thansk Allen, that's a good Idea, i'll have to try it ..... Does anyone if there is any kind of auditing of the pre-boot log in?
thanks Take Care and Have Fun --JOhn -------------- Original message ---------------------- From: Allen <[EMAIL PROTECTED]> > > > [EMAIL PROTECTED] wrote: > > Thanks Ivan, and yes I have to VA and pen test both. > > > > Does anyone know if it would be possible to mount the client side drive > > under > Back Tracks (or any linux system) and run a directory attack to crack the > password for the preboot, then dd drive? > > I won't say it can't be done but I think there is an even more > reasonable scenario possible. > > There are now two, that I'm aware of, slightly larger than USB > key full blown Linux systems. One is a firewall shim into the > TCP/IP stack and the other doesn't have a specific use that I'm > aware of yet. It was just mentioned on Linux Devices in the last > couple of days. > > Okay, here is how I imagine it might work. In most corporate > computers there are local and remote administrators that log onto > your machine to fix things. If they are not connected to an > external authentication server, then their authentication is in a > local file, most likely the SAM file and its backup on the local > drive. > > So boot the computer with normal, user only privileges, which > opens the encrypted disk to access by Windows. Start the Linux > system on the USB port. Do a native Windows system call to read > the SAM backup file and export it. Crack it off line. Now log > back in as an administrator and take what you will. > > I'm not enough of a programmer to know how to do this, but I > talked to two who are and they seem to think it could be done. > > Who knows, if this doesn't work, then I'm sure that there will be > other clever ideas that do. > > Best, > > Allen > > _______________________________________________ > FDE mailing list > [email protected] > http://www.xml-dev.com/mailman/listinfo/fde _______________________________________________ FDE mailing list [email protected] http://www.xml-dev.com/mailman/listinfo/fde
