Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Ophcrack, kon boot ?


  • Please log in to reply
6 replies to this topic

#1 resertedlab

resertedlab

  • Members
  • 143 posts
  • OFFLINE
  •  
  • Local time:04:51 AM

Posted 29 October 2016 - 12:01 AM

I am aware that they are many possible ways windows password can be removed/reseted, or your files being accessed through live cd and so on, my question is simple here- does programs like ophcrack, kan boot (or anything else that you know) can really bypass the windows password and simply log in completely normally? I try to find info about them but it all comes from some untrusted sources..

Are those programs really that fast and easy to execute, does it depend on your system, and does newest laptops using UEFI more hard to be cracked that way? Also, if you had your usb boot disabled and bios locked, do they still work?

Again i am specific here about windows bypassing passwords,  not other file stealing methods :)

Thank you again for future replies :)



BC AdBot (Login to Remove)

 


#2 Didier Stevens

Didier Stevens

  • BC Advisor
  • 2,705 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:04:51 AM

Posted 29 October 2016 - 05:31 AM

Ophcrack does not bypass the Windows password. It tries to crack the Windows credentials. It can be successful but it can also fail cracking the credentials, depending on the password complexity and hashes used.


Didier Stevens
http://blog.DidierStevens.com
http://DidierStevensLabs.com

SANS ISC Senior Handler
Microsoft MVP 2011-2016 Consumer Security, Windows Insider MVP 2016-2019
MVP_Horizontal_BlueOnly.png

 

If you send me messages, per Bleeping Computer's Forum policy, I will not engage in a conversation, but try to answer your question in the relevant forum post. If you don't want this, don't send me messages.

 

Stevens' law: "As an online security discussion grows longer, the probability of a reference to BadUSB approaches 1.0"


#3 resertedlab

resertedlab
  • Topic Starter

  • Members
  • 143 posts
  • OFFLINE
  •  
  • Local time:04:51 AM

Posted 29 October 2016 - 06:11 AM

Didier, are you aware of the time it requires to crack it? Minutes, hours? If we are talking about complex password? Also are you aware if it works on UEFI systems? And again if your UEFI is locked with password and boot from USB is not allowed can it take action? 



#4 Didier Stevens

Didier Stevens

  • BC Advisor
  • 2,705 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:04:51 AM

Posted 29 October 2016 - 09:19 AM

If it can crack the credentials, it will take a couple of minutes.

 

If I'm not mistaken you have already asked questions about UEFI in other posts, and received answers.

I suggest you try to learn from the answers you received.

For your question: "And again if your UEFI is locked with password and boot from USB is not allowed can it take action?"

What do you think the answer is, taking into account what you already learned about UEFI?


Didier Stevens
http://blog.DidierStevens.com
http://DidierStevensLabs.com

SANS ISC Senior Handler
Microsoft MVP 2011-2016 Consumer Security, Windows Insider MVP 2016-2019
MVP_Horizontal_BlueOnly.png

 

If you send me messages, per Bleeping Computer's Forum policy, I will not engage in a conversation, but try to answer your question in the relevant forum post. If you don't want this, don't send me messages.

 

Stevens' law: "As an online security discussion grows longer, the probability of a reference to BadUSB approaches 1.0"


#5 resertedlab

resertedlab
  • Topic Starter

  • Members
  • 143 posts
  • OFFLINE
  •  
  • Local time:04:51 AM

Posted 29 October 2016 - 09:39 AM

Yes, maybe i am repeating my self so i apologize for that :) My current questions about if this programs like ophcrack, do they work on uefi based systems (only if you are aware, ofcourse), since i read a lot about them and how they work but the info is contraversive (some say it does, other that it doesnt) I read a lot about UEFI, thanks to the info i was given, especially about the secure boot, but i still can't catch a lot of things about it, the information on the web is bit of confusing, for someone who makes his first steps understanding this things :)


Edited by resertedlab, 29 October 2016 - 09:40 AM.


#6 Didier Stevens

Didier Stevens

  • BC Advisor
  • 2,705 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:04:51 AM

Posted 29 October 2016 - 10:01 AM

No need to apologize, you can ask as many questions as you want.

But you seem to be discovering a lot of hacking tools on the Internet, and then you have questions about that specific tool you just discovered.

This process can go on without ever ending, there are just too many hacking tools out there. To try to break out of this endless loop, you should try to understand how these tools work, and what protection mechanisms Windows offers.

 

Last time I used the Ophcrack Live CD it did not boot on UEFI, and I just checked the authors page and there is no mention of a new release with UEFI support.

 

Tools like Ophcrack use the following technique: they recover the encrypted passwords from the Windows files that contain them, and then they try to crack the encrypted passwords (by trying out a huge amount of potential passwords).

 

A good way to protect yourself from these tools, is to make sure that they can not read the required Windows files from disk.

Preventing booting is one solution that you identified seeing the questions that you ask, but another solution is to prevent file reading by using full disk encryption.

Then even if someone manages to boot (because you can not only boot from USB, but also from CD/DVD and network), they can not read the disk (preventing attacks like Ophcrack) but also not change the files (preventing attacks with password-reset disks).


Didier Stevens
http://blog.DidierStevens.com
http://DidierStevensLabs.com

SANS ISC Senior Handler
Microsoft MVP 2011-2016 Consumer Security, Windows Insider MVP 2016-2019
MVP_Horizontal_BlueOnly.png

 

If you send me messages, per Bleeping Computer's Forum policy, I will not engage in a conversation, but try to answer your question in the relevant forum post. If you don't want this, don't send me messages.

 

Stevens' law: "As an online security discussion grows longer, the probability of a reference to BadUSB approaches 1.0"


#7 resertedlab

resertedlab
  • Topic Starter

  • Members
  • 143 posts
  • OFFLINE
  •  
  • Local time:04:51 AM

Posted 29 October 2016 - 10:22 AM

I kinda understand it now, it's not just brute attack program that tries to guess the password from the outside, but it also plays with the windows files themselves, and if encryption is present it won't be able to recover anything, and it wont work. It's good to learn these things.

 

About the UEFI thing, i read around that you can access UEFI through your windows account- from advanced Start Up setting, so i though that no one can make changes to your firmware if he cant first log to your windows. But it seems that i am wrong because, even that when i start my laptop no boot options appear (like press F2 of antyhing), and i also found no info how to access my UEFI during boot time (before logging to windows), i accidently found a way to access the UEFI before you log into yours Windows, but i wont share it here witht he public since evil people  may be watching. So i though that unlike BIOS where you can log by pressing likfe F12 or so on that doesnt work like that with UEFI so no one can touch my uefi options if he doesnt know my windows password, but i believe i was wrong witih that guess- if someone has physicall access he can make changes to your UEFI firmware even if he cant log to windows..






0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users