Ophcrack vs Bitlocker


Recommended Posts

Hey Guys,

I want to recover my admin password. (vista)

I done some research and download ophcrack LiveCD.

Problem is that ophcrack is booting before i enter my bitlocker password ( I know that password), and booted systems detect partition but it cant read any data.

Can I somehow enter my bitlocker password under booted system to download hashes with password? any ideas? - uncle google cant help me.

Or maybe some other recovering application.

Facts.

1) Its my computer I got it 24h with me (so i can run all timetaking methods)

2) Its bitlocker on board (but I know pass)

3) I got access to only guest account

4) Password was sth like g15$U342FS(*@da - so it was really hard and I cant remember it.

regards

Link to comment
Share on other sites

Sounds like your trying to run the bootcd, why can you not just run the application inside your windows OS? I just looked that have 2 downloads, application or liveCD.

edit: if you password was that strong, ie 14 characters say with uppper/lower/numbers/special I doubt even ophcrack is going to get it for you with tables, the tables just do not include those types of strength passwords. And bruteforce would take FOREVER!!

I would suggest you just reinstall, you have the bitlocker password so reinstall the thing.

Link to comment
Share on other sites

Sounds like your trying to run the bootcd, why can you not just run the application inside your windows OS? I just looked that have 2 downloads, application or liveCD.

hashes with password are in windows32 folder, and I dont have access to this folder under my guest account whats more I dont have permission to install so I would need mobile version.

edit: instalers simply dont start

Link to comment
Share on other sites

Hey Guys,

I want to recover my admin password. (vista)

I done some research and download ophcrack LiveCD.

Problem is that ophcrack is booting before i enter my bitlocker password ( I know that password), and booted systems detect partition but it cant read any data.

Can I somehow enter my bitlocker password under booted system to download hashes with password? any ideas? - uncle google cant help me.

Or maybe some other recovering application.

Facts.

1) Its my computer I got it 24h with me (so i can run all timetaking methods)

2) Its bitlocker on board (but I know pass)

3) I got access to only guest account

4) Password was sth like g15$U342FS(*@da - so it was really hard and I cant remember it.

regards

You need to read this!

Resetting a password in Windows 7 or Windows Vista

Let us know if it works for you!

Link to comment
Share on other sites

Thanks for that. But i need to know my password not to reset it.

And Im not 100% sure but system booted from cd will be before bitlocker, so partition will be encypted and i will face the same problem like with ophcrack.

Link to comment
Share on other sites

read my edit, ophcrack is not going to find that password either, even with tables.. They don't go that high!! And bruteforce of that would take FOREVER!! unless you have access to some serious computing power. Reinstall and call it lesson learned!

Look at the tables

http://ophcrack.sourceforge.net/tables.php

Which one you going to use to go after that password? ;) None of those will work for that length and that character set, seems you locked yourself out of your own system.. Write down your password next time if your going to go all DOD level on it..

Link to comment
Share on other sites

Thanks for that. But i need to know my password not to reset it.

And Im not 100% sure but system booted from cd will be before bitlocker, so partition will be encypted and i will face the same problem like with ophcrack.

I think at this point there won't be a way to figure out the password (it's too complex for simple cracking software and figuring out your password might take years). The only option you're left with is resetting it with the instructions posted above

Link to comment
Share on other sites

Thanks for that. But i need to know my password not to reset it.

And Im not 100% sure but system booted from cd will be before bitlocker, so partition will be encypted and i will face the same problem like with ophcrack.

Do you need access to your Administrator/Owner account? This is the way. Why don't you want to reset it, change it to whatever you like ?

Trying to find the exact password sounds fishy to me. Do you want to get access to someone else's computer by any chance?!?! Not very nice of you.

funny-dog-pictures-intruder-alert.jpg

Link to comment
Share on other sites

@kukubau easy to judge people on the Internet, Please do not write anything more if you have nothing to say in the topic

Problem is that I cant reinstall it cause booted windows cd dont see any data on disk (it only says its may damaged). (bacause of bit locker)

I could format everytnhng, but i need my date.

@ +BudMan true there is no rainbow table for my password

@ +Rudy no bruteforce method so I need to format all my data

Link to comment
Share on other sites

You will have to format and lose all your data then.

There is simply no way you can crack a random non alphanumeric password without bruteforcing, and that will take forever.

Next time it might be an idea to write your password down somewhere and keep it hidden. Sorry for your loss :-(

Link to comment
Share on other sites

@kukubau easy to judge people on the Internet, Please do not write anything more if you have nothing to say in the topic

Problem is that I cant reinstall it cause booted windows cd dont see any data on disk (it only says its may damaged). (bacause of bit locker)

I could format everytnhng, but i need my date.

@ +BudMan true there is no rainbow table for my password

@ +Rudy no bruteforce method so I need to format all my data

Actually my post/link was the only post useful for what you need.

