Bypassing Safeboot Security System 4.2

[lsullivan64]

Hi,

I have been brought in by a company that has let go about 22 employees.  Each had a lap top which is protected by Safeboot Security System 4.2.  I have the log in for the Safeboot, but not the log in for the user on the computers.  I need to crack the passwords for the user accounts on the computers, actually I can erase it.  Has anone ever dealt with this?

Thanks

[timmedin]

I need to crack the passwords for the user accounts on the computers, actually I can erase it.

What are you looking to do? That sentence doesn't make sense to me?

[lsullivan64]

I have the  computers.  I have the user and Password for Safeboot.  I don't have the windows User and password.  I can either break the password or I can erase it. 

I need to get past safeboot.  When i boot the computer I put in the safeboot user/pass and get to the windows log in.  Is there a way i can run a tool to remove the password?

Any ideas would be apreciated.

[unsupported]

IMHO, this does not sound kosher.  If you have the password for Safeboot, the company should also be able to provide you with the local administrator user name and password.

What is your end goal with the systems beyond getting user names and passwords?

[chrisj]

if you have a domain controller, you can change the passwords on the DC and when the boxes connect to the network, you should be able to get into the systems after.

[lsullivan64]

Hi,
I don't have the domain controler.  Because of some "Not Kosher" activities by people in the IT department I have been brought in. I have nothing to do with the company other than the "Higher Ups" hired me. 

The end goal is the company wants to look at the computers to try to see who was involved in the activites that were bad.  If you want more inf I can let you know.  Put at hotmail dot com after my user name and I can provide.
Thanks

[3PIL0GU3]

If your tring to find bad activities wouldi it be more worthwhile taking an incident response/forensics approach to this problem

[lsullivan64]

The bad activity is already known. It is more trying to find out who is actually involved. There will be no legal action.   

[timmedin]

Try Kon-Boot

[lsullivan64]

I looked at kon Boot.  Not sure it could help.  The trick is having to boot up and log into Safeboot then get past the windows password.  I don't see hoe kon boot can let me do that.

[unsupported]

Couldn't you do the quick and dirty method of running a repair and wiping out the SAM database?  Is that even possible with newer MS OS?

Just a thought.  But I still think this is a little fishy.

[lsullivan64]

My understanding is that if you wipe any passwords without dealing with the disc encryption you will only have a brick left. 

[timmedin]

I don't know if Kon-Boot would work but it might. I would suggest trying it. All it does is load its code then calls the normal boot loader.

[mulberry]

I'm pretty sure FTK 3 claims to deal with safeboot ( presumably when psswd is supplied ) but then again FTK 2 was going to break eggs with a big stick !

But I don't really get why the win admin login is a barrier IMHO I think you maybe want to re consider the methodology ? Even maybe a logical image ?

Mulberry

[mulberry]

Sorry - I take back my last paragraph - I do now get it.