mailing list archives
From: "Dyke, Tim" <Tim.Dyke () worksafebc com>
Date: Tue, 11 Oct 2005 10:03:18 -0700
The DEFAULT recovery agent is the Administrator, on the other hand you
can to decrypt the data from the userX login like that userX; So crack
password or overwrite it off-line (the same for the delegated recovery
overwriting the pw offline will work with efs on w2k.
it will not work with winxp/2003: you cant access any efs-data after
resetting the password offline.
you'll have to crack the usesrs or the admins pw and either logon
interactively or export their keys to get access to the efs-encrypted
Do you know how his will work for a machine that is part of a Domain?
Where there are no Local Users and the Default Recovery Agent is the
I know tht one can always hack the local admin PW, then unjoin the
domain, but where does that leave the machine.
Is there any way to hack the "nounce" PW?
Full-Disclosure - We believe in it.
Hosted and sponsored by Secunia - http://secunia.com/