As for my assumption, have you heard of "free expression"?

Link to comment
Share on other sites

Is there no way to mount a Bitlocker encrypted drive outside of the host OS, e.g. Install Windows 7 to a flash drive and mount it from there?

Try booting into safe mode, see if you can login using the administrator account.

Link to comment
Share on other sites

"I could format everytnhng, but i need my date."

Unless you have access to some "SERIOUS" computing power, and have the time to run the bruteforce or generate the tables ;) your just out of luck Im afraid - if your password is for sure something like you posted, and you can lock it down to a smaller set, ie do you know the first say 10 characters for sure? Or can you eliminate specific characters that you are sure were not in the password.

These would be methods of reducing the time to find it, but to be honest I don't believe delving into such a topic would be appropriate for this forum. Answering a few questions on how to reset a password, or even bruteforce it something a simple google can find you. We are not specifically discussing actual hacking/cracking techniques to circumvent windows 7 or bitlocker tech which is why I have continued to answer.

But I feel moving forward in this thread will be really walking line of what is ok on neowin to discuss.

This is my opinion, and I am sorry if you had data you want.. Why is this data not backed up? Why would you create such a secure password without securing it? Why would you have not created a reset disk for your admin accounts password if you were going to use such a secure password? http://windows.microsoft.com/en-US/windows-vista/Create-a-password-reset-disk

I sure hope your not also using EFS? If so have you backed up your keys? So that you could reset your password without loss of data? There are ways to recover the data if you have bitlocker password, do you have the bitlocker recovery key, if so you should be able to connect to another windows 7 box and mount the volume.

---

http://technet.microsoft.com/en-us/library/ee449438%28WS.10%29.aspx#BKMK_AltPC

Can I access my BitLocker-protected drive if I insert the hard disk into a different computer?

Yes, if the drive is a data drive, you can unlock it from the BitLocker Drive Encryption Control Panel item just as you would any other data drive by using a password or smart card. If the data drive was configured for automatic unlock only, you will have to unlock it by using the recovery key. If it is an operating system drive mounted on another computer running Windows 7, the encrypted hard disk can be unlocked by a data recovery agent if one was configured or it can be unlocked by using the recovery key.

---

But to be honest is there really data on this machine that even warrants the levels of securing it you have used? Bitlocker and a 14 Character password? But ahhh, I will remember a 14 character random off the top of my head :pinch:

This thread is yet another perfect example of user not understanding the encryption tools they are using and locking themselves out of their own data, encryption has it place - and yes some data warrants the overhead of using it, but turning on such features and then forgetting your password. Sorry I just have no sympathy for this type of user at all, and to be honest is fairly funny ;) Its like when someone smacks their head and is bleeding, you know it hurts and you shouldn't laugh, etc. But it is funny! ;)

Link to comment
Share on other sites

yeah I don't believe bitlocker would allow that, here is a dated article about it http://www.mcbsys.com/techblog/tag/kon-boot/

And didn't kon boot go commercial -- which on the FAQ clearly states does not work with drive encryption, etc.

But I already gave him the fix, if he has the KEY for bitlocker - then he can just mount the drive in another w7 box and access his data.

Link to comment
Share on other sites

Guys, there are ways to clear passwords entirely. Why does he need to specifically recover the password?

The only reason to do that would be to gain access to a system without any signs of intrusion.

Link to comment
Share on other sites

Only reason I can think of is EFS ;) If you clear a password your EFS data is toast.

Link to comment
Share on other sites

Guys, there are ways to clear passwords entirely. Why does he need to specifically recover the password?

The only reason to do that would be to gain access to a system without any signs of intrusion.

Is it so hard to underastand that the guy wants the password, not the access to files.

There can be many reasons: EFS-encrypted files, some accounts that share the same password, etc.

For the author: I never used bitlocker, but what are your available boot options? Can you boot into safe mode or recovery console? You seem to be able to login as guest, don't you? Does your system have/use TPM?

I think that you can attach the BitLocker partition to another Windows installation and then unlock it (maybe the manage-bde.exe tool will be of help). Then you'd be able to steal the password hashes and use some rainbow tables service/software to get the password.

The other possibile solution would be to wait for some easy to use local privelege escalation exploits (but they are rare nowadays).

Link to comment
Share on other sites

Only reason I can think of is EFS ;) If you clear a password your EFS data is toast.

If your data is so sensitive that you need to encrypt it, surely it's important enough to have backups as well...

Link to comment
Share on other sites

^ preaching to the choir them my friend!! preaching to the choir!! No freaking **** they should have had a backup ;)

Link to comment
Share on other sites

Hello,

Have you looked to see if a forensics company like Elcomsoft or PassWare has a BitLocker password recovery program?

Regards,

Aryeh Goretsky

Link to comment
Share on other sites

  • Nick H. locked this topic
This topic is now closed to further replies.