Cracking passwords with Windows 7 is no different or more difficult than it was with Windows XP.

As a result, a lost or stolen Windows 7 laptop is no more secure than a lost or stolen Windows 2000-based system. All anyone has to do is run the Ophcrack tool to recover many, if not all, passwords. (Just make sure you have a good set of NTLM hash tables, like the ones at Free Rainbow Tables.) If Ophcrack doesn't work -- or you want to go a different route -- then try Elcomsoft System Recovery, which can crack basic passwords, reset the local administrator account and more.

In addition, weak Windows 7 passwords can be found with a vulnerability scanner, such as the one built into QualysGuard. And although you can't directly log into the Windows 7 systems with these passwords, if they allow null sessions, someone can connect to them with a tool like Winfo or NetUsers and enumerate user accounts, the local password policy and other data. 

This information gives crackers another leg up against systems when used with manual analysis and tools like pwdump, John the Ripper and Proactive Password Auditor.

But the fun doesn't stop at the operating system: An attacker can crack your Windows 7 passwords if you're running an ill-configured Web application or Outlook Web Access system, which often has domain-level passwords that can be used against your network. It's a double whammy when the local system and the network are at risk.

Furthermore, there are BitLocker considerations as well as all the other accessible passwords past the Windows 7 login prompt. After gaining access to your Windows 7 systems, an attacker can dig around manually or use a tool such as Elcomsoft's Proactive System Password Recovery to collect additional system passwords, including the following:

  • Cached logon passwords
  • HomeGroup passwords
  • Web browser-cached passwords
  • WPA preshared key passwords

The majority of password issues may not be the direct fault of Windows 7 but instead a problem in the implementation of the OS. Regardless, weak passwords are still among the greatest vulnerabilities in many businesses.

Therefore, with Windows 7 here to stay, it may be time to rethink password policies across the enterprise. Remember that the key is to never let your guard down -- the bad guys certainly aren't letting up.

Kevin Beaver
is an information security consultant, expert witness, author and professional speaker at Atlanta-based Principle Logic, LLC. With over 23 years of experience in the industry, he specializes in performing independent security assessments revolving around minimizing information risks. Beaver has authored/co-authored 10 books on information security, including The Practical Guide to HIPAA Privacy and Security Compliance and Hacking For Dummies. In addition, he's the creator of the Security On Wheels information security audio books and blog, providing security learning for IT professionals on the go.

This was first published in March 2010

There are Comments. Add yours.

TIP: Want to include a code block in your comment? Use <pre> or <code> tags around the desired text. Ex: <code>insert code</code>

REGISTER or login:

Forgot Password?
By submitting you agree to receive email from TechTarget and its partners. If you reside outside of the United States, you consent to having your personal data transferred to and processed in the United States. Privacy
Sort by: OldestNewest

Forgot Password?

No problem! Submit your e-mail address below. We'll send you an email containing your password.

Your password has been sent to:

Disclaimer: Our Tips Exchange is a forum for you to share technical advice and expertise with your peers and to learn from other enterprise IT professionals. TechTarget provides the infrastructure to facilitate this sharing of information. However, we cannot guarantee the accuracy or validity of the material submitted. You agree that your use of the Ask The Expert services and your reliance on any questions, answers, information or other materials received through this Web site is at your own risk.