Windows 7 login pswd compared to Linux login pswd

[logicalconfusion]

this may not come as news to most ppl on this forum but the Windows XP (and reportedly Win7) login password is easy to hack using a plain old boot disc. According to researchers the Offline NT Password & Registry Editor utility can be used to reset the password and Ophcrack can crack the pswd hash using large rainbow tables. Although I personally haven't seen similar utilities for Linux, I bet there's a slew of'em out there. Anyone know of any boot disc type tools for lost Linux pswds?

Edited June 25, 2013 by logicalconfusion

[digininja]

With Linux you just boot into single user mode (if enabled without a password) then you have access to the machine as root without a password and can just pull off the passwd and shadow files. The alternative is to boot off a live LInux disk and then just mount the partition with /etc on it and pull them off from that.

There are various tools to then crack the password if you still want to. John the Ripper does it and I'm pretty sure Hashcat will as well but their site is currently down.

[digip]

Also on linux, you can blank out the password for root, short of them not booting with uuid info, you can mess with that as well so it can be reset, but most of the time, you can edit fstab or whatever to single user mode or change the grub boot to rw mode in single user mode and just run passwd after booting, then reboot and you've changed the root password, as mentioned above. With linux, if they use full disk encryption, thats about the only way to secure it, while putting the mount for the shadow file, on something like a thumb drive. Think int0x80 did a segment on how to do this too, and Shannon did a segment on moving the SAM file, off of windows, and onto a thumbdrive or removable media as well, so no one can boot windows without it, but unless you use disk encryption in windows as well, booting off a live disk you could still see all the files and just pull off whatever you want, regardless of windows, linux or mac OSX, if live booted, you can just copy what you want off to portable media and leave the password the same, and the owner would be none the wiser. You just need time, physical acccess, and tools to boot the system. For my laptop, I have the bios password protected as well as the HDD password protected, so you can't boot it, sort of removing, and remounting the laptops HDD and reading it in another machine and I keep it in a locked aluminum case pretty much at all times except when using it.

Ophcrack is an awesome tool though, and something everyone should carry with them if they do house calls to fix PC's for people, like in my family, who always manage to get pwned somehow and get locked out. There are a number of other bootable cd's and thumb drive tools out there as well, like Konboot, and UBCD4WIN if you're a windows tech, as well as Hirens boot disk and just using BackTrack, which is how I reset the passwords most of the time using tools on the BT dvd, similar to the NTPassword reset tools from Nirsoft and others.

[logicalconfusion]

@digininja

With Linux you just boot into single user mode (if enabled without a password) then you have access to the machine as root without a password and can just pull off the passwd and shadow files. The alternative is to boot off a live LInux disk and then just mount the partition with /etc on it and pull them off from that.

Seems too simple. I've never heard of Hashcast or John the Ripper (the one I read about is in jail getting his you know what ripped). Anyway, I think I missed the episodes where they demo how to compromise Linux shadow files and implement SAM security on USB drives. Its definitely worth researching.

@digip

I cannot believe that M$ deliberately coded their recent Win7 OS to allow anyone using the Offline NT Password & Registry Editor to reset passwords. You would think their keen enough to block such a hack.

Think int0x80 did a segment on how to do this too, and Shannon did a segment on moving the SAM file, off of windows, and onto a thumbdrive or removable media as well, so no one can boot windows without it, but unless you use disk encryption in windows as well, booting off a live disk you could still see all the files and just pull off whatever you want, regardless of windows, linux or mac OSX, if live booted, you can just copy what you want off to portable media and leave the password the same, and the owner would be none the wiser. You just need time, physical acccess, and tools to boot the system. For my laptop, I have the bios password protected as well as the HDD password protected, so you can't boot it, sort of removing, and remounting the laptops HDD and reading it in another machine and I keep it in a locked aluminum case pretty much at all times except when using it.

So, it's possible to install Win7 using full disk encryption - hm. Do you know if its a proprietary encryption format? I definitely gota dig around for those episodes. According to your last post, anyone can suck the hashes off Win7 and Linux, and then crack away, if its left un-encrypted. Digininja didn't list any reset tools for linux passwords. Anyone know of reset tools for popular debian based distros like Ubu (non-crack)?

Edited June 25, 2013 by logicalconfusion

[digininja]

You don't need reset tools for Linux it is simply a case of using a live boot disk and editing a file (in most situations)

And Windows has had FDE for ages, TrueCrypt is an alternative.

[digip]

Digininja didn't list any reset tools for linux passwords. Anyone know of reset tools for popular debian based distros like Ubu (non-crack)?

Also, depending on the OS, you can usually edit the GRUB command before boot, make it RW and single user mode, logs you onto console as root, type passwd, change password, reboot, done. Just have to break the boot sequence before it starts, or if you have a grub menu to choose options from, edit and change the boot mode from RO to RW and the runlevel to single user mode - http://en.wikipedia.org/wiki/Runlevel#Standard_runlevels

I've actually had to do that to reset passwords when forgotten on VM's before.

Edited June 24, 2013 by digip

[digininja]

Some distros lock single user mode down so you have to enter the root password to get into them, I've seen it on Debian.