Who knew it was that easy?

I got to be a hero yesterday, for something that I’m not particularly proud of: Recovering a lost password in Windows XP.

I’d tell you the context but you wouldn’t believe it anyway. Suffice to say that this isn’t the first time I’ve had to find a password for this particular person.

The revelation for me though, was how frighteningly easy it was to get passwords for the entire system, and how quickly it was finished.

I used Ophcrack in its low-ram version, which runs with Slitaz (yay Slitaz!) as its foundation. There are other versions on the same ISO though.

With this machine and the host system mounted as an external drive, it scrounged all the passwords for every account — including accounts the owner didn’t even know about — in about a minute and a half. :shock:

I am amazed, dismayed and chagrined, all at once.

I am not a security person. Security and passwords and encryption and things like that are just not interesting. I know, I should be more security-minded, but it’s all very ho-hum to me.

At the same time I am reminded of something I was told a long, long time ago … that if the physical security of a computer is compromised, all bets are off.

For me, yesterday was a good example of that. :|

About these ads

5 Responses to “Who knew it was that easy?”

  1. 1 technologyunit 2011/01/27 at 10:42 AM

    Thats just scary… Plain and simple…

  2. 2 aperson 2011/01/27 at 12:58 PM

    I swear by konboot: http://www.piotrbania.com/all/kon-boot/

    I know there’s other ways to just reset a password with a linux cd (I can’t find the exact method I’ve used, :S). Either way, I’d imagine it’d be easier than cracking it.

    • 3 steve 2011/02/01 at 5:44 AM

      What are you talking about?

      Ophcrack is done in under a few minutes. I use it when people forget to tell me their passwords and I need to work on their machine. Most people don’t have a password for the admin account anyway, so just boot into safe-mode, reset their password and you’re away.

      Windows “Security” is a joke.

  3. 5 Stanley 2011/01/27 at 4:51 PM

    I hope your passwords are greater than 15 characters. In WinXP, when the password is greater than 15 characters, it uses NTLM hashes (http://en.wikipedia.org/wiki/NTLM).

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s


Visit the Wiki!

Some recent desktops

May 6, 2011
Musca 0.9.24 on Crux Linux
150Mhz Pentium 96Mb 8Gb CF

May 14, 2011
IceWM 1.2.37 and Arch Linux
L2300 core duo 3Gb 320Gb

Some recent games

Apr. 21, 2011
Oolite on Xubuntu 11.04
L2300 core duo 3Gb 320Gb

Enter your email address to subscribe to this blog and receive notifications of new posts.

Join 405 other followers


This work is licensed under the GNU Free Documentation License. Please see the About page for details.

Blog Stats

  • 3,959,004 hits



Get every new post delivered to your Inbox.

Join 405 other followers

%d bloggers like this: