[Tech] Lost your Vista password? No problem!

[Ronin Storm]

So, get this:

I received a laptop for work this morning (yes, Saturday morning). Over this weekend, I need to install Visual Studio, transfer my code across, set up anything else I need (Firefox, etc) all ready to head south on Monday morning, 08:00. Thing is, I wasn't given a password for my user account.

I've spent a lot of today trying to break into the box. Eventually have a way that worked and was surprisingly easy.

Introducing Offline NT Password & Registry Editor.

Simple tool. Basically boots a live Linux CD and then allows you to do neat things like select an account and then blank its password, or promote it to administrator or whatever. There's also some registry editing tools but I only needed the password blanking. A minute later, I'm logging into my account with no password and setting it to what I want.

How secure do you feel your box is now? A reboot, with the ability to boot from CD, and I can clear your password and get access to your system. That'll cause problems for encrypted volumes, of course, but who uses those anyway...?

 

[Iron_fist]

dontcha just love windows security... or lack there of

you can also do some fun things like access the file that has the previous passwords on an account stored in MD5 hashes (_should_ only exist if the "unable to re-use a password" function is enabled)

 

[thatbloke]

...
wtf

Windows strikes again!

Where you heading at 8am monday?

Also, you probably just annoyed your company's IT techs and gave me an idea for being able to sort out my dad's work PC too...

 

[Haven]

dontcha just love windows security... or lack there of

You can do the same on linux/BSD and solaris, its not windows only

 

[thatbloke]

Maybe its a test!

If you don't break into it and put your stuff on, then maybe you will be regarded as someone who like to go by the book.

But if, like in your case, maybe they left it out intentionally and wanted you to see if you could get into it so that maybe they see as someone who isn't afraid to bend "correct" protocol to get the job done...

or maybe i'm talking bollocks and they just forgot to email you teh codez

 

[Ronin Storm]

Where you heading at 8am monday?

Moreton on Monday. Bristol on Tuesday. Andover on Wednesday. All over the place.

 

[Wol]

Assuming you disable the ability to boot from CD in the bios, and put a password on the bios, how hard is it to crack then?

 

[thatbloke]

Assuming you disable the ability to boot from CD in the bios, and put a password on the bios, how hard is it to crack then?

i can has your babies?

 

[BiG D]

If someone has physical access to the machine, it's compromised. Simple as that.

 

[Traxata]

Assuming you disable the ability to boot from CD in the bios, and put a password on the bios, how hard is it to crack then?

Wol, you are familiar with the old BIOS reset? surely...

 

[Haven]

TrueCrypt is your friend.