RE: locked out of XP, need file access

["Simon and Sara Zuckerbraun" <szucker () rcn com>]

If you've created a Password Reset Disk (via the Control Panel), then you're
home free.

Otherwise, things will be quite a bit trickier. Your #1 problem is going to
be regaining access to your encrypted files.

If you have ever exported encryption or recovery keys from your machine,
track down the copies of those keys and hold on to them real tight. They
will be crucial.

If your machine is joined to a domain, you have an additional recourse: the
domain admin will be able to recover your encrypted files for you.

IMPORTANT: DO NOT try to use any password-reset utility yet! If you use such
a utility, and it successfully replaces your password with a new one, you
will have shot yourself in the foot in the worst way. You'll find that you
are able to log into your account but your private keys will be
indecipherable. You will not be able to access any encrypted files. This is
because your private keys are already stored in a strongly encrypted form,
using a key that's based upon your current (forgotten) password. Running a
password-reset utility could easily erase from your hard drive all remaining
clues to what your original password was, which means that your keys might
be irretrievably lost. So if you've tried to run a password-reset utility
and it's kicked you out, consider yourself very lucky...

Carefully examine what sorts of backups you may have made from the affected
machine. Backups could potentially contain plaintext versions of your files,
and perhaps even keys or password hashes.
 
If your backups don't provide you with what you need, you will need to use
some password-cracking tools to *discover* what your original password was
(not replace it with a new one, since that would lock you out of your
encrypted files as I explained above).

To summarize, in order to recover encrypted files, you must do at least one
of the following:
A. Use a Password Reset Disk, if available.
B. Retrieve your private key (or the recovery key), if you have ever
exported these to a floppy or other media.
C. Contact domain admin.
D. Retrieve plaintext files (or perhaps keys) from backup media.
E. Crack (don't reset) your password.

Getting in touch with an experienced technician would be a good idea for
some of these procedures. You'll have to be very careful not to overwrite
potential clues (such as password hashes) on your hard drive until you have
successfully regained possession of your private keys. A seasoned hacker is
likely to be able to crack your password if you give him good hints as to
what sorts of characters it contains.

NOTE **********************************

To all: If I have misstated something here please let me know. Have I left
out any techniques that could be useful? Tnx!

***************************************


Simon
szucker () rcn com

-----Original Message-----
From: J. Yoon [mailto:supercool9000 () hotmail com] 
Sent: Wednesday, December 24, 2003 9:46 AM
To: security-basics () securityfocus com
Subject: locked out of XP, need file access 

I'm locked out of my own Windows XP box.
Being a paranoid,
I have not provided myself with any password hints
even for the administrator mode.

I do remember about 2 characters from it though
but there's just too many combinations.

There are personal files in there that I need to access.

I remember that with the old Win98,
it was possible to do something with the .pwd file
(not that we needed it,
since all the files are accessible anyway)
but I'm sure things have changed significantly since.

I did infact try using a XP password recovery tool kit
and global-resetter thing I got from the net...
but the software asks me to enter root password
and then tells me to get lost.
It's strange and ironic,
because the passwd is precisely what I'm trying to figure out.

I don't wanna read a 1,000 page book just yet
cuz I need access to my files asap.

What would be some of the necessary simple steps to take at this time?
Thanks in advance...

_________________________________________________________________
Expand your wine savvy - and get some great new recipes - at MSN Wine. 
http://wine.msn.com


---------------------------------------------------------------------------
----------------------------------------------------------------------------




---------------------------------------------------------------------------
----------------------------------------------------------------------------