Windows XP password

PDD

Hi Guys,

I was wondering if anyone knows if it is possible for someone to discover my password for XP. I have noticed a few changes on my PC and I think one of my housemates may know the password. I have changed it twice now and still seeing minor changes etc. I know it is possible to reset a password with a boot floppy but is it possible to view the password so that the person who owns the account isn't any wiser- this is the only explaination I can think of for the changes Im seeing.

PDD

Ruu_Old

I don't know how likely it is that there is a keylogger or some such utility on your computer. Have you scanned with spybot in safe mode? A virus could be making those changes too perhaps, so don't rule that out either.

b0bsquish

yup, many of those boot floppies show the password as well as giving you the option of reseting it. If you need to hide those vital documents *cough*porn from your housemates try something like http://www.softpedia.com/get/Security/Encrypting/RootMask.shtml

petes

b0bsquish wrote:

yup, many of those boot floppies show the password as well as giving you the option of reseting it. If you need to hide those vital documents *cough*porn from your housemates try something like http://www.softpedia.com/get/Security/Encrypting/RootMask.shtml

I don't think its possible to view the password, but a lot of them allow you to change/reset it.

PDD

Hi Guys,

Cheers for the info, Ive checked for loggers and viruses and I cant seem to find any. I think the likely culprit is a boot disk being used to view the passwords but as Petes said I didnt think this was possible. Does anyone know of one that does this?

Dave

petes

Is your flatmate technically minded? Is your password secure?

kippy

There are utilities that let you view the password. Password cracking (dictionary) utilitiesdo this but your password would have to be very basic for it to work quickly.
Most apps that I've seen just let you reset or blank the password.

If I were you I would set a BIOS or POWER ON password which isnt as easy to get past but before doing so check the event log of your PC for logon attempts or at least set up yout PC to log "log ons" this may held show if someone else is using it.
By the way, what exactly is changing?

petes

kippy wrote:

There are utilities that let you view the password.

Such as. Would be interested in knowing.

Villain

No, that is NOT possible
Windows encrypts the passwords using a one-way-encryption (like for example MD5)
and then stores the hash in a file.
The only way to get the password out of that hash is to do a brute-force attack.
(Try to encrypt all possible passwords and see if the hash is the same. IF there is a match, you've got the password, if not, try again with more characters. Do I need to say this takes up a lot of time.)

petes

Thought as much. Anything I've ever used was to reset the password.

andy1249

No, that is NOT possible
Windows encrypts the passwords using a one-way-encryption (like for example MD5)
and then stores the hash in a file.

Up until about an hour ago I would have agreed , then the brother drops up and gives me a floppy that does exactly whats described above ,

It boots to the floppy , shows the actual bloody passwords and asks if you want to change em , I dont know how it does it , Im going to try and access the code , but it does it !!

So that pretty much blows windows security apart as far as I can see , passwords are useless if you have this disk , he got a copy in college , says everyone must have it by now !!

BlueMonke

Think your being a little paronid or trying to do the same thing yourself!!!!!!

Like Kippy said it is very hard and time consuming to reveal a windows password if yo can at all.

Also Irish1 has the right idea use the BIOS password.

Villain

Ummm I'd be very interested in seeing this in action.
Apparently these guys can do it:http://www.loginrecovery.com/

andy1249

Like Kippy said it is very hard and time consuming to reveal a windows password if yo can at all.

With this floppy it takes about five minutes , the brother says they are being passed around in college like sweets , everyone wants it so they can unblock limewire and the likes on the college network , quick password change , download , change the passwords back !! Can you believe that.

Anyway I have the floppy here , it needs no net connection , and takes about five minutes to show the passwords , and that includes any boot password as well !!

KdjaCL

PDD wrote:

Hi Guys,

Does anyone know of one that does this?

Dave

Yes i know off 2 that do.


kdjac

mr_disc

kippy wrote:

If I were you I would set a BIOS or POWER ON password which isnt as easy to get past

Well if his flatmate was tech minded , he could simply get past a Power on password, as on alot of PC's you can bypass this by taking off / changing a jumper on the Mo.board ( these jumpers are clearly marked )

mathias

The wife just got a new T60 ( IBM/Lenovo ) thinkpad from work , it has a fingerprint scanner for logon , I guess thats the only secure option I know at the moment if the above is true ?

