[FDE] PointSec

jfvanmeter at comcast.net jfvanmeter at comcast.net
Thu Jul 5 04:20:53 MDT 2007 

thansk Allen, that's a good Idea, i'll have to try it ..... Does anyone if there is any kind of auditing of the pre-boot log in?

thanks

Take Care and Have Fun --JOhn

 -------------- Original message ----------------------
From: Allen <netsecurity at sound-by-design.com>
> 
> 
> jfvanmeter at comcast.net wrote:
> > Thanks Ivan, and yes I have to VA and pen test both.
> > 
> > Does anyone know if it would be possible to mount the client side drive under 
> Back Tracks (or any linux system) and run a directory attack to crack the 
> password for the preboot, then dd drive?
> 
> I won't say it can't be done but I think there is an even more 
> reasonable scenario possible.
> 
> There are now two, that I'm aware of, slightly larger than USB 
> key full blown Linux systems. One is a firewall shim into the 
> TCP/IP stack and the other doesn't have a specific use that I'm 
> aware of yet. It was just mentioned on Linux Devices in the last 
> couple of days.
> 
> Okay, here is how I imagine it might work. In most corporate 
> computers there are local and remote administrators that log onto 
> your machine to fix things. If they are not connected to an 
> external authentication server, then their authentication is in a 
> local file, most likely the SAM file and its backup on the local 
> drive.
> 
> So boot the computer with normal, user only privileges, which 
> opens the encrypted disk to access by Windows. Start the Linux 
> system on the USB port. Do a native Windows system call to read 
> the SAM backup file and export it. Crack it off line. Now log 
> back in as an administrator and take what you will.
> 
> I'm not enough of a programmer to know how to do this, but I 
> talked to two who are and they seem to think it could be done.
> 
> Who knows, if this doesn't work, then I'm sure that there will be 
> other clever ideas that do.
> 
> Best,
> 
> Allen
> 
> _______________________________________________
> FDE mailing list
> FDE at www.xml-dev.com
> http://www.xml-dev.com/mailman/listinfo/fde

More information about the FDE mailing list