply With Quote
  #4 (permalink)  
Old 11-29-2006, 10:47 PM
nemo_outis
Guest
 
Posts: n/a
Default Re: Password Decoding

"Chris Suckling" <csba17084@blueyonder.co.uk> wrote in
news:2wnbh.24522$Pk.21331@fe2.news.blueyonder.co.u k:

> I would like to know if there is a way of decoding a password which
> has been set up using microsoft windows XP within a laptop that i have
> recently purchased through an auction, (have authority from the
> company to prove authenticity).... If there is anyone that can provide
> me with software or let me know what sort of software that can be used
> for this program to find out whether there is anything untoward on the
> laptop please let me know.....



Laptops can have passwords at a number of levels.

While BIOS passwords are no big deal generally, those on Toshiba and IBM
laptops were (historically - I haven't kept up with this) very hard to
break, but there was a place in Australia that specialized in reading out
the EEPROMs on the motherboard. (Some laptops may now even use a TPM or
similar hardware scheme.)

Nowadays I believe some laptops use the ATA password on the hard disk
(actually there are two such passwords). These are quite hard to break
without specialized HD maintenance tools.

Anpother possibility is Windows XP itself. Rather than determine the
password there are a number of programs which just reset it to whatever you
want (yes, even for local administrator passwords). The Winternals ERD
disk is my preferred method but there are a number of others (cheap - some
may be free). This is the only "easy" case.

Lastly, the laptop may be using a HD OTFE scheme (Utimaco, Drivecrypt,
etc.). For all practical purposes these are uncrackable (unless the
previous owner was a moron who chose something like "Susan" as the
password).

Regards,


Reply With Quote
  #5 (permalink)  
Old 11-29-2006, 10:49 PM
Todd H.
Guest
 
Posts: n/a
Default Re: Password Decoding

"Chris Suckling" <csba17084@blueyonder.co.uk> writes:

> I would like to know if there is a way of decoding a password which has been
> set up using microsoft windows XP within a laptop that i have recently
> purchased through an auction, (have authority from the company to prove
> authenticity).... If there is anyone that can provide me with software or
> let me know what sort of software that can be used for this program to find
> out whether there is anything untoward on the laptop please let me
> know.....


Can you describe what specifically you're attempting to do and why you
don't just reinstall windows? I certainly wouldn't trust whatever
isntallation you've got there.

Now, there are utilities to reset administrator passwords on nt boxes
using bootable media (ntpasswd among them).

Another way to go would be to boot with Knoppix disk and pull the
SYSTEM and SAM file off the disk, dump the SYSKEY and then use that to
dump the password hashes and run them through rcrack with rainbow
tables to decode the current password. This would be the way to go if
there are any EFS protected volumes on the disk you'd like to have a
chance to recover since you need the original account password in
place to have a shot at recovering those. If rcrack and the tables
you have won't crack the password though (would have to be an
unusually tought pw to get past some of the larger rainbow tables),
you'll have no joy there.


Irongeek's got a decent local access tutorial on the process:
http://www.irongeek.com/i.php?page=s...localsamcrack2


--
Todd H.
http://www.toddh.net/

Reply With Quote
  #6 (permalink)  
Old 11-29-2006, 11:08 PM
Gerard Bok
Guest
 
Posts: n/a
Default Re: Password Decoding

On 29 Nov 2006 17:49:38 -0600, comphelp@toddh.net (Todd H.)
wrote:

>"Chris Suckling" <csba17084@blueyonder.co.uk> writes:
>
>> I would like to know if there is a way of decoding a password which has been
>> set up using microsoft windows XP


>Another way to go would be to boot with Knoppix disk and pull the
>SYSTEM and SAM file off the disk, dump the SYSKEY and then use that to
>dump the password hashes and run them through rcrack with rainbow
>tables to decode the current password. This would be the way to go if
>there are any EFS protected volumes on the disk you'd like to have a
>chance to recover since you need the original account password in
>place to have a shot at recovering those.


Just curious:
If EFS is used, could you still 'pull the SYSKEY' from the
registry ?
Wouldn't you likely find those files encrypted as well ?

--
Kind regards,
Gerard Bok

Reply With Quote
  #7 (permalink)  
Old 11-30-2006, 03:51 AM
Todd H.
Guest
 
Posts: n/a
Default Re: Password Decoding

"Chris Suckling" <csba17084@blueyonder.co.uk> writes:

> The problem i have is with the password related to the username which are on
> the pc...from the sake of curiosity there are four usernames on pc two of
> which do not require a password... however i would like to find out what has
> been put on the harddrive to ensure that there is nothing dodgy whatsoever
> on there....


