Hack into a Windows PC - no password needed

superplay · 8 Mar 2008 at 21:46

Interesting Article

"A security consultant based in New Zealand has released a tool that can unlock Windows computers in seconds without the need for a password."

http://www.theage.com.au/news/secur...password-needed/2008/03/04/1204402423638.html

Slinky1989 · 8 Mar 2008 at 21:49

You can get windows password removal programs on bootable cd's and just remove it like that. :/

superplay · 8 Mar 2008 at 21:56

Yup I know about the CDs.

From reading the headiline this sounds as if you can unlock a locked computer? If so it could be used to unlock a domain connected user who has walked away from their PC and done CTRL+ALT_DEL / lock This computer and you would have rights in the Domain.

Where are the CD tools only reset the local account.

Slinky1989 · 8 Mar 2008 at 22:00

Ah i see now. Just a tad more concerning then

Stelly · 9 Mar 2008 at 09:20

Its not hard to hack a windows password for a local computer anyway...

Stelly

FishThrower · 9 Mar 2008 at 14:39

To use the tool, hackers must connect a Linux-based computer to a Firewire port on the target machine. The machine is then tricked into allowing the attacking computer to have read and write access to its memory.

With full access to the memory, the tool can then modify Windows' password protection code, which is stored there, and render it ineffective.

Yeah.. i can really see someone doing that!!

bledd · 9 Mar 2008 at 14:49

FishThrower said:
Yeah.. i can really see someone doing that!!

it's hardly rocket science

superplay · 9 Mar 2008 at 14:51

Imagine a Financial institution or similar and a user locks their PC to go for lunch.

If the hack works as I suspect then yes I can see someone carrying a small laptop to hack into their account while logged on to the domain to gain systems access.

FishThrower · 9 Mar 2008 at 15:18

bledd. said:
it's hardly rocket science

seems like hassle to me

Theguy · 9 Mar 2008 at 15:23

FishThrower said:
seems like hassle to me

maybe for home use it would be, but imagen a business dealing in multi-billion pounds, banks for example..

Stelly · 9 Mar 2008 at 23:29

FishThrower said:
seems like hassle to me

There are very very easy ways to crack a local windows password...

Stelly

LeperousDust · 9 Mar 2008 at 23:50

Tbh you could automate the process with an embedded linux computer with just a firewire cable and some scripting. Some basically it would look like a big flash drive that connects to firewire. Once connected it executes the script no user intervention required and bang computer unlocked... That doesn't really sound like rocket science...

mattyrigby00 · 9 Mar 2008 at 23:55

LeperousDust said:
Tbh you could automate the process with an embedded linux computer with just a firewire cable and some scripting. Some basically it would look like a big flash drive that connects to firewire. Once connected it executes the script no user intervention required and bang computer unlocked... That doesn't really sound like rocket science...

i assume most domain servers have it set so if x amount of password tries are tried in x amount of time it locks that account out till the owner gets it unlocked by the admin.

Memphis · 9 Mar 2008 at 23:57

Stelly said:
There are very very easy ways to crack a local windows password...

Stelly

Please read the article, and understand it.

allllec · 10 Mar 2008 at 00:54

And why exactly does windows still let a firewire driver read/write to the memory, specificially parts of the operating system like this? =/

He demonstrated it in 2006! common Microsoft!

Smit · 10 Mar 2008 at 05:58

allllec said:
And why exactly does windows still let a firewire driver read/write to the memory, specificially parts of the operating system like this? =/

He demonstrated it in 2006! common Microsoft!

Untested in Vista though

Microsofts way of getting you to upgrade

Stelly · 10 Mar 2008 at 10:02

Memphis said:
Please read the article, and understand it.

Yer I have... just pointing out that its not that hard thats all

Stelly

rick827 · 10 Mar 2008 at 11:05

A physically compromised system is a compromised system. Same trick, different vector

LeperousDust · 10 Mar 2008 at 13:48

mattyrigby00 said:
i assume most domain servers have it set so if x amount of password tries are tried in x amount of time it locks that account out till the owner gets it unlocked by the admin.

It's got nothing to do with that, have you read the article? It doesn't try *any* passwords, it just bypasses it...

Mangelwurzel · 10 Mar 2008 at 14:25

LeperousDust said:
......It doesn't try *any* passwords, it just bypasses it...

Yep that's right, just as booting with a live linux CD bypasses windows user account passwords, giving instant access to all windows drives/partitions. Which also works on vista as well. I've tried it!