Locksmith failure

[BBWolfie]

I recently purchased an ASUS Republic Of Gamers G751J laptop with:

• Processor: Intel Core i7-4710HQ Processor, 2.5 GHz (6M Cache, up to 3.5 GHz)
• Operating System: Windows 8.1 (64bit)
• Chipset: Mobile Intel® HM87 Express Chipsets.
• Memory Slot: 4x.
• Total System Memory: DRAM DDR3 8GBx4.
• Storage: SATA 1TB 7200RPM 2.5′ HDD, SATA 128G 2.5′ SSD.

I purchased the laptop through a pawn shop for $350.00 because they couldn't logon to the laptop. I have used Microsoft's Dart - Locksmith v10 built on a Windows 10 platform so locksmith should have worked. However, I was able to change the guest password with locksmith. I also changed the Administrator password, but not able to opt into that user login screen. I also attempted to use ubcd, and iseepassword. When I attempt to use a bootable USB, its problematic to get the laptop to boot to the dongle to use a hack mechanism to where it usually loads the default user (which I believe is the default administrator account) screen or guest account login screen. I log into the guest account Ok with the password I changed it to, which leads me to believe locksmith worked. But it didn't work on the default user account.

F5  = no reaction normal boot

F8  = no reaction normal boot

F9  = part manager fails target

ESC + F2 = BIOS

With the USB boot tools = default user & guest have a flashing logon icon - they alternate flashing between each other.

Brand new PC Doctor dongle shows all test 100%.

Because I've never worked with a ROG laptop, or raid system other than a few scenarios in class; my questions are:

1 - can I kill all partitions other than the partition recovery and be able to use the drive 1 usable drive either by reimaging or reinstalling?

And if not:

2 - What can I do to hak5 this box.

I really don't want to have to part this beautiful stealth fighter looking laptop.

Or:

3 - Do I send it to a ROG Service center with a copy of the receipt to establish ownership?

???????

Any help in this manner is appreciated.

[Lord_KamOS]

could you grab the windows license and clean install windows?

There is a tool called magical jelly bean that should do the trick, or maybe the license is on a sticker?

https://www.magicaljellybean.com/keyfinder/

Edited July 30, 2017 by Lord_KamOS

[BBWolfie]

There is no listed license number. How can I grab the embedded license? I have a clean 8.1 license if need be. I'd like to use the license that came with it, but it has a straight 8 and I only have access to an 8.1 installer. I don't think they are transferable. As a college student, I have licenses for 7, 8.1, & 10 for life for personal & educational use. I guess I could give this beauty yo my Wife if I get it fixed.

[Lord_KamOS]

Try the tool i linked, but if you have access to a license i see no problem to just clean install windows.

 

[BBWolfie]

Cool. I got word & Win 8.1 licenses. I just hope the hardware isn't locked somehow. Because that might kill the HDD.

[digip]

If it's UEFI boot, get a live disc ISO that has EFI boot capabilities, and you can then grab the SAM file and crack the passwords offline(or while booted live). A live disc of Kali 2017.1 should have EFI by default on it, (I know the KDE version of 2017.1 does). [ Note, it has the files, after an install and update, but not to boot UEFi withotu using a USB and something like RUFUS ] You can then boot in EFI mode, apt-get update and install ophcrack's basic NT password list(can also throw larger one on USB and mount and use for crack list) then crack the passwords. If can't crack them, then If needed, you can also replace the NT passwords with chntpw. Google it. Should be fairly quick to change the password.

Edited November 3, 2017 by digip

[Dave-ee Jones]

Try Hiren's Boot CD. Lots of tools on there to grab the license keys, change passwords of users (including Admin), wipe partitions etc. Everything you need. Stick it on a CD/USB with ... basically any ISO to USB writing tool and you're away.

