VISTA : Password bypass possible?

FatRakoon

FatRakoon

FatRakoon

Soldato
Joined
18 Oct 2002
Posts
10,475
Location
Behind you... Naked!
Ok, should be a quick and easy one for those who know...

My friend has just recently bought a LapTop. They asked me to make it secure.

I did originally put a password in the BIOS so it wont even start up windows without entering a password right, but they said that they didnt want that...

So, I put on in the Windows log-in.

Now, they are the ADMIN, there is only one account and thats the admin, no oother account is there and the guest is also disabled.

I myself cannot get into it without the password.

Their son, is telling them that he can get into it... I had a check, but again, I could not get in, and they said that he had left a message saying that he had been in, but I told them that what is more likely, is that they simply left the LepTop on and he ran to it as soon as their back was turned as the most likely reason... He insists though that he can still get into it and have full access to it etc..

Now, I went to his own computer, logged in as admin, that has no password and changed his password and told his mother the new passord, and I also gave the admin a password that I did NOT tell her, so that I would have total control should the need arise, where I would have to ruin his PC as a punishment.

Now, again, I pointed out to his mother that if he rally did have enough "up there" to get into her LapTop, then he would have enough noggin to protect his own PC and not let me in so quickly... She has half accepted this, but the question is still bugging me...

Was he able to get in or was it simply that he might have just got to the LapTop when they left the room?
 
Why should it be against the rules? it's a perfectly legit tool any network or systems admin should have in his or her toolbox!

OphCrack LiveCD is what you're after.
 
MikeHunt79 said:
Windows passwords are crackable in seconds.... I recommend better security tbh.
Click to expand...

It's not just Windows passwords that are crackable in seconds.
Give anyone local access to any PC running any OS and you can get around the password quite easily.
 
i used to do that it my brothers laptop when he does not want me to play with it.. if the laptop has a windows (account) password, i can easily get through. but i have no experience on laptops with bios passwords ;p
 
Ok, so we all know that you are telling me that thw Windows security is easy to get past.

How can you do it then?

How can I protect her PC a bit more?
 
is there anything you can do to properly protect a PC if someone has local access to it? Wouldn't you need to totally encrypt everything on the hard drive?
 
I was under the impression that Windows Passwords even more so, Vista's password system was really hard to crack, no?
 
Well, I have tried the OC CD as MRK mentioned and sure enough, I was able to list my own passwords with incredibly iritating ease... I did nothing, it just listed them for me on the opening window FFS!

So, unless I fully encrypt each and every file / folder with a different name / password, then Windows security is very much in the doodoo's

I have gone to my Linux box and I have near to zero security on that Dotn have any vital / important info on it so never seen the need to as Im only piddling about ) and I wil have a look to see if thats any different.

I do not at this time, have Vista on any PC, and Im really annoyed actually cos I had XP and Vista in both 32 and 64 bit flavours on the Abit AB9 QuadGT as I am running a load of comparison tests, but the board has just given up *** ghost and thats being RMAed as we speak so I can continue tests, but thats got to be a great setup to see if it will show up all the various passwords on the various O/Ses...
 
But if you've got local access you can just boot up any OS off a LiveCD and see what's on the hard drive, unless the whole thing's encrypted.

I'd just give the kid his own account tbh - that way there's no challenge to get on and see what's on anyone else's account. But then I'm only 20 and have never raised a child.


Also, if you did stick a bios password on, wouldn't resetting the bios manually clear that?
 
Of course, thats just it then...

If Windows' password really is THAT easy to bypass then Window in itself is just wasting our time in bothering to use them?

What I think would be best therefore, is that theu simply have no passwords at all in Windows, and just have the one BIOS PASSWORD, and of course make sure that it cannot boot from the CD.

Its also on a LapTop that she wants this done, so we cannot weld it, although I had thought that would have been a good idea!!! LOL
 
Yes, thank you too, to both MRK and MIKEHUNT79

Thank you, to both you two.

Oh look, 3 words all spelled differently, pronounced the same, and used correctly too!
 
Even removing the Bios Battery for ten minutes will bypass the password protection on any PC from Bios. Linktext is the utility used to bypass any security on a Linux based PC. Linux is the most unsecure piece of animalistic behaviour since the DO DO died out. A simple doss boot to any ext. file will open up any file or folder.
The most esiest way to have a secure O/S is to have it on ROM and not HD as it can be changed and as it changes it can be accessed due to the fact that you are using paged RAM. As any progrmmer knows A page of ram will not change until it is overwritten. The is our Echo-point and this is how hacking is done. A trace and Echo of a Port Access Protocol is a hacker's way into a computer wheter it be a PC or the FBI Mainframe.
Shucks even programs like Sandra tell you your product key numbers as well now which makes places like the Internet very scay places if you are on the receiving end of identity theft these days.
 
Its a LapTop.

What is really really annoying, is that given that it IS a laptop, whats so hard about simply locking it up in their room when they are finished?

Of course, a bag of anthrax that splits open if the side of *** case is removed wont be a bad idea either!

--

Ok, joking aside, I took the CD down and started the LapTop up. It is NOT set to boot from CD, and Im unsure that their son knows to set it and then re-set it when he is finished, however, we didnt risk it.

I showed them the CD and that he too may have a similar tool and so they accepted that it needs a BIOS password, so it now boots from HD only and as far it matters, this is going to be as good as it needs to be.

Its all very well worrying about security, but their son is only a scamp, and I really dont think he truly knows what he is doing.

That said, I also knew that Windows security was poor, but this is scary... I might like to add too, that I have realised that Linux Security is a bad ****** as well...

Hell, at least I know my Ataris cannot get hacked like this. ( Thats actually true too )
 
You must log in or register to reply here.
Back
Top Bottom