Results 1 to 11 of 11

Thread: Bypassing windows password on slave hdd taken from another machine.

  1. #1
    Senior Member
    Join Date
    Sep 2007
    Posts
    409
    Thanks
    7
    Thanked
    32 times in 12 posts
    • icanhazburger's system
      • Motherboard:
      • Foxconn 946GZ7MA/946PL7MA Series
      • CPU:
      • DualCore Intel Core 2 Duo E6400
      • Memory:
      • 2 gig DDR2-667
      • Storage:
      • 320gig Baracuda II
      • Graphics card(s):
      • 7900 GS vc3600 cooler
      • PSU:
      • 600w
      • Case:
      • Something with a 25cm fan
      • Monitor(s):
      • 1 x 22"w 1 x 19"
      • Internet:
      • Pipex Max :(

    Question Bypassing windows password on slave hdd taken from another machine.

    This is not as dodgy as it 1st sounds as there is a legitimate reason.

    Basically we need to be able to bypass the windows password protection on hdd's taken from machines from various sources so we can analyse file usage and view any files of interest, they will be installed as a secondary hdd on our computer.

    Is there an easy way to get rid of any protection that may exist on the 'my documents' folder?
    In the internets, no one can hear you sarcasm.

  2. #2
    radix lecti dave87's Avatar
    Join Date
    Sep 2005
    Location
    England
    Posts
    12,806
    Thanks
    657
    Thanked
    931 times in 634 posts
    • dave87's system
      • Motherboard:
      • Asus
      • CPU:
      • i5 3470k under Corsair H80 WC
      • Memory:
      • 8gb DDR3
      • Storage:
      • 240gb SSD + 120gb SSD
      • Graphics card(s):
      • Asus HD7950
      • PSU:
      • XFX 600w Modular
      • Case:
      • Lian Li PC-A05FNB + Acoustipack
      • Operating System:
      • Windows 10 Pro
      • Monitor(s):
      • 2x Dell S2309W (1920x1080)
      • Internet:
      • BT Infinity Option 2

    Re: Bypassing windows password on slave hdd taken from another machine.

    If you are running as an administrator on the computer the hard disk is now in, you can take ownership of the files.

    How to take ownership of a file or folder in Windows XP?

    That's about as hard as it gets. I would suggest that you consult your legal dept. if you are doing this as part of a company, as doing this has possible implications that you may not like. Saracen would be able to tell you the exact legislation.

  3. #3
    Senior Member
    Join Date
    Sep 2007
    Posts
    409
    Thanks
    7
    Thanked
    32 times in 12 posts
    • icanhazburger's system
      • Motherboard:
      • Foxconn 946GZ7MA/946PL7MA Series
      • CPU:
      • DualCore Intel Core 2 Duo E6400
      • Memory:
      • 2 gig DDR2-667
      • Storage:
      • 320gig Baracuda II
      • Graphics card(s):
      • 7900 GS vc3600 cooler
      • PSU:
      • 600w
      • Case:
      • Something with a 25cm fan
      • Monitor(s):
      • 1 x 22"w 1 x 19"
      • Internet:
      • Pipex Max :(

    Re: Bypassing windows password on slave hdd taken from another machine.

    Quote Originally Posted by dave87 View Post
    If you are running as an administrator on the computer the hard disk is now in, you can take ownership of the files.

    How to take ownership of a file or folder in Windows XP?

    That's about as hard as it gets. I would suggest that you consult your legal dept. if you are doing this as part of a company, as doing this has possible implications that you may not like. Saracen would be able to tell you the exact legislation.
    Were doing it on behalf of quite a large insolvency practice, its all above board.

    Thanks, did not realise it would be so easy, last thing I said to my boss was to hope no one uses Linux though
    In the internets, no one can hear you sarcasm.

  4. #4
    Seething Cauldron of Hatred TheAnimus's Avatar
    Join Date
    Aug 2005
    Posts
    17,164
    Thanks
    803
    Thanked
    2,152 times in 1,408 posts

    Re: Bypassing windows password on slave hdd taken from another machine.

    Quote Originally Posted by icanhazburger View Post
    Thanks, did not realise it would be so easy, last thing I said to my boss was to hope no one uses Linux though
    All security is easy to bypass if you can elivate (ie, be admin) in this case putting the drive in another PC is all thats needed.

    Linux and Win are of course equal flawed in this way (or not, depending on how you look at it).

