Cracking passwords with Windows 7 is no different or more difficult than it was with Windows XP.
As a result, a lost or stolen Windows 7 laptop is no more secure than a lost or stolen Windows 2000-based system. All anyone has to do is run the Ophcrack tool to recover many, if not all, passwords. (Just make sure you have a good set of NTLM hash tables, like the ones at Free Rainbow Tables.) If Ophcrack doesn't work -- or you want to go a different route -- then try Elcomsoft System Recovery, which can crack basic passwords, reset the local administrator account and more.
In addition, weak Windows 7 passwords can be found with a vulnerability scanner, such as the one built into QualysGuard. And although you can't directly log into the Windows 7 systems with these passwords, if they allow null sessions, someone can connect to them with a tool like Winfo or NetUsers and enumerate user accounts, the local password policy and other data.
But the fun doesn't stop at the operating system: An attacker can crack your Windows 7 passwords if you're running an ill-configured Web application or Outlook Web Access system, which often has domain-level passwords that can be used against your network. It's a double whammy when the local system and the network are at risk.
Furthermore, there are BitLocker considerations as well as all the other accessible passwords past the Windows 7 login prompt. After gaining access to your Windows 7 systems, an attacker can dig around manually or use a tool such as Elcomsoft's Proactive System Password Recovery to collect additional system passwords, including the following:
- Cached logon passwords
- HomeGroup passwords
- Web browser-cached passwords
- WPA preshared key passwords
The majority of password issues may not be the direct fault of Windows 7 but instead a problem in the implementation of the OS. Regardless, weak passwords are still among the greatest vulnerabilities in many businesses.
Therefore, with Windows 7 here to stay, it may be time to rethink password policies across the enterprise. Remember that the key is to never let your guard down -- the bad guys certainly aren't letting up.
ABOUT THE AUTHOR:
Kevin Beaver is an information security consultant, expert witness, author and professional speaker at Atlanta-based Principle Logic, LLC. With over 23 years of experience in the industry, he specializes in performing independent security assessments revolving around minimizing information risks. Beaver has authored/co-authored 10 books on information security, including The Practical Guide to HIPAA Privacy and Security Compliance and Hacking For Dummies. In addition, he's the creator of the Security On Wheels information security audio books and blog, providing security learning for IT professionals on the go.
This was first published in March 2010