Re: [Full-disclosure] Microsoft EFS
From: Thomas Springer (tuevsec_at_gmx.net)
Date: 10/11/05
- Previous message: Mark J Cox: "[Full-disclosure] OpenSSL SSL 2.0 Rollback (CAN-2005-2969)"
- In reply to: Fco. Jose Garrido Matamoros: "Re: [Full-disclosure] Microsoft EFS"
- Next in thread: Fco. Jose Garrido Matamoros: "Re: [Full-disclosure] Microsoft EFS"
- Reply: Fco. Jose Garrido Matamoros: "Re: [Full-disclosure] Microsoft EFS"
- Reply: Mike Nice: "Re: [Full-disclosure] Microsoft EFS"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Date: Tue, 11 Oct 2005 14:21:47 +0200 To: fjgarrido@tecvd.com
> The DEFAULT recovery agent is the Administrator, on the other hand you always
> can to decrypt the data from the userX login like that userX; So crack the
> password or overwrite it off-line (the same for the delegated recovery
> agent).
be careful:
overwriting the pw offline will work with efs on w2k.
it will not work with winxp/2003: you cant access any efs-data after
resetting the password offline.
you'll have to crack the usesrs or the admins pw and either logon
interactively or export their keys to get access to the efs-encrypted data.
tom
_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/
- Previous message: Mark J Cox: "[Full-disclosure] OpenSSL SSL 2.0 Rollback (CAN-2005-2969)"
- In reply to: Fco. Jose Garrido Matamoros: "Re: [Full-disclosure] Microsoft EFS"
- Next in thread: Fco. Jose Garrido Matamoros: "Re: [Full-disclosure] Microsoft EFS"
- Reply: Fco. Jose Garrido Matamoros: "Re: [Full-disclosure] Microsoft EFS"
- Reply: Mike Nice: "Re: [Full-disclosure] Microsoft EFS"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