Problem is, this is a relatively impossible task. The best you can
hope for is that a number of malware scanners come back and say your
machine is lacking any malware that they know about. That's not to
say that it's clean of any malware that evades detection (think
keystroke loggers awaiting you to use your new machine to do online
banking and cheerfully sharing passwords with someone else). And it
also won't tell you if there is illegal content on the machine
(e.g. you may have purchased this from someone into underage pr0n, you
never know).


> from this i would like to find out who last used the pc and for what
> purpose, it is not at present internet connected.... tho im not sure
> whether that is the case when the last user had the pc......


If you're doing this just for ***** and giggles to see what you can
find out about the prior owner out of curiosity, or for learning about
forensic analysis, or whatnot, then this pursuit is worth your time to
look into such things.

However if you're looking to get up and running and using your new
machine, you're wasting your time with anything other than
reinstalling the operating system. No amount of checking will
guarantee you won't have a machine that someone's snooping on you
with, or is part of a botnet, or distributing illegal software, etc.


Best Regards,
--
Todd H.
http://www.toddh.net/

Reply With Quote
  #8 (permalink)  
Old 11-30-2006, 09:04 AM
bz
Guest
 
Posts: n/a
Default Re: Password Decoding

comphelp@toddh.net (Todd H.) wrote in news:84u00hk05i.fsf@ripco.com:

> "Chris Suckling" <csba17084@blueyonder.co.uk> writes:
>
>> The problem i have is with the password related to the username which
>> are on the pc...from the sake of curiosity there are four usernames on
>> pc two of which do not require a password... however i would like to
>> find out what has been put on the harddrive to ensure that there is
>> nothing dodgy whatsoever on there....

>
> Problem is, this is a relatively impossible task. The best you can
> hope for is that a number of malware scanners come back and say your
> machine is lacking any malware that they know about. That's not to
> say that it's clean of any malware that evades detection (think
> keystroke loggers awaiting you to use your new machine to do online
> banking and cheerfully sharing passwords with someone else). And it
> also won't tell you if there is illegal content on the machine
> (e.g. you may have purchased this from someone into underage pr0n, you
> never know).
>
>
>> from this i would like to find out who last used the pc and for what
>> purpose, it is not at present internet connected.... tho im not sure
>> whether that is the case when the last user had the pc......

>
> If you're doing this just for ***** and giggles to see what you can
> find out about the prior owner out of curiosity, or for learning about
> forensic analysis, or whatnot, then this pursuit is worth your time to
> look into such things.
>
> However if you're looking to get up and running and using your new
> machine, you're wasting your time with anything other than
> reinstalling the operating system. No amount of checking will
> guarantee you won't have a machine that someone's snooping on you
> with, or is part of a botnet, or distributing illegal software, etc.
>


Pull the hard drive, mount it as a secondary hard drive on another system
[adapters that will turn a drive into a USB accessable external hard drive
are cheap] and scan it for malware, etc.

Still no guarantees but you can find MOST of the stuff. You can't break into
encrypted file space but you might find some clues that will let you guess
the password(s).

Be sure to look in c:\documents and settings\$user$\local settings\temporary
internet files\.... (and other temp file locations). The cached files from
web browsing will give you an idea of what kinds of web sites the previous
owner(s) have been visiting.

Also, there is data recovery software available that will allow you to
recover many of the deleted files, as long as their storage space has not
been overwritten. R-Studio is one such program.

This is why some organizations pull the hard drive and run it through a
grinder to assure that confidential data can not be compromised when they
surplus old computers.


--
bz

please pardon my infinite ignorance, the set-of-things-I-do-not-know is an
infinite set.

bz+csm@ch100-5.chem.lsu.edu remove ch100-5 to avoid spam trap

Reply With Quote
  #9 (permalink)  
Old 11-30-2006, 09:36 AM
Gerard Bok
Guest
 
Posts: n/a
Default Re: Password Decoding

On Thu, 30 Nov 2006 02:29:27 +0100, Sebastian Gottschalk
<seppi@seppig.de> wrote:

>Gerard Bok wrote:
>
>> If EFS is used, could you still 'pull the SYSKEY' from the
>> registry ?

>
>Yes, because the registry is never encrypted with EFS.