    The problem becomes if the data is Encrypted, rather than Access Restricted.
    throw new ArgumentException (String, String, Exception)

  5. #5
    Senior Member
    Join Date
    Sep 2007
    Posts
    409
    Thanks
    7
    Thanked
    32 times in 12 posts
    • icanhazburger's system
      • Motherboard:
      • Foxconn 946GZ7MA/946PL7MA Series
      • CPU:
      • DualCore Intel Core 2 Duo E6400
      • Memory:
      • 2 gig DDR2-667
      • Storage:
      • 320gig Baracuda II
      • Graphics card(s):
      • 7900 GS vc3600 cooler
      • PSU:
      • 600w
      • Case:
      • Something with a 25cm fan
      • Monitor(s):
      • 1 x 22"w 1 x 19"
      • Internet:
      • Pipex Max :(

    Re: Bypassing windows password on slave hdd taken from another machine.

    I dont expect there to be any more than standard security, if anyone has gone to any extra lengths to hide something then its probably worth the extra cost to find out why
    In the internets, no one can hear you sarcasm.

  6. #6
    Senior Member
    Join Date
    May 2007
    Location
    West Wales
    Posts
    484
    Thanks
    30
    Thanked
    18 times in 16 posts
    • Phil_P's system
      • Motherboard:
      • Gigabyte P35-DS4
      • CPU:
      • Q6600 G0
      • Memory:
      • 4x1GB Crucial
      • Storage:
      • 2 x WD 1TB in RAID1
      • Graphics card(s):
      • Gigabyte 7600GS
      • PSU:
      • Etasis 750W
      • Operating System:
      • RHEL5/RHEL6
      • Monitor(s):
      • Samsung 226BW 22" panel
      • Internet:
      • F2S 8mbit

    Re: Bypassing windows password on slave hdd taken from another machine.

    Quote Originally Posted by dave87 View Post
    If you are running as an administrator on the computer the hard disk is now in, you can take ownership of the files.

    How to take ownership of a file or folder in Windows XP?

    That's about as hard as it gets. I would suggest that you consult your legal dept. if you are doing this as part of a company, as doing this has possible implications that you may not like. Saracen would be able to tell you the exact legislation.
    Unless the user chose to use Windows Encrypting File System (EFS). At that point you won't get the data without the key. See here for more information:

    How to remove file or folder encryption in Windows XP

  7. #7
    radix lecti dave87's Avatar
    Join Date
    Sep 2005
    Location
    England
    Posts
    12,806
    Thanks
    657
    Thanked
    931 times in 634 posts
    • dave87's system
      • Motherboard:
      • Asus
      • CPU:
      • i5 3470k under Corsair H80 WC
      • Memory:
      • 8gb DDR3
      • Storage:
      • 240gb SSD + 120gb SSD
      • Graphics card(s):
      • Asus HD7950
      • PSU:
      • XFX 600w Modular
      • Case:
      • Lian Li PC-A05FNB + Acoustipack
      • Operating System:
      • Windows 10 Pro
      • Monitor(s):
      • 2x Dell S2309W (1920x1080)
      • Internet:
      • BT Infinity Option 2

    Re: Bypassing windows password on slave hdd taken from another machine.

    I'm guessing that if the guy is asking how to do it on here, then the people who's files he's looking at are highly unlikely to be a power user/admin, and are unlikely to know such an option exists.

    But fair point.


    EDIT - wouldn't recovery agents by default include the admin group?

  8. #8
    Senior Member
    Join Date
    May 2007
    Location
    West Wales
    Posts
    484
    Thanks
    30
    Thanked
    18 times in 16 posts
    • Phil_P's system
      • Motherboard:
      • Gigabyte P35-DS4
      • CPU:
      • Q6600 G0
      • Memory:
      • 4x1GB Crucial
      • Storage:
      • 2 x WD 1TB in RAID1
      • Graphics card(s):
      • Gigabyte 7600GS
      • PSU:
      • Etasis 750W
      • Operating System:
      • RHEL5/RHEL6
      • Monitor(s):
      • Samsung 226BW 22" panel
      • Internet:
      • F2S 8mbit

    Re: Bypassing windows password on slave hdd taken from another machine.

    Quote Originally Posted by icanhazburger View Post
    Thanks, did not realise it would be so easy, last thing I said to my boss was to hope no one uses Linux though
    Again, and as TheAnimus said above, providing the data isn't encrypted, recovering data from Linux partitions is as easy as booting from a Linux LiveCD and copying it to a network drive, usb pendrive, optical media or whatever.

  9. #9
    Senior Member
    Join Date
    May 2007
    Location
    West Wales
    Posts
    484
    Thanks
    30
    Thanked
    18 times in 16 posts
    • Phil_P's system
      • Motherboard:
      • Gigabyte P35-DS4
      • CPU:
      • Q6600 G0
      • Memory:
      • 4x1GB Crucial
      • Storage:
      • 2 x WD 1TB in RAID1
      • Graphics card(s):
      • Gigabyte 7600GS
      • PSU:
      • Etasis 750W
      • Operating System:
      • RHEL5/RHEL6
      • Monitor(s):
      • Samsung 226BW 22" panel
      • Internet:
      • F2S 8mbit

    Re: Bypassing windows password on slave hdd taken from another machine.

    Quote Originally Posted by dave87 View Post
    EDIT - wouldn't recovery agents by default include the admin group?
    No. If it did it wouldn't be very secure... it wouldn't be secure at all given that with physical access to the machine, any user account including the admin account can be hacked in a matter of minutes.

    How to add an EFS recovery agent in Windows XP Professional

    Quote Originally Posted by Microsoft
    In Microsoft Windows 2000 EFS, the built-in Administrator account is used as the default recovery agent. In Windows XP Professional, the EFS recovery agent's recovery certificate is not set as the default. This configuration change prevents a malicious attempt at decrypting by using the Administrator account. In systems that are upgraded from Windows 2000, the Administrator account that is set as the default recovery agent is migrated and is used as the default EFS recovery agent.
    If a users data has been encrypted with EFS, and the disk is still bootable, and the user account intact with key present, the simplest method of bypassing the encryption is to break the users password with something like ophcrack and then log in as them and retrieve the data. If the key is gone, then so is the data.
    Last edited by Phil_P; 14-04-2008 at 12:58 AM.

  10. #10
    radix lecti dave87's Avatar
    Join Date
    Sep 2005
    Location
    England
    Posts
    12,806
    Thanks
    657
    Thanked
    931 times in 634 posts
    • dave87's system
      • Motherboard:
      • Asus
      • CPU:
      • i5 3470k under Corsair H80 WC
      • Memory:
      • 8gb DDR3
      • Storage:
      • 240gb SSD + 120gb SSD
      • Graphics card(s):
      • Asus HD7950
      • PSU:
      • XFX 600w Modular
      • Case:
      • Lian Li PC-A05FNB + Acoustipack
      • Operating System:
      • Windows 10 Pro
      • Monitor(s):
      • 2x Dell S2309W (1920x1080)
      • Internet:
      • BT Infinity Option 2

    Re: Bypassing windows password on slave hdd taken from another machine.

    If he's already unplugged the drives, may aswell stick to Windows. Less complicated route

  11. #11
    radix lecti dave87's Avatar
    Join Date
    Sep 2005
    Location
    England
    Posts
    12,806
    Thanks
    657
    Thanked
    931 times in 634 posts
    • dave87's system
      • Motherboard:
      • Asus
      • CPU:
      • i5 3470k under Corsair H80 WC
      • Memory:
      • 8gb DDR3
      • Storage:
      • 240gb SSD + 120gb SSD
      • Graphics card(s):
      • Asus HD7950
      • PSU:
      • XFX 600w Modular
      • Case:
      • Lian Li PC-A05FNB + Acoustipack
      • Operating System:
      • Windows 10 Pro
      • Monitor(s):
      • 2x Dell S2309W (1920x1080)
      • Internet:
      • BT Infinity Option 2

    Re: Bypassing windows password on slave hdd taken from another machine.

    Ah ok, was thinking of Win2k, and presumed they would have carried it over.

    I'm sure the data wasn't important enough to go to such lengths to protect, unless someone is particularly paranoid...

Thread Information

Users Browsing this Thread

There are currently 1 users browsing this thread. (0 members and 1 guests)

Similar Threads

  1. Changes to Windows Vista Activation
    By Lee H in forum Software
    Replies: 0
    Last Post: 28-04-2007, 01:03 PM
  2. Replies: 4
    Last Post: 09-03-2006, 06:20 PM
  3. slave HDD installation help
    By Zyte in forum PC Hardware and Components
    Replies: 1
    Last Post: 24-02-2006, 06:20 AM
  4. Windows - how to use it more securely
    By Paul Adams in forum Software
    Replies: 12
    Last Post: 07-02-2006, 04:18 PM
  5. Windows Media Center 2005 machine - advice/comments required!
    By Tobeman in forum PC Hardware and Components
    Replies: 11
    Last Post: 23-01-2006, 09:55 PM

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •