BIOS passwords are useless. They do not protect against two trivial attacks: 1) Take the hard drive out of the computer, attach it to another. 2) Take the CR2032 battery out of the motherboard. Pull the power. Wait 30 seconds. Put the battery back in and reconnect the power. There is now no more BIOS password.
Really, the only option is full disk encryption. The downside is that slight disk errors can mean that you lose all of the data on your drives. You also cannot do any real offline data recovery (which is kind of the point of full disk encryption). It really depends on what you are protecting against. Ophtcrack is also not what I would use. If you really want to recover passwords, hashcat (and all the related variants) is probably what you want. There is a steep but short learning curve with hashcat which means that nearly everyone can quickly learn how to use it. This is pretty much the state of the art right now and does not rely on "rainbow" tables. For changing passwords, chntpw will do this on Windows versions <=7. You just need access to the SAM database (found in the \windows\system32\config directory). chntpw --help should give you enough info assuming you have your ntfs windows partition mounted (ntfs-3g is what you want to do this with, most modern distributions have this installed and use it by default). I usually change the local administrator password, then log in with that account to change user credentials. On Sun, Dec 29, 2013 at 5:37 PM, Geekus Villagius <thevillageg...@gmail.com>wrote: > Thanks for the suggestions! > > Re TAILS, I've tried it with legacy boot enabled. No luck from the > USB. There seems to be issues with certain models. It does work from > DVD though. I did try with TAILS installer, but the result was the > same. Perhaps a manual install will do the job? > > Re the Windows password, I download Ophcrack (the second try gave me a > valid image) and was able to boot from that, then found that I had to > download huge files with which to attack the passwords. Since I don't > have two or three months to wait for the torrent, I looked around > until I found a video that showed me how to trick Windows into > presenting a console on the login screen, from which I could reset the > password. After that, I could not log on with the user profile, but > could in safe mode. I'll work on the profile issue tonight, when I get > home. > > The trick I employed requires pretty much any Linux live distribution, > or, in my case, a Linux distro on another partition. I found certain > files in the Windows/System32/config folder, did a backup of them, > renamed them to get a console from an icon on the login screen and > then entered a command to reset the user's password to whatever I > wanted. A good reminder of why BIOS passwords exist. > > http://www.youtube.com/watch?v=t0U2SmUo8zA > > _______________________________________________ > clug-talk mailing list > clug-talk@clug.ca > http://clug.ca/mailman/listinfo/clug-talk_clug.ca > Mailing List Guidelines (http://clug.ca/ml_guidelines.php) > **Please remove these lines when replying >
_______________________________________________ clug-talk mailing list clug-talk@clug.ca http://clug.ca/mailman/listinfo/clug-talk_clug.ca Mailing List Guidelines (http://clug.ca/ml_guidelines.php) **Please remove these lines when replying
