OS user password vulnerablilites

There are many different operating systems; which one will you choose?

OS user password vulnerablilites

Post by AZ_ on Sat Sep 17, 2011 7:34 pm
([msg=61612]see OS user password vulnerablilites[/msg])

I read an article either on Hacker News and Reddit explaining the different ways a person could obtain a user's account password if they had physical access to the terminal.

For Windows it was rainbow tables, and they even gave a program that you could pop into the CD drive, retrieves the hashes, and then processes them, or something to that effect.

For Mac OS, I don't remember.

For Linux, it was something about easily bypassing user settings.

Can anyone elaborate on these please?
User avatar
Posts: 105
Joined: Sun Jun 05, 2011 12:38 pm
Blog: View Blog (0)

Re: OS user password vulnerablilites

Post by mShred on Sun Sep 18, 2011 1:09 am
([msg=61619]see Re: OS user password vulnerablilites[/msg])

For Windows, I think you're thinking Ophcrack. Or something similar. I've actually used it before, and it works alright. It's an actual bootable OS, Slax I think, and it just runs rainbow tables at startup.
Fuck Mac.
For Linux, I'm not sure what you mean by that.. It could kinda mean a lot. But a lot of it depends on what actual admin of the box is running, and what could be exploited by it.
User avatar
Posts: 1899
Joined: Tue Jun 22, 2010 4:22 pm
Blog: View Blog (2)

Re: OS user password vulnerablilites

Post by tremor77 on Tue Sep 20, 2011 1:53 pm
([msg=61672]see Re: OS user password vulnerablilites[/msg])

There are alot of utilities for Windows. Try this one http://pogostick.net/~pnh/ntpasswd/ of course, this is a password reset option and not password retrieval/cracking. But the end result, getting the users account with physical access is there... only they'll wonder wtf they can't login the next time they come back when their password isn't working.

There is also something called password genius http://www.pcworld.com/downloads/file/fid,112039-order,4/description.html i haven't used it myself but I have a house-call tech support friend who swears by it... probably paid version.

I'll second the fuck mac opionion from above.

Linux could potentially be different approaches based on the distro, for Ubuntu you can easily reset the root pwd with a Live CD or Live USB. Once again I've only given a reset option, I'm sure there is a recovery option as well though.. for all the OS's as long as you have physical access to the machine.
User avatar
Posts: 1095
Joined: Wed Mar 31, 2010 12:00 pm
Location: New York
Blog: View Blog (0)

Return to Operating Systems

Who is online

Users browsing this forum: No registered users and 0 guests