ClioSport.net

Register a free account today to become a member!
Once signed in, you'll be able to participate on this site by adding your own topics and posts, as well as connect with other members through your own private inbox!

  • When you purchase through links on our site, we may earn an affiliate commission. Read more here.

Win 10 password cracking



charltjr

ClioSport Club Member
I’m trying to help an elderly neighbour who’s husband recently passed away.

He looked after all the money and left no details of his logins, bank accounts etc. I’ve used the usual tricks to get administrator access to the box and get files off there, but it would be so much better to log in as him and hopefully access password managers, any accounts which auto-sign in etc.

There are a bunch of tools out there which claim to be able to brute force or otherwise hack a Windows 10 password, but I can’t find any reliable reviews from credible sources. Does anyone have experience of a tool which will do the job?

The pc is protected with both a PIN and a Microsoft account password, so that is specifically what I need to have decoded, I already have access to the files on the machine.
 

charltjr

ClioSport Club Member
What’s the recovery status of the ms account ?

Can’t get it recovered, it needs details like who has recently been emailed from the account.


Specific guidance for Microsoft in here.

It would have to be a court request, which isn’t going to happen unfortunately, there is no money to do it.

There are ways you can reset the password, I’ve done it before


Once in as admin, as long as it was a local account not a Windows Live account you can go into computer management and reset the password in the users section.

Edit: just seen it’s a Microsoft account. This still may get you part way there I suppose

Yep, done that and have access to the filesystem, but it would be a godsend to be able to use the proper login.

I know this is tricky ground, and wouldn’t even be attempting it if we’d not known them. This is literally just technically illiterate people giving no thought to what happens with all those emailed bank, utility and credit cards accounts once they’ve passed.
 

Rojer

ClioSport Club Member
If you login to the machine as another user could you browse to their user folder and export the browser history/passwords etc?
 

Advikaz

ClioSport Club Member
A friend of mine passed last year and his wife ended up in this situation.

Had to wait for probate which took an age 😫
 

Advikaz

ClioSport Club Member
Did he have a smartphone? If you can get access to that and it’s got saved passwords.. could be worth a go as a distant resort
 

Typhoon

Gangsta
ClioSport Moderator
  TT
Can’t get it recovered, it needs details like who has recently been emailed from the account.



It would have to be a court request, which isn’t going to happen unfortunately, there is no money to do it.



Yep, done that and have access to the filesystem, but it would be a godsend to be able to use the proper login.

I know this is tricky ground, and wouldn’t even be attempting it if we’d not known them. This is literally just technically illiterate people giving no thought to what happens with all those emailed bank, utility and credit cards accounts once they’ve passed.
Will drop you a PM.
 

boultonn

ClioSport Club Member
  Macan S
If you want to go full hackerman, there are various scripts that can retrieve the NTLM file (encrypted passwords) then use something like hashcat to crack them.
This is totally legit as we do it at work as part of our cyber hygiene work.
It'll be dependent on a couple of things:
1) when the computer was last updated and if there's any vulnerabilities to exploit
2) how secure the old fellas password was
 

charltjr

ClioSport Club Member
200.gif


This is exactly the s**t I got into IT for, I've been wasting my life on boring stuff.....

My PC is currently trying to guess the correct password from a NTLM dump. At least I know the cooling is good, GPU is maxxed out at 100% load and has been all night, but the temp is sat rock solid at 72C. Takes me back to my crypto mining days :)
 

andybond

ClioSport Club Member
If you want to go full hackerman, there are various scripts that can retrieve the NTLM file (encrypted passwords) then use something like hashcat to crack them.
This is totally legit as we do it at work as part of our cyber hygiene work.
It'll be dependent on a couple of things:
1) when the computer was last updated and if there's any vulnerabilities to exploit
2) how secure the old fellas password was
Wont that only work if its a local SAMAccountDB?

I have used various mount tools to load the OS and exploit this but does this work if the users account is tied into the MS online account?
 

charltjr

ClioSport Club Member
I believe it It should be fine, because you can still authenticate with your MS account password if the PC is offline so the password must be stored locally for that to happen. Could be wrong though, still learning this stuff.
 


Top