Full Disclosure mailing list archives
Re: Microsoft EFS
From: Thomas Springer <tuevsec () gmx net>
Date: Tue, 11 Oct 2005 14:21:47 +0200
The DEFAULT recovery agent is the Administrator, on the other hand you always can to decrypt the data from the userX login like that userX; So crack the password or overwrite it off-line (the same for the delegated recovery agent).
be careful: overwriting the pw offline will work with efs on w2k.it will not work with winxp/2003: you cant access any efs-data after resetting the password offline.
you'll have to crack the usesrs or the admins pw and either logon interactively or export their keys to get access to the efs-encrypted data.
tom _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Current thread:
- Microsoft EFS wilder_jeff Wilder (Oct 10)
- Re: Microsoft EFS Fco. Jose Garrido Matamoros (Oct 11)
- Re: Microsoft EFS Thomas Springer (Oct 11)
- Re: Microsoft EFS Fco. Jose Garrido Matamoros (Oct 11)
- Re: Microsoft EFS Mike Nice (Oct 11)
- Re: Microsoft EFS Thomas Springer (Oct 11)
- <Possible follow-ups>
- RE: Microsoft EFS Todd Towles (Oct 10)
- Microsoft EFS Dyke, Tim (Oct 11)
- Re: Microsoft EFS Fco. Jose Garrido Matamoros (Oct 12)
- Re: Microsoft EFS Fco. Jose Garrido Matamoros (Oct 13)
- Re: Microsoft EFS Thomas Springer (Oct 12)
- Re: Microsoft EFS Thomas Springer (Oct 12)
- Re: Microsoft EFS Fco. Jose Garrido Matamoros (Oct 12)
- Re: Microsoft EFS Fco. Jose Garrido Matamoros (Oct 11)