So, basically, the 'security' offered by EFS has also been
compromised.
I knew XP's passwords are easily cracked nowadays, but apparantly
EFS lost it's glamour also. (Which is new to me.)

>> Wouldn't you likely find those files encrypted as well ?

>
>Well, if you have Windows, then try it. Doing so will result it a
>non-workable system,


Yes, I know. That's why I 'ask' instead of 'try' :-)

Thanks!

--
Kind regards,
Gerard Bok

Reply With Quote
  #10 (permalink)  
Old 11-30-2006, 09:42 AM
Gerard Bok
Guest
 
Posts: n/a
Default Re: Password Decoding

On Wed, 29 Nov 2006 23:14:03 GMT, "Chris Suckling"
<csba17084@blueyonder.co.uk> wrote:

>The problem i have is with the password related to the username which are on
>the pc...from the sake of curiosity there are four usernames on pc two of
>which do not require a password...


http://sourceforge.net/projects/ophcrack will produce a list of
users and passwords on the system.

Then you are free to log on as either one of them.
(The only catch is, that you will have to buy extra modules if
they used really strong passwords.)

>"Gerard Bok" <bok118@zonnet.nl> wrote in message
>news:456e0732.33986314@News.Individual.NET...
>> On Wed, 29 Nov 2006 22:06:54 GMT, "Chris Suckling"
>> <csba17084@blueyonder.co.uk> wrote:
>>
>>>I would like to know if there is a way of decoding a password which has
>>>been
>>>set up using microsoft windows XP


>> If your problem is just the Window's password:
>> http://sourceforge.net/projects/ophcrack


--
Kind regards,
Gerard Bok

Reply With Quote
  #11 (permalink)  
Old 12-02-2006, 02:51 PM
Chris Suckling
Guest
 
Posts: n/a
Default Re: Password Decoding

An update to this problem has been that i was able to turn off the user
password which enabled me to look at the files that were on display....

Would like to find out what has been on the registry from the files that
were on the system before it was wiped clean tho so if anyone has any ideas
as to what to look for in searching the registry this would be
appreciated....


"Gerard Bok" <bok118@zonnet.nl> wrote in message
news:456eb4d9.2081330@News.Individual.NET...
> On Wed, 29 Nov 2006 23:14:03 GMT, "Chris Suckling"
> <csba17084@blueyonder.co.uk> wrote:
>
>>The problem i have is with the password related to the username which are
>>on
>>the pc...from the sake of curiosity there are four usernames on pc two of
>>which do not require a password...

>
> http://sourceforge.net/projects/ophcrack will produce a list of
> users and passwords on the system.
>
> Then you are free to log on as either one of them.
> (The only catch is, that you will have to buy extra modules if
> they used really strong passwords.)
>
>>"Gerard Bok" <bok118@zonnet.nl> wrote in message
>>news:456e0732.33986314@News.Individual.NET...
>>> On Wed, 29 Nov 2006 22:06:54 GMT, "Chris Suckling"
>>> <csba17084@blueyonder.co.uk> wrote:
>>>
>>>>I would like to know if there is a way of decoding a password which has
>>>>been
>>>>set up using microsoft windows XP

>
>>> If your problem is just the Window's password:
>>> http://sourceforge.net/projects/ophcrack

>
> --
> Kind regards,
> Gerard Bok




Reply With Quote
Reply


« Web Wiz version 8.04 activation | Defragmeting a USB drive »
Thread Tools
Display Modes

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are Off
[IMG] code is Off
HTML code is Off
Trackbacks are On
Pingbacks are On
Refbacks are On


Similar Threads
Thread Thread Starter Forum Replies Last Post
Advice for minimal password security on an open source app Dan Cooperstock comp.security.misc 4 03-01-2007 08:14 AM
Patent buster for a method that increases password security Juuso Hukkanen alt.computer.security 15 12-07-2006 02:45 PM
Patent buster for a method that increases password security Juuso Hukkanen comp.security.misc 17 12-07-2006 02:45 PM
HP Pavilion ZE4600 Power on Password madscientist alt.computer.security 1 08-30-2005 12:01 AM
HP Pavilion ZE4600 Power on Password madscientist alt.comp.hardware 0 08-29-2005 10:24 PM


All times are GMT. The time now is 10:02 AM.



Powered by vBulletin® Jelsoft Enterprises Ltd.
Content Relevant URLs by vBSEO 3.6.0 PL2

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45