Cracking passwords in Windows 7, Child's play


Recommended Posts

hdood

Rich? Owenw? Have you located your evidence yet?

Link to post
Share on other sites
+Anarkii

oh wow this is bad for security

Link to post
Share on other sites
  • 3 weeks later...
Maryolexn

Cracking passwords with Windows 7 is no different or more difficult than it was with Windows XP

As a result, a lost or stolen Windows 7 laptop is no more secure than a lost or stolen Windows 2000-based system. All anyone has to do is run the Ophcrack tool to recover many, if not all, passwords. (Just make sure you have a good set of NTLM hash tables, like the ones at Free Rainbow Tables.) If Ophcrack doesn't work -- or you want to go a different route -- then try Elcomsoft System Recovery, which can crack basic passwords, reset the local administrator account and more

http://searchenterprisedesktop.techtarget.com/tip/0,289483,sid192_gci1406621,00.html

ophcrack is not work for me last month. I used Windows Password Recovery Tool 3.0 to reset Windows 7 password . It is a professional Windows password recovery tool for those who have lost or forgot Windows passwords including Windows 7 password. I find it from his blog http://www.blog.windowspasswordsrecovery.com

I also find a blog about windows 7 password. http://www.windows7password.net

So, as the result, I think windows 7 is not safe too.

Link to post
Share on other sites
  • 1 month later...
Guest xiphi

I've tried Ophcrack when trying to help a friend recover a password when one of her kids changed it on her, but it didn't even work on my machine and I have a simple password! Luckily, System Restore fixed her problem.

Link to post
Share on other sites
nub

For all you who think encryption cannot be evaded, check this out:

1024-bit RSA encryption cracked by carefully starving CPU of electricity

University of Michigan claims they can break the encryption simply by tweaking a device's power supply. By fluctuating the voltage to the CPU such that it generated a single hardware error per clock cycle, they found that they could cause the computer to flip single bits of the private key at a time, allowing them to slowly piece together the password.

Source: http://www.engadget....ing-cpu-of-ele/

Now, three eggheads (or Wolverines, as it were) at the University of Michigan claim they can break it simply by tweaking a device's power supply. By fluctuating the voltage to the CPU such that it generated a single hardware error per clock cycle, they found that they could cause the server to flip single bits of the private key at a time, allowing them to slowly piece together the password. With a small cluster of 81 Pentium 4 chips and 104 hours of processing time, they were able to successfully hack 1024-bit encryption in OpenSSL on a SPARC-based system, without damaging the computer, leaving a single trace or ending human life as we know it.

Link to post
Share on other sites
mokthraka

they still did it though, the point is, someone will always be able to crack whatever it is you have.

Link to post
Share on other sites
Astra.Xtreme

You could do the work of 81 P4 chips with 1 i7. :p

Link to post
Share on other sites
smooth_criminal1990

Cracking passwords with Windows 7 is no different or more difficult than it was with Windows XP

As a result, a lost or stolen Windows 7 laptop is no more secure than a lost or stolen Windows 2000-based system. All anyone has to do is run the Ophcrack tool to recover many, if not all, passwords. (Just make sure you have a good set of NTLM hash tables, like the ones at Free Rainbow Tables.) If Ophcrack doesn't work -- or you want to go a different route -- then try Elcomsoft System Recovery, which can crack basic passwords, reset the local administrator account and more

http://searchenterprisedesktop.techtarget.com/tip/0,289483,sid192_gci1406621,00.html

Not strictly true as 7 and Vista use NTLM instead of just LM which XP does (7 and Vista disable it by default). Though all this does is make the hashes more resistant to bruteforcing as far as I know, probably isn't any better against rainbow tables.

And for the average business with any sense (i.e. fairly secure cases, boot from CD disabled) Windows doesn't let just anyone read the 'SAM' or 'System' files.

Link to post
Share on other sites
c3ntury

I reckon Microsoft should buy out TrueCrypt and include it in Windows 8. Would stop alot of exploits and help protect its users alot more.

Link to post
Share on other sites
XerXis

You can prove that something exists. You cannot prove that something doesn't exist.

stupid claim, I can quite easily prove that there is no prime number ending in two.

Link to post
Share on other sites
XerXis

I reckon Microsoft should buy out TrueCrypt and include it in Windows 8. Would stop alot of exploits and help protect its users alot more.

I'm a truecrypt user and think it's great software, but Microsoft does have a very capable solution with bitlocker. So unless you have something concrete about how bitlocker is slower/less secure than truecrypt I don't really think you have a point.

Link to post
Share on other sites
leeisl

stupid claim, I can quite easily prove that there is no prime number ending in two.

2 is a prime number you know. :huh:

  • Like 1
Link to post
Share on other sites
macf13nd

2 is a prime number you know. :huh:

Great first post!

Link to post
Share on other sites
funkymunky

Oh my there is so much FUD in this thread, and crazy conspiracy theories.

Maybe judging by the claims of certain "News Reporters" on here, just goes to show why the Front Page news are quite often erroneous. Be it from grammer/spelling to the actual facts themselves if no real research is done :(

Link to post
Share on other sites
XerXis

2 is a prime number you know. :huh:

*insert curse here* i knew i overlooked something :p

let's change that to no prime number ending with 2 and that is bigger than 2 :p

Link to post
Share on other sites
pawa

It seems like quite often people seem to misunderstand what Windows passwords are actually good for.

While they play a big role on servers and in big company networks, home computers are not really made any more secure just because of secure Windows passwords.

Although windows passwords protect against some worms like downup, in case of phycisal access by the attacker, they wont help.

Only a combination of windows passwords, full disk encryption and bios-security can help a little against attacks based on physical access.

Still, just to mention, the way windows saves account passwords, got more secure when MS switched the standard algorithm to NTLM in Windows Vista.

However, the point is, that one having physical access to a computer, does not need any windows account password, but only needs to boot from something else than the running operating system and then access the HDD's in the desired way.

Link to post
Share on other sites
Hum

I thought discussing 'cracks' was not allowed on Neowin ... :huh:

Link to post
Share on other sites
iamwhoiam

I thought discussing 'cracks' was not allowed on Neowin ... :huh:

Giving (or linking to) detailed instructions on how to crack a secure system would be against the rules. I gather that the purpose of this thread is to inform people that the Windows account passwords are not a secure system (never were and still aren't) and that they should not rely on it for security. Several people have posted more secure methods of protecting their data. The purpose of this thread would seem to be how to enhance security rather than how to defeat it and thus it is not against the rules.

Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
  • Recently Browsing   0 members

    No registered users viewing this page.