.

Bypassing Safeboot Security System 4.2

<<

lsullivan64

Newbie
Newbie

Posts: 6

Joined: Fri Nov 20, 2009 5:44 pm

Post Fri Nov 20, 2009 5:54 pm

Bypassing Safeboot Security System 4.2

Hi,

I have been brought in by a company that has let go about 22 employees.  Each had a lap top which is protected by Safeboot Security System 4.2.  I have the log in for the Safeboot, but not the log in for the user on the computers.  I need to crack the passwords for the user accounts on the computers, actually I can erase it.  Has anone ever dealt with this?

Thanks
<<

timmedin

User avatar

Sr. Member
Sr. Member

Posts: 469

Joined: Thu Feb 05, 2009 11:18 pm

Post Sun Nov 29, 2009 12:42 am

Re: Bypassing Safeboot Security System 4.2

lsullivan64 wrote:I need to crack the passwords for the user accounts on the computers, actually I can erase it.


What are you looking to do? That sentence doesn't make sense to me?
twitter.com/timmedin | http://blog.securitywhole.com
<<

lsullivan64

Newbie
Newbie

Posts: 6

Joined: Fri Nov 20, 2009 5:44 pm

Post Wed Dec 02, 2009 10:37 am

Re: Bypassing Safeboot Security System 4.2

I have the  computers.  I have the user and Password for Safeboot.  I don't have the windows User and password.  I can either break the password or I can erase it. 

I need to get past safeboot.  When i boot the computer I put in the safeboot user/pass and get to the windows log in.  Is there a way i can run a tool to remove the password?

Any ideas would be apreciated.
<<

unsupported

User avatar

Sr. Member
Sr. Member

Posts: 318

Joined: Sun Feb 08, 2009 3:38 pm

Location: 407

Post Wed Dec 02, 2009 2:09 pm

Re: Bypassing Safeboot Security System 4.2

IMHO, this does not sound kosher.  If you have the password for Safeboot, the company should also be able to provide you with the local administrator user name and password.

What is your end goal with the systems beyond getting user names and passwords?
-Un
CISSP, GCIH, GCIA, C|EH, Sec+, Net+, MCP
<<

rattis

User avatar

Hero Member
Hero Member

Posts: 1172

Joined: Mon Jul 27, 2009 1:25 pm

Post Wed Dec 02, 2009 3:38 pm

Re: Bypassing Safeboot Security System 4.2

if you have a domain controller, you can change the passwords on the DC and when the boxes connect to the network, you should be able to get into the systems after.
OSWP, Sec+
<<

lsullivan64

Newbie
Newbie

Posts: 6

Joined: Fri Nov 20, 2009 5:44 pm

Post Wed Dec 02, 2009 4:28 pm

Re: Bypassing Safeboot Security System 4.2

Hi,
I don't have the domain controler.  Because of some "Not Kosher" activities by people in the IT department I have been brought in. I have nothing to do with the company other than the "Higher Ups" hired me. 

The end goal is the company wants to look at the computers to try to see who was involved in the activites that were bad.  If you want more inf I can let you know.  Put at hotmail dot com after my user name and I can provide.
Thanks
<<

3PIL0GU3

Newbie
Newbie

Posts: 38

Joined: Tue Aug 18, 2009 7:48 am

Post Wed Dec 02, 2009 6:34 pm

Re: Bypassing Safeboot Security System 4.2

If your tring to find bad activities wouldi it be more worthwhile taking an incident response/forensics approach to this problem
----------------------------
CEH
<<

lsullivan64

Newbie
Newbie

Posts: 6

Joined: Fri Nov 20, 2009 5:44 pm

Post Wed Dec 02, 2009 7:16 pm

Re: Bypassing Safeboot Security System 4.2

The bad activity is already known. It is more trying to find out who is actually involved. There will be no legal action. 
<<

timmedin

User avatar

Sr. Member
Sr. Member

Posts: 469

Joined: Thu Feb 05, 2009 11:18 pm

Post Thu Dec 03, 2009 10:22 pm

Re: Bypassing Safeboot Security System 4.2

twitter.com/timmedin | http://blog.securitywhole.com
<<

lsullivan64

Newbie
Newbie

Posts: 6

Joined: Fri Nov 20, 2009 5:44 pm

Post Fri Dec 04, 2009 8:02 am

Re: Bypassing Safeboot Security System 4.2

I looked at kon Boot.  Not sure it could help.  The trick is having to boot up and log into Safeboot then get past the windows password.  I don't see hoe kon boot can let me do that.
<<

unsupported

User avatar

Sr. Member
Sr. Member

Posts: 318

Joined: Sun Feb 08, 2009 3:38 pm

Location: 407

Post Fri Dec 04, 2009 9:20 am

Re: Bypassing Safeboot Security System 4.2

Couldn't you do the quick and dirty method of running a repair and wiping out the SAM database?  Is that even possible with newer MS OS?

Just a thought.  But I still think this is a little fishy. :)
-Un
CISSP, GCIH, GCIA, C|EH, Sec+, Net+, MCP
<<

lsullivan64

Newbie
Newbie

Posts: 6

Joined: Fri Nov 20, 2009 5:44 pm

Post Fri Dec 04, 2009 9:29 am

Re: Bypassing Safeboot Security System 4.2

My understanding is that if you wipe any passwords without dealing with the disc encryption you will only have a brick left. 
<<

timmedin

User avatar

Sr. Member
Sr. Member

Posts: 469

Joined: Thu Feb 05, 2009 11:18 pm

Post Fri Dec 04, 2009 4:12 pm

Re: Bypassing Safeboot Security System 4.2

I don't know if Kon-Boot would work but it might. I would suggest trying it. All it does is load its code then calls the normal boot loader.
twitter.com/timmedin | http://blog.securitywhole.com
<<

mulberry

Newbie
Newbie

Posts: 2

Joined: Sun Dec 06, 2009 4:42 am

Post Sun Dec 06, 2009 5:01 am

Re: Bypassing Safeboot Security System 4.2

I'm pretty sure FTK 3 claims to deal with safeboot ( presumably when psswd is supplied ) but then again FTK 2 was going to break eggs with a big stick !

But I don't really get why the win admin login is a barrier IMHO I think you maybe want to re consider the methodology ? Even maybe a logical image ?

Mulberry
<<

mulberry

Newbie
Newbie

Posts: 2

Joined: Sun Dec 06, 2009 4:42 am

Post Wed Dec 09, 2009 5:10 am

Re: Bypassing Safeboot Security System 4.2

Sorry - I take back my last paragraph - I do now get it. ;)

Return to Network Pen Testing

Who is online

Users browsing this forum: No registered users and 1 guest

cron
.
Powered by phpBB® Forum Software © phpBB Group.
Designed by ST Software