OS user password vulnerablilites

[AZ_]

I read an article either on Hacker News and Reddit explaining the different ways a person could obtain a user's account password if they had physical access to the terminal.

For Windows it was rainbow tables, and they even gave a program that you could pop into the CD drive, retrieves the hashes, and then processes them, or something to that effect.

For Mac OS, I don't remember.

For Linux, it was something about easily bypassing user settings.

Can anyone elaborate on these please?

[mShred]

For Windows, I think you're thinking Ophcrack. Or something similar. I've actually used it before, and it works alright. It's an actual bootable OS, Slax I think, and it just runs rainbow tables at startup.
Fuck Mac.
For Linux, I'm not sure what you mean by that.. It could kinda mean a lot. But a lot of it depends on what actual admin of the box is running, and what could be exploited by it.

[tremor77]

There are alot of utilities for Windows. Try this one http://pogostick.net/~pnh/ntpasswd/ of course, this is a password reset option and not password retrieval/cracking. But the end result, getting the users account with physical access is there... only they'll wonder wtf they can't login the next time they come back when their password isn't working.

There is also something called password genius http://www.pcworld.com/downloads/file/fid,112039-order,4/description.html i haven't used it myself but I have a house-call tech support friend who swears by it... probably paid version.

I'll second the fuck mac opionion from above.

Linux could potentially be different approaches based on the distro, for Ubuntu you can easily reset the root pwd with a Live CD or Live USB. Once again I've only given a reset option, I'm sure there is a recovery option as well though.. for all the OS's as long as you have physical access to the machine.