[EMAIL PROTECTED] wrote: > Thanks Ivan, and yes I have to VA and pen test both. > > Does anyone know if it would be possible to mount the client side drive under > Back Tracks (or any linux system) and run a directory attack to crack the > password for the preboot, then dd drive?
I won't say it can't be done but I think there is an even more reasonable scenario possible. There are now two, that I'm aware of, slightly larger than USB key full blown Linux systems. One is a firewall shim into the TCP/IP stack and the other doesn't have a specific use that I'm aware of yet. It was just mentioned on Linux Devices in the last couple of days. Okay, here is how I imagine it might work. In most corporate computers there are local and remote administrators that log onto your machine to fix things. If they are not connected to an external authentication server, then their authentication is in a local file, most likely the SAM file and its backup on the local drive. So boot the computer with normal, user only privileges, which opens the encrypted disk to access by Windows. Start the Linux system on the USB port. Do a native Windows system call to read the SAM backup file and export it. Crack it off line. Now log back in as an administrator and take what you will. I'm not enough of a programmer to know how to do this, but I talked to two who are and they seem to think it could be done. Who knows, if this doesn't work, then I'm sure that there will be other clever ideas that do. Best, Allen _______________________________________________ FDE mailing list [email protected] http://www.xml-dev.com/mailman/listinfo/fde
