Oops… Windows security compromised

By | February 12, 2014
Locked out of Windows? Have no fear, you can reset your password all by yourself with a handy little utility and a Linux Live CD.

Not just that, but this handy little utility happens to be LGPL and has considerably more information about the Windows Registry and Security file structure than you'll find anywhere else on the web, in a very readable format.

Looks like Windows security is still in the state-of-art that it was in 3.1. Maybe time for a little catchup, Microsoft?

/via +David Kokua 

How to Reset the Password on Any Windows Version, Including 8.1, From Linux
If you have a Windows operating system and you find yourself locked out, Linux is there for the rescue with a very handy tool, ntpasswd.ntpasswd can b…

0 thoughts on “Oops… Windows security compromised

  1. Glenn Phillips

    I've had this on my usb drive for like 5 years now…
    Bro do you even #slowpoke

    And while this won't let you reset an admin password for ad you can leverage this same method to dump the hash list and crack the passwords offline.

  2. Jake Weisz

    This has been around for years, and is incredibly handy for helping home users. It doesn't work on Active Directory (corporate environments), and if you use EFS on your user directory (encryption), the disc will render the files unreadable. EFS is a standard Windows feature, it's just not turned on by default, because it's rare a user actually needs it.

    So no, it's really not "Windows security compromised". It's just a useful feature for those who aren't actually implementing Windows security.

  3. Valdis Kletnieks

    +Gary Myers The problem is that you can't make "secure boot" actually fully secure unless you lock the machine into booting only stuff approved by a company whose key is in the UEFI boot key storage – and there's only room for a limited number of keys.  So there's some anti-trust issues if 16 companies get keys in there, and a 17th wants to have an OS….

    (And remember, there's more than 17 Linux distros out there)

  4. Gary Myers

    Wasn't this the reason MS was pushing the secure boot concept to stop running unapproves operating systems from starting.
    Though I guess you can remove the hard drive from the PC and attach it to a less secure box.

  5. Valdis Kletnieks

    To be fair, there isn't any operating system that can stop this sort of thing – if you have physical access it's pretty much game over.  As +Steven Holms points out, full-disk crypto is the only real defense against somebody who has physical access.

    And for that matter, if somebody has that sort of access, getting the admin password reset is the least of your worries at that point – they can also do anything else they want to your system, up to and including installing whatever sort of spyware or rootkits they want (and no, UEFI "secure boot" doesn't defend against that as much as you might think – at that point an attacker can add an additional signing key that corresponds to their backdoored boot image.  And the only fix against that is to prohibit the customer from adding their own keys – at which point the box only has the pre-installed Microsoft signing key.  Like that is going to fly with the anti-trust regulatory agencies 🙂

    The sad part is that the best documentation of the file formats is in an LGPL package and not the vendor's own docs.

  6. Steven Holms

    Technically, you can also reset a Linux password as long as you have physical access to the hardware. The only real security for hardware access is full disk encryption, as changing the password won't make the encrypted data available.


Leave a Reply

Your email address will not be published.