Password Cracking Windows Accounts

Password Cracking Windows Accounts

At work we have laptops with encrypted harddrives. Most developers here (on occasion I have been guilty of it too) leave their laptops in hibernate mode when they take them home at night. Obviously, Windows (i.e. there is a program running in the background which does it for windows) must have a method to unencrypt the data on the drive, or it wouldn't be able to access it. That being said, I always thought that leaving a windows machine on in hibernate mode in a non-secure place (not at work on a lock) is a security threat, because someone could take the machine, leave it running, hack the windows accounts and use it to encrypt the data and steal the information. When I got to thinking about how I would go about breaking into the windows system without restarting it, I couldn't figure out if it was possible.

Asked by: Guest | Views: 223

Total answers/comments: 1

Comments display order:

Guest [Entry]

"Obviously, if someone has physical access to the machine, all credentials stored can be considered compromised.

If one can, for example, boot from an USB device or optical drive, one can use point and click tools such as Ophcrack to recover all passwords. Instructions here: USB Ophcrack | Windows Login password cracker

Edit: Yes, I'm aware that you theoretically can't get back into an ""encrypted hard drive"" if the machine is rebooted. Whether or not that claim holds depends entirely on the software used to access the encrypted partitions. BitLocker seems to do a decent job, but many earlier implementations were basically a joke - and if you can access the machine it's trivially easy to dump the SAM database to the USB stick and perform the cracking offline."