lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
[an error occurred while processing this directive]
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Message-ID: <434BAE5B.2080009@gmx.net>
Date: Tue Oct 11 13:21:56 2005
From: tuevsec at gmx.net (Thomas Springer)
Subject: Microsoft EFS

> The DEFAULT recovery agent is the Administrator, on the other hand you always 
> can to decrypt the data from the userX login like that userX; So crack the 
> password or overwrite it off-line (the same for the delegated recovery 
> agent).

be careful:

overwriting the pw offline will work with efs on w2k.
it will not work with winxp/2003: you cant access any efs-data after 
resetting the password offline.

you'll have to crack the usesrs or the admins pw and either logon 
interactively or export their keys to get access to the efs-encrypted data.

tom

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