

Reset a Windows 8 Password without using any