2 minutes ago, digip said:

If it's UEFI boot, get a live disc ISO that has EFI boot capabilities, and you can then grab the SAM file and crack the passwords offline(or while booted live). A live disc of Kali 2017.1 should have EFI by default on it, (I know the KDE version of 2017.1 does). You can then boot in EFI mode, apt-get update and install ophcrack's basic NT password list(can also throw larger one on USB and mount and use for crack list) then crack the passwords. If can't crack them, then If needed, you can also replace the NT passwords with chntpw. Google it. Should be fairly quick to change the password.

Posted right before I did, didn't see it, but it's basically what you're looking for and what HBCD offers..

Edited July 31, 2017 by Dave-ee Jones

[BBWolfie]

I'll try hiron's boot disk tomorrow after my appointments and if that doesn't work i'll try a fresh install. I now have the win 8.1 key, so as long as I install 8.1 it should take. However, if Dart v10 can't change the default user, then perhaps Hiron's can do no better. Either way, I'll let you know how I do tomorrow or Tuesday if I run out of time tomorrow. Once again, thanks for the help. 

[Dave-ee Jones]

Worst comes to worst just chuck the HDD and put a new one in it (pref. SSD, as those specs would be better off not being anchored by a HDD) and put a fresh install of Windows on it (could potentially get the license key - should be on the laptop somewhere, next to the battery or underneath it etc.).

[BBWolfie]

So, I downloaded and loaded a brand new version of 8.1, used Rufus to load to USB and it won't load. I'll try when I go into BIOS, USB isn't seen unless Dart is in port. At this point I'm considering wiping out the drive totally and ghosting the drive with a copy of the recovery partition. It says its there and I really don't want to kill the original image. For the mean time I am able to use the laptop as guest. I can't install software, but what ever. This is so frustrating. I don't understand why Dart can locksmiths the guest account but not the admin. I noticed once that Dart error message stated it wasn't in admin mode. Can a drive lock admin mode out so you can't make modifications?

[digip]

5 hours ago, BBWolfie said:

So, I downloaded and loaded a brand new version of 8.1, used Rufus to load to USB and it won't load. I'll try when I go into BIOS, USB isn't seen unless Dart is in port. At this point I'm considering wiping out the drive totally and ghosting the drive with a copy of the recovery partition. It says its there and I really don't want to kill the original image. For the mean time I am able to use the laptop as guest. I can't install software, but what ever. This is so frustrating. I don't understand why Dart can locksmiths the guest account but not the admin. I noticed once that Dart error message stated it wasn't in admin mode. Can a drive lock admin mode out so you can't make modifications?

If your USB tool isn't set with UEFI, more than like won't boot properly. Needs to have the EFS files on USB to book when UEFI is enabled(which should be for windows 8.0 and later)

[BBWolfie]

I'll check to verify the UEFI setting on the USB. If that doesn't work, I just got a new Rubber Ducky today. So, maybe I'll see about snagging and cracking the SAM file with John or Cain. I've cleared out my schedule this week so I can actively try this over the weekend. Thanks for the help. it is most appreciated.

[Dave-ee Jones]

Hiren's Boot CD can overwrite the SAM file, by the way. Just boot into Windows XP Mini and find the corresponding program (there's a lot of password changers/crackers in it).

However not being able to boot to the USB is a problem. UEFI can get in the way (or fix the problem, depends on the way you write to the USB and the way your current boot settings work).

Edited August 28, 2017 by Dave-ee Jones

[Nicksmith]

I don't think so there is any fault with locksmith work here as the topic suggests.

[BBWolfie]

.Update. This last week I worked up a copy of passwd. I was able to change the password for the admin account. It was a matter of making sure I wasn't in secure boot mode. Further, I realized locksmith didn't fail. It was the fact I was still in safe boot mode. And when in safe boot mode, all admin accounts are locked or locked via the google account's service. Strange thing is that the guest account isn't protected. User accounts are now assigned to an E-mail account since Windblows 8 or so. I'm not sure if this needs to be a Google I'd or not. And if this is a known/unknown vulnerability or not. Either way, apparently it has to be accessed in order to reset the password for the account locally or boctaoe.

I am glad to say this issue is now resolved. Thank you Lord Kamos, Digip, & Dave-ee Jones for your assistance.

I'll probably wipe the drives later. I'd really like to use the default software & OS that came with the box since it is a ROG OEM setup. But there are 7 partitions:

-two recovery (450 MB & 12 GB)

-c = 94GB Boot

-EFI = 100 MB

-d = 130 GB

-e = 465.76 GB

-f = 465.76 GB

I've had to deal with raid systems (other than in lab scenarios), & it almost looks like a dual boot Linux platform install. I've been out of the computer field for over 8 years, so I was working on 2003 servers. I'm not sure how to remove raid configuration, keep the recovery partition(s) drives. This is going to be a personal gaming computer. I guess I could try ubcd and remove c, d, e, & f, then reimage the entire the combined cdef partitions. That should work. I think.

BBWolfie

Edited November 5, 2017 by BBWolfie

[BBWolfie]

Thank you NickSmith, you are correct. I just had not worked with 8, 8.1, & 10 before this year. And not dealt with UEFI either.

 

[Sophia]

On 11/6/2017 at 8:37 AM, BBWolfie said:

Thank you NickSmith, you are correct. I just had not worked with 8, 8.1, & 10 before this year. And not dealt with UEFI either.

 

Where can I download Locksmith? I need to use it to reset my forgotten password as well.

[Bigbiz]

If you have a windows install disc it ther

[BBWolfie]

Sophie, locksmith is included in the Microsoft Desktop Optimization Pack, a suite of utilities for Microsoft Windows customers who have subscribed to Microsoft Software Assurance program. It aims at bringing easier manageability and monitoring of enterprise desktops, emergency recovery, desktop virtualization and application virtualization. According to Wikipedia.

 

Alternatively you can try what Davee Jones suggested earlier in the post:

"Hiren's Boot CD c a n overwrite the SAM file, b y the way . Just boot into Wi n dows XP Mini and find the corresponding program (there's a lot of password changers/crackers in it)."

[Dave-ee Jones]

Simplest thing to do would be reinstall Windows from an install disk.

You can use Heidoc to download the Windows version you want (keep it the same as is currently installed so you can use the key). Probably best to change out the HDD while you're doing this so you can install to a new HDD and have grab the Windows product key from the old drive (if it's not already on the bottom of the laptop - in which case just install onto current HDD) using produkey or something similar and pointing it at the registry hive on the old HDD.

[Bigbiz]

Usually windows will load the product key auto. If making a fresh install. So no worries. The option is in the installer program

[Sophia]

On 7/3/2018 at 6:35 AM, BBWolfie said:

Sophie, locksmith is included in the Microsoft Desktop Optimization Pack, a suite of utilities for Microsoft Windows customers who have subscribed to Microsoft Software Assurance program. It aims at bringing easier manageability and monitoring of enterprise desktops, emergency recovery, desktop virtualization and application virtualization. According to Wikipedia.

 

Alternatively you can try what Davee Jones suggested earlier in the post:

"Hiren's Boot CD c a n overwrite the SAM file, b y the way . Just boot into Wi n dows XP Mini and find the corresponding program (there's a lot of password changers/crackers in it)."

After doing some searches on the web, I found a sticky keys exploit and it worked. But the steps are a bit hard to follow.

It's appreciated if someone could upload Locksmith and share it with me or others who're also looking for a password recovery tool.

[Bigbiz]

I would juast use ophcrack (vista) anyway. Vista will only work for windows 7 - 10. if you have xp use different.

[Dave-ee Jones]

On 7/4/2018 at 12:46 PM, Bigbiz said:

Usually windows will load the product key auto. If making a fresh install. So no worries. The option is in the installer program

Not necessarily - Windows 7 requires the product key, Windows 10 installs don't always pick it up but usually it does, Windows 8 is dodgy..

[Cap_Sig]

On 7/5/2018 at 6:13 PM, Dave-ee Jones said:

Not necessarily - Windows 7 requires the product key, Windows 10 installs don't always pick it up but usually it does, Windows 8 is dodgy..

Agreed.  Better have the key with Windows 7.  Seen to many horror stories of people thinking they can just reinstall win7 and have no key....