Bypass Windows and Linux Login?

Think this is legit?

Simple Hack To Bypass Logon Passwords On Windows 7, Vista, XP, Gentoo, Debian, Ubuntu and Fedora | Megaleecher.Net

It shows it doing it in vmware with windows xp. It also said it’s been tested on Gentoo, Ubuntu, Debian, and Fedora.

I am going to check this out. Will report back.

I tried with WinXP under VirtualBox and it works!!
Anyway, currently, not working for openSUSE.

I think this technique used is the same (taking over INT13H):
Windows 7 Can Be Hacked, No Fix

I think, it will be possible to hack all OSes in this manner.

Also, read this post:
Windows7 Info - openSUSE Forums

Yeah, I remember caf starting a thread about that. I just found this because some software I downloaded told me to go to that site for more software. And I was just perusing through the stories on there and that was one of them.
But at least it didn’t work for you in openSUSE :wink:

Ian

On Fri, 2009-05-01 at 06:26 +0000, ijbreakey wrote:
> Think this is legit?
>
> ‘Simple Hack To Bypass Logon Passwords On Windows 7, Vista, XP, Gentoo,
> Debian, Ubuntu and Fedora | Megaleecher.Net
> (http://tinyurl.com/d48k2o)
>
> It shows it doing it in vmware with windows xp. It also said it’s been
> tested on Gentoo, Ubuntu, Debian, and Fedora.

All you need is physical access to pretty much hack anything.
Encryption can be an issue if you’re dealing with encrypted
data. But anything goes.

(this really isn’t news… but I suppose to some it might be)

I give lots of talks on various subjects and sometimes I’ll meet
that insane ‘Security Chief’ that ones to ensure me that they
have the unhackable host. :slight_smile:

I try to tell them that if they want an unhackable host they
need to:

  1. Provide absolute physical security (difficult to do).

  2. Cut the network connection to a shared network (e.g. the Internet).

Folks, I’m sorry if these offend… but that IS the answer.

On Fri, 01 May 2009 19:32:44 +0000, cjcox wrote:

> All you need is physical access to pretty much hack anything. Encryption
> can be an issue if you’re dealing with encrypted data. But anything
> goes.

Yep. This used to be a common question I answered about NetWare “back in
the day”, and physical security is absolutely paramount.

Jim

I don’t know about bypassing Linux logons but tools for hacking Windows logon accounts have been available for many years. It the Windows admin passwords are stored in an NT Hash you can retrieve any password of 14 characters of less in a few minutes using tools like Ophcrack, John the Ripper, Cain and Abel, L0phtcrack, etc. If that fails there are other tools that allow you to reset the password. And if that fails you can physically rip out the drive and read it by hooking it up to another box.

Encryption is the only way to secure data, especially if the attacker has physical access. And the encryption should be full disk encryption and should use algorithims that don’t have any currently known weaknesses (e.g. AES with SHA-2) and use salts, rounds etc. to strengthen weaker passwords. But you should use a decent key regardless–probably one with at least 60 bits of entropy. And if the data is really sensitive, disconnect from any network connections before using the data in an unencrypted state.

Without encryption there’s nothing as easy as that if you have the same starting point like in the attack as described in the link above:

  • physical access to the machine

  • being allowed to boot from your own medium

Goes like this:

Boot (CD) -> Mount -> Changeroot -> Change Passwords -> Reboot (HD) -> Login

No need for any fancy tools at all.

I don’t know about bypassing Linux logons

Shove init=/bin/bash on the grub line see where that gets you…

Shhhhhhhhhhhh

Don’t tell all those “H4xx0rz’s secrets” to everybody!111

:slight_smile:

So no big surprise. If you want to protect your data encrypt it.