[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [Full-disclosure] Microsoft EFS

To: fjgarrido@xxxxxxxxx
Subject: Re: [Full-disclosure] Microsoft EFS
From: Thomas Springer <tuevsec@xxxxxxx>
Date: Tue, 11 Oct 2005 14:21:47 +0200

The DEFAULT recovery agent is the Administrator, on the other hand you always can to decrypt the data from the userX login like that userX; So crack the password or overwrite it off-line (the same for the delegated recovery agent).


be careful:

overwriting the pw offline will work with efs on w2k. it will not work with winxp/2003: you cant access any efs-data after resetting the password offline.

you'll have to crack the usesrs or the admins pw and either logon interactively or export their keys to get access to the efs-encrypted data.

tom
_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

Follow-Ups:
- Re: [Full-disclosure] Microsoft EFS
  - From: Fco. Jose Garrido Matamoros
- Re: [Full-disclosure] Microsoft EFS
  - From: Mike Nice

References:
- [Full-disclosure] Microsoft EFS
  - From: wilder_jeff Wilder
- Re: [Full-disclosure] Microsoft EFS
  - From: Fco. Jose Garrido Matamoros

Prev by Date: [Full-disclosure] OpenSSL SSL 2.0 Rollback (CAN-2005-2969)
Next by Date: Re: [Full-disclosure] Mobile Infection
Previous by thread: Re: [Full-disclosure] Microsoft EFS
Next by thread: Re: [Full-disclosure] Microsoft EFS
Index(es):
- Date
- Thread