Unoffical empeg BBS

Quick Links: Empeg FAQ | RioCar.Org | Hijack | BigDisk Builder | jEmplode | emphatic
Repairs: Repairs

Topic Options
#336203 - 17/08/2010 18:28 Hacker question
tanstaafl.
carpal tunnel

Registered: 08/07/1999
Posts: 5549
Loc: Ajijic, Mexico
The husband of a friend of my downstairs neighbor recently died. His widow has asked my neighbor if there is any way to log into her deceased husband's computer if she does not know the password. Apparently there is information on the computer that would help her deal with her husband's passing.

I told her (my neighbor) that it was unlikely that there would be any reasonable way to access the information. Was I correct? The neighbor will bring the computer to me, but I haven't the faintest idea of how I might proceed.

Is there a way within my capabilities and resources to retrieve data from the computer?

This is legitimate, my neighbor is 100% trustworthy.

tanstaafl.
_________________________
"There Ain't No Such Thing As A Free Lunch"

Top
#336204 - 17/08/2010 18:43 Re: Hacker question [Re: tanstaafl.]
tman
carpal tunnel

Registered: 24/12/2001
Posts: 5528
Depends on whether the files are encrypted or not. If they are encrypted with the Windows file system encryption then you're pretty much stuck unless you can work out the password.

If it is just that you can't log in then that is fairly easy to bypass. There are plenty of CD boot disk images you can use that'll reset the administrator password for you.

Top
#336206 - 17/08/2010 19:12 Re: Hacker question [Re: tman]
Robotic
pooh-bah

Registered: 06/04/2005
Posts: 2026
Loc: Seattle transplant
You could also pull the drive and mount it as an extra on another machine, then poke through the files as you like.
You won't be able to run any of the software he had, though.
_________________________
10101311 (20GB- backup empeg)
10101466 (2x60GB, Eutronix/GreenLights Blue) (Stolen!)

Top
#336207 - 17/08/2010 19:27 Re: Hacker question [Re: Robotic]
tanstaafl.
carpal tunnel

Registered: 08/07/1999
Posts: 5549
Loc: Ajijic, Mexico
Originally Posted By: Robotic
You could also pull the drive and mount it as an extra on another machine, then poke through the files as you like.
You won't be able to run any of the software he had, though.

Ah! Now, that I can do. My Vantec external dock will read 3.5 or 2.5 disks (I don't know if the computer is a laptop). Chances are the files she wants to read will be common, .xls or .doc and I'll be able to read them.

tanstaafl.

Edit: Nice idea while it lasted. My external dock is for SATA drives, and the computer is an ancient Dell with two 80-GB IDE drives. I guess I better try the admin password cracker stuff... which will be a neat trick because my CD burner will no longer burn CDs, only DVDs, and this computer has only a gigantic (6" x 8") CD player/burner.

db


Edited by tanstaafl. (17/08/2010 21:55)
Edit Reason: More info
_________________________
"There Ain't No Such Thing As A Free Lunch"

Top
#336208 - 17/08/2010 19:42 Re: Hacker question [Re: tanstaafl.]
Robotic
pooh-bah

Registered: 06/04/2005
Posts: 2026
Loc: Seattle transplant
And, of course, this is assuming none of the files are encrypted as was noted earlier.
_________________________
10101311 (20GB- backup empeg)
10101466 (2x60GB, Eutronix/GreenLights Blue) (Stolen!)

Top
#336209 - 17/08/2010 20:29 Re: Hacker question [Re: Robotic]
Dignan
carpal tunnel

Registered: 08/03/2000
Posts: 12343
Loc: Sterling, VA
I transfer files from old hard drives for people pretty often. Can someone explain to me the following:

If I connect a drive that had Vista or 7 on it to another Vista or 7 computer (or, I think, if I connect an XP drive to an XP machine), I'm denied access to the user folder.

However, every time I've connected a drive that had XP on it to a Vista or 7 computer, I'll open the user's folder, get a brief message saying it's protected or something, and then the system works for a little bit and voilą, I have access to the folder and all unencrypted files within.


By the way, isn't there a tool that you can throw on a Linux live CD that will crack an XP password? That might help Doug in this process, and you'd have access to everything...
_________________________
Matt

Top
#336211 - 17/08/2010 20:34 Re: Hacker question [Re: Dignan]
tman
carpal tunnel

Registered: 24/12/2001
Posts: 5528
Originally Posted By: Dignan
If I connect a drive that had Vista or 7 on it to another Vista or 7 computer (or, I think, if I connect an XP drive to an XP machine), I'm denied access to the user folder.

However, every time I've connected a drive that had XP on it to a Vista or 7 computer, I'll open the user's folder, get a brief message saying it's protected or something, and then the system works for a little bit and voilą, I have access to the folder and all unencrypted files within.

The SID that owns the directory doesn't exist on your computer but it won't ignore the ACLs on the directory either. You have to tell it to take ownership. Only problem with this is if you try and plug the drive back into the PC and boot off it. It won't like the changed owner.

Top
#336212 - 17/08/2010 20:35 Re: Hacker question [Re: tman]
Dignan
carpal tunnel

Registered: 08/03/2000
Posts: 12343
Loc: Sterling, VA
Originally Posted By: tman
The SID that owns the directory doesn't exist on your computer but it won't ignore the ACLs on the directory either. You have to tell it to take ownership. Only problem with this is if you try and plug the drive back into the PC and boot off it. It won't like the changed owner.

Ah, thanks. No worries, though, I've only ever done this on systems that have died and needed files recovered.
_________________________
Matt

Top
#336215 - 17/08/2010 22:15 Re: Hacker question [Re: tanstaafl.]
tanstaafl.
carpal tunnel

Registered: 08/07/1999
Posts: 5549
Loc: Ajijic, Mexico
Originally Posted By: tanstaafl.
I guess I better try the admin password cracker stuff...

Well, don't I feel silly. I connected everything and turned on the power to see what options I might have, maybe there was an unprotected admin user or something... and the computer booted right up into Windows XP. There was no log-in password set.

So, now I have to try and find out why everyone was convinced that the computer was password protected. I couldn't (admittedly with just a cursory look) find any applications that were protected.

Curiouser and curiouser.

tanstaafl.
_________________________
"There Ain't No Such Thing As A Free Lunch"

Top
#336216 - 17/08/2010 22:21 Re: Hacker question [Re: tanstaafl.]
Robotic
pooh-bah

Registered: 06/04/2005
Posts: 2026
Loc: Seattle transplant
Ha! Hurrah for simple solutions!

Are the family members computer literate? Perhaps they simply don't understand.
_________________________
10101311 (20GB- backup empeg)
10101466 (2x60GB, Eutronix/GreenLights Blue) (Stolen!)

Top
#336217 - 17/08/2010 22:34 Re: Hacker question [Re: Robotic]
tman
carpal tunnel

Registered: 24/12/2001
Posts: 5528
What files are they looking for? Maybe they're protected by Word or whatever? Or its an accounting package that has a password?

Top
#336220 - 17/08/2010 23:51 Re: Hacker question [Re: tman]
msaeger
carpal tunnel

Registered: 23/09/2000
Posts: 3608
Loc: Minnetonka, MN
Quote:

Are the family members computer literate? Perhaps they simply don't understand.


I would go with that one based on personal experience smile
_________________________

Matt

Top
#336221 - 18/08/2010 00:57 Re: Hacker question [Re: Robotic]
tanstaafl.
carpal tunnel

Registered: 08/07/1999
Posts: 5549
Loc: Ajijic, Mexico
Originally Posted By: Robotic
Are the family members computer literate? Perhaps they simply don't understand.

Literate to the point of realizing that the monitor isn't the television set. No more than that.

tanstaafl.
_________________________
"There Ain't No Such Thing As A Free Lunch"

Top
#336222 - 18/08/2010 01:00 Re: Hacker question [Re: tanstaafl.]
Phoenix42
veteran

Registered: 21/03/2002
Posts: 1424
Loc: MA but Irish born
So the passworded information could easily be a website...

Top
#336223 - 18/08/2010 01:06 Re: Hacker question [Re: tman]
tanstaafl.
carpal tunnel

Registered: 08/07/1999
Posts: 5549
Loc: Ajijic, Mexico
Originally Posted By: tman
What files are they looking for? Maybe they're protected by Word or whatever? Or its an accounting package that has a password?

Maybe, but unlikely. I saw no evidence of sophistication on the part of the user. The My Documents file was a mish-mash of jpgs, anti-virus logs, empty folders, etc. I'm not sure he knew what the Del key was for. The entire desktop was taken up with shortcuts to internet URLs, apparently he didn't know about or maybe just didn't like the idea of bookmarks. I'll say one thing, though: he must have had fabulous reflexes. The mouse was set up so "hot" that I could barely click on anything. Move the mouse an inch and the cursor would go two thirds of the way across the screen. (I fixed that in control panel)

There was no hint of financial management programs that I could find, not even Quicken or similar. Closest thing was a link to a Merill Lynch website for stock market prices.

So, I think the computer is going to be pretty much a dead end. (no pun intended)

tanstaafl.
_________________________
"There Ain't No Such Thing As A Free Lunch"

Top
#336226 - 18/08/2010 03:36 Re: Hacker question [Re: tanstaafl.]
Dignan
carpal tunnel

Registered: 08/03/2000
Posts: 12343
Loc: Sterling, VA
Originally Posted By: tanstaafl.
Originally Posted By: tanstaafl.
I guess I better try the admin password cracker stuff...

Well, don't I feel silly. I connected everything and turned on the power to see what options I might have, maybe there was an unprotected admin user or something... and the computer booted right up into Windows XP. There was no log-in password set.

Don't feel silly. And elderly woman once called me to her home because her computer was asking for a password when it hadn't before. Sure enough, I turned the PC on and Windows asked for a login password. We tried for about fifteen minutes to step through all the possibilities she might have used.

Then, at some point, my finger slipped and hit the enter key. The password was blank. smile
_________________________
Matt

Top
#336229 - 18/08/2010 08:21 Re: Hacker question [Re: Dignan]
frog51
pooh-bah

Registered: 09/08/2000
Posts: 2091
Loc: Edinburgh, Scotland
Sorry I got here late but glad it was that simple :-)

For future info, very easy to boot off a linux CD such as backtrack (free) and tell it the admin password is blank. This doesn't yet work for Windows 7, but does for the other flavours.

Very simple to do as well - the instructions come with Backtrack and it takes about 5 commands.
_________________________
Rory
MkIIa, blue lit buttons, memory upgrade, 1Tb in Subaru Forester STi
MkII, 240Gb in Mark Lord dock
MkII, 80Gb SSD in dock

Top