Capt'n Midnight

irish1 wrote:

Ummm I'd be very interested in seeing this in action.
Apparently these guys can do it:http://www.loginrecovery.com/

They almost certainly use free cracking tools, and simply have an awful lot of pre calculated hashes as well as a few pc's running in the background.

with fast PC's the simplier LM hash is easy to break, there is a setting called reversable encryption which is not desirable

also some apps that run as services have stored passwords in plain text, so if ya know where to go...

maybe if you got a key logger like canary you could see if anyone was on the machine when you wern't ?

mr_disc

sure does seem too much of a conspiracy that he can view your password, i mean what changes are being made exactly ?.

have a look in event viewer and see when the pc was accessed and or changes made to it, u should have an idad as to when you were on the pc yourself , and see if these times / dates match up.

Could also be that he is logging on under a different profile / username ( with admin rights ) and making these " changes " .

kippy

Well if his flatmate was tech minded , he could simply get past a Power on password, as on alot of PC's you can bypass this by taking off / changing a jumper on the Mo.board ( these jumpers are clearly marked )

This is getting like an FBI machine you need to protect here.
I am fully aware that the these passwords can be bypassed-but on newer boards this is far more difficult than what you have mentioned.
Anyway if the person does not have physical access to your machine for an extended amount of time (doing this operation will take about five minutes of messing with the machine, they will not be able to bypass it-locking your room would be a good option here.

Everyone knows that local windows account passwords are a piece of piss to get by, with many utilities out there that do the job for you. Winternals ERD for example can boot and gain access to most standard windows installs, NTFS or not. It can also clear passwords. Someone above has mentioned the name of a utility that will crack the password.

Think about this-why are most decent comms rooms highly secured places?
To limit physical access to the hardware. Physical access to hardware means that you can pretty much get past most types of security or you chances of doing so are that much higher.
As I mentioned above, check the logs, lock your room, get a hotswappable HDD and take it with you when you leave (extreme) please mention what exactly has changed, theres good reason to suspect it wasnt your mate.

Mr. Presentable

Disable/remove the floppy drive. Put a tiny dab of varnish and a hair on each screw so you'll know if they've been opened. Or set a spy cam nearby

PDD

Hi Guys,

Many thanks for the really great feedback. The kind of behviour I was seeing was changes in the history for my browser, the occasionally installed software that would essentially be spyware and changes in recent documents etc. I decided to lock the PC physically (as in lock the case) for two days an found no activity on it then when I unlocked it I started looking at logins and found logins for times when I was at wasnt there. I asked my flatmate about it and he said a mate of his had shown him a boot disk to show passwords so he could crack a machine and he had been playing around with it. I was a bit annoyed that had done it behind my back if you will but he said he was sorry and all he was doing really was surfing or doing a few assignments for college.

The thing is the PC is in the living room coz I dont want it in my bedroom and at the same time there is **** all space for it in my bedroom. I wouldn't mind giving my flatmate access to the machine accept for the fact that I use it for work and on top of that I dont want to be responsible for stuff he downloads etc in case any of it is dodgy or illegal or if something mucked up the machine etc. Im sure I could lock it at the BIOS level but I dont necessarily want to do that coz its awkward for me its a bit draconian in my mind. I was thinking maybe he could use a live distros of Linux maybe but hes not so technically minded. Anybody got any suggestions on how we can share the PC and keep things seperate?

PDD

kippy

Set up a limited account in XP.
There are tonnes of webpages out there to help you do this.
Search google for "limited account XP"
Or search google for "lock down windows XP"

Lots and lots of pages out there, use google a bit more.
Heres one to get you started:
http://netsecurity.about.com/cs/windowsxp/a/aa042204_3.htm
Kippy

PDD

Hi Guys,

Kippy I had thought about that but I dont want to have the hast of having to do admin on his account etc. Plus I dont to allow him to be downloading stuff that could be dodgy. I read somewhere that you can setup a thumb drive to boot XP and this sounds ideal, has anyone done this?

PDD

Villain

Simple, Install another version of Windows and dual boot, you use Install A and he uses Install B.