±Forensic Focus Partners

Become an advertising partner

±Your Account


Username
Password

Forgotten password/username?

Site Members:

New Today: 1 Overall: 35883
New Yesterday: 3 Visitors: 162

±Follow Forensic Focus

Forensic Focus Facebook PageForensic Focus on TwitterForensic Focus LinkedIn GroupForensic Focus YouTube Channel

RSS feeds: News Forums Articles

±Latest Articles

±Latest Videos

±Latest Jobs

Password-Protected Windows 10

Computer forensics discussion. Please ensure that your post is not better suited to one of the forums below (if it is, please post it there instead!)
Reply to topicReply to topic Printer Friendly Page
Forum FAQSearchView unanswered posts
Page 1, 2, 3, 4  Next 
  

mhibert
Member
 

Password-Protected Windows 10

Post Posted: Mar 11, 18 05:54

Hi Guys,

I am struggling to bypass Windows 10 login password. What techniques would you use if you would be on my place?

P.S. BIOS is protected with a strong password and boot priority cannot be changed.

Thank you  
 
  

jaclaz
Senior Member
 

Re: Password-Protected Windows 10

Post Posted: Mar 11, 18 06:30

- mhibert
Hi Guys,

I am struggling to bypass Windows 10 login password. What techniques would you use if you would be on my place?

P.S. BIOS is protected with a strong password and boot priority cannot be changed.

Thank you


The usual ones, of course if you can access the disk. (i.e. it is not encrypted and you have not the password or if it is a laptop with integrated encryption, etc.)

OSK.EXE or similar, direct patching of msv1_0.dll if 32 bit (cannot say if a patch for 64 has been found/published for "your" Windows 10 version, and surely that depends on the exact version of the .dll)

jaclaz
_________________
- In theory there is no difference between theory and practice, but in practice there is. - 
 
  

mhibert
Member
 

Re: Password-Protected Windows 10

Post Posted: Mar 11, 18 06:54

what are the usual ones? Maybe i missing something  
 
  

benfindlay
Senior Member
 

Re: Password-Protected Windows 10

Post Posted: Mar 11, 18 10:34

Can you pull the disk? If so, cracking the password in the relevant Registry hives would be a good place to start!

Failing that, what about a password reset tool like NTPASSWD (I've not actually tried this myself on Windows 10 - hopefully someone can confirm that it still works)?

Ben
_________________
Ben Findlay. BSc (Hons) MSc PgCLTHE FHEA MBCS MCSFS MIScT MInstISP
Course Leader BSc Computer and Digital Forensics
School of Science, Engineering and Design
Teesside University 
 
  

jaclaz
Senior Member
 

Re: Password-Protected Windows 10

Post Posted: Mar 11, 18 11:10

@benfindlay
Reset is different from bypass (and is different from cracking the password).

@mhibert
As above, reset is different from bypass (and is different from cracking the password via ophcrack or similar).

To bypass there are historically three ways, in order of more intrusive to less intrusive:
1) rename (a copy of) cmd.exe to osk.exe (or to other executable accessible from the logon screen), this is not strictly speaking a bypass, but it allows to create a new user, leaving the original account untouched or change (reset) the password for the existing user
2) open a console on the Winsta0 desktop, this is actually a bypass as you will have a session as System, besides having the same possibility as above
3) modify the msv1_0.dll (this is trivial/universal on 32 bit, version specific on 64 bit), this is a real bypass, as you can login with *any* password on the existing local user account

Whether each and every of this will work on Windows 10, particularly on the specific version you have and/or whether the patch for your specific version in case of #3 exists is up to you to find.

#1:
Google for (without double quotes) "osk.exe cmd.exe reset windows password", or "utilman.exe cmd.exe reset windows password" you will find tens of (mostly copy pasted from one to another and for various windows versions) tutorials with slight variations, the method is the same since Windows XP .
Check anyway:
reboot.pro/topic/21061...-password/

#2:
reboot.pro/topic/18792...challenge/
blog.didierstevens.com...tilmanexe/

#3:
reboot.pro/topic/18588...-password/
read the whole thread, get latest chenall's version (but of course in your case you can use any hex editor instead) then look for the right pattern if any

Mind you these are what I would try, and what you could try if you are into learning.

Otherwise, spend a few bucks for a Commercial solution:
www.piotrbania.com/all/kon-boot/

jaclaz
_________________
- In theory there is no difference between theory and practice, but in practice there is. - 
 
  

MDCR
Senior Member
 

Re: Password-Protected Windows 10

Post Posted: Mar 11, 18 15:32

I remember a bootable Linux CD in which i could modify tbe password at will, even clear it. Forgotten the name of it, worked from XP to Windows 7, never tried it with Win 8 or 10, but i guess it would work.  
 
  

Jefferreira
Member
 

Re: Password-Protected Windows 10

Post Posted: Mar 11, 18 17:24

You can use a Linux Live Distribution to access the data on the storage device or working image.

Once you mount the device or image, you are able to access and extract the registry files and any other artefacts.

PS: I was on the move when I saw the post and did not read it carefully. You wrote that the Bios is password protected. I haven't done this in a while, but removing the battery from the motherboard should reset/remove the BIOS password.  

Last edited by Jefferreira on Mar 12, 18 03:47; edited 2 times in total
 

Page 1 of 4
Page 1, 2, 3, 4  Next