Cracking passwords with Windows 7 is no different or more difficult than it was with Windows XP.
As a result, a lost or stolen Windows 7 laptop is no more secure than a lost or stolen Windows 2000-based system. All anyone has to do is run the Ophcrack tool to recover many, if not all, passwords. (Just make sure you have a good set of NTLM hash tables, like the ones at Free Rainbow Tables.) If Ophcrack doesn't work -- or you want to go a different route -- then try Elcomsoft System Recovery, which can
Requires Free Membership to View
When you register, you’ll also receive targeted alerts from my team of editorial writers and independent industry experts with the latest news, tips, and advice to help you do your job more efficiently and effectively. Our goal is to keep you informed on the hottest topics and biggest challenges faced by IT professionals today working with desktop management and security technologies.
Margie Semilof, Editorial Director
crack basic passwords, reset the local administrator account and more.
In addition, weak Windows 7 passwords can be found with a vulnerability scanner, such as the one built into QualysGuard. And although you can't directly log into the Windows 7 systems with these passwords, if they allow null sessions, someone can connect to them with a tool like Winfo or NetUsers and enumerate user accounts, the local password policy and other data.
This information gives crackers another leg up against systems when used with manual analysis and tools like pwdump, John the Ripper and Proactive Password Auditor.
But the fun doesn't stop at the operating system: An attacker can crack your Windows 7 passwords if you're running an ill-configured Web application or Outlook Web Access system, which often has domain-level passwords that can be used against your network. It's a double whammy when the local system and the network are at risk.
Furthermore, there are BitLocker considerations as well as all the other accessible passwords past the Windows 7 login prompt. After gaining access to your Windows 7 systems, an attacker can dig around manually or use a tool such as Elcomsoft's Proactive System Password Recovery to collect additional system passwords, including the following:
- Cached logon passwords
- HomeGroup passwords
- Web browser-cached passwords
- WPA preshared key passwords
The majority of password issues may not be the direct fault of Windows 7 but instead a problem in the implementation of the OS. Regardless, weak passwords are still among the greatest vulnerabilities in many businesses.
Therefore, with Windows 7 here to stay, it may be time to rethink password policies across the enterprise. Remember that the key is to never let your guard down -- the bad guys certainly aren't letting up.
ABOUT THE
AUTHOR
Kevin Beaver is an information security consultant, expert
witness and professional speaker at Atlanta-based Principle Logic LLC. With over 21 years of
experience in the industry, Beaver specializes in performing independent security assessments
revolving around information risk management. He has authored/co-authored eight books on
information security, including The Practical Guide to HIPAA Privacy and Security Compliance and the
newly-updated Hacking for Dummies, 3rd edition. In addition, he's the creator of the
Security On Wheels information security audio books and blog providing security learning for IT professionals on the go. Kevin can be
reached at www.principlelogic.com,
and you can follow in on Twitter at @kevinbeaver.
This was first published in March 2010
Join the conversationComment
Share
Comments
Results
Contribute to the conversation