Re: [Full-disclosure] Microsoft EFS
From: Thomas Springer (tuevsec_at_gmx.net)
Date: Tue, 11 Oct 2005 14:21:47 +0200 To: firstname.lastname@example.org
> The DEFAULT recovery agent is the Administrator, on the other hand you always
> can to decrypt the data from the userX login like that userX; So crack the
> password or overwrite it off-line (the same for the delegated recovery
overwriting the pw offline will work with efs on w2k.
it will not work with winxp/2003: you cant access any efs-data after
resetting the password offline.
you'll have to crack the usesrs or the admins pw and either logon
interactively or export their keys to get access to the efs-encrypted data.
Full-Disclosure - We believe in it.
Hosted and sponsored by Secunia - http://secunia.com/