Security Basics mailing list archives
Re[2]: Encryption on Laptops?
From: Alexander Lukyanenko <sashman () ua fm>
Date: Thu, 25 Mar 2004 23:49:59 +0200
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Hello Bart et al, ... BLkc> I simply change the BLkc> user account passwords on the box in question, log in as BLkc> the user, and voila, I have the BLkc> files. Nonsense! The idea of EFS is that the encryption keys (`certificates') are itself encrypted with user's passwords. If you don't know the password, you won't get to the files, and if you'll forcibly change the user's password, you'll kill the certificate and render the encrypted files unreadable. But, the system can still be "opened". You can boot with ERD/ntpasswd, change admin's password, boot Windows as usual, login, run pwdump/lc4, get the password hashes and then brute-force them using lc4 or John The Ripper (don't sure about the later being able to deal with NTLM2 hashes). Then you login as the user in question with his/her password and voila, you have the files. It ain't as easy and fast (you need to bruteforce a password), as just changing a user's password, but still possible. Cheers, * * * * * * * * * * * * * * * * Alexander V. Lukyanenko * * ma1lt0: sashman ua fm * * ICQ# : 86195208 * * Phone : +380 44 458 07 23 * * OpenPGP key ID: 75EC057C * * NIC : SASH4-UANIC * * * * * * * * * * * * * * * * -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.2.3 (MingW32) iD8DBQFAY1QMlz+8e3XsBXwRAsctAJ48/oMjTcreWlX6VoGXOAnVvp5lbACfYrQj OCP2z+qFgAVUtiKMZ4AErb0= =TGm2 -----END PGP SIGNATURE----- --------------------------------------------------------------------------- Ethical Hacking at the InfoSec Institute. Mention this ad and get $545 off any course! All of our class sizes are guaranteed to be 10 students or less to facilitate one-on-one interaction with one of our expert instructors. Attend a course taught by an expert instructor with years of in-the-field pen testing experience in our state of the art hacking lab. Master the skills of an Ethical Hacker to better assess the security of your organization. Visit us at: http://www.infosecinstitute.com/courses/ethical_hacking_training.html ----------------------------------------------------------------------------
Current thread:
- Encryption on Laptops? Shanafelt, Gabe (Mar 16)
- Re: Encryption on Laptops? Steven Joerger (Mar 17)
- Re: Encryption on Laptops? David E Mazza (Mar 17)
- RE: Encryption on Laptops? Aditya, ALD [Aditya Lalit Deshmukh] (Mar 19)
- Re: Encryption on Laptops? Magi Networks (Mar 17)
- Re: Encryption on Laptops? David E Mazza (Mar 17)
- Re: Encryption on Laptops? micron (Mar 17)
- RE: Encryption on Laptops? Simon and Sara Zuckerbraun (Mar 18)
- RE: Encryption on Laptops? Aaron (Mar 18)
- RE: Encryption on Laptops? Simon and Sara Zuckerbraun (Mar 19)
- RE: Encryption on Laptops? Bart . Lansing (Mar 22)
- Re[2]: Encryption on Laptops? Alexander Lukyanenko (Mar 26)
- Re: Re[2]: Encryption on Laptops? Bart . Lansing (Mar 26)
- RE: Re[2]: Encryption on Laptops? Simon and Sara Zuckerbraun (Mar 29)
- RE: Encryption on Laptops? Aaron (Mar 18)
- Re: Encryption on Laptops? Steven Joerger (Mar 17)
- <Possible follow-ups>
- RE: Encryption on Laptops? Yoo, Gene (Mar 17)
- Re: Encryption on Laptops? SMiller (Mar 18)
- RE: Encryption on Laptops? Kathmann, Nicholas (Mar 19)
- RE: Encryption on Laptops? Kenneth Buchanan (Mar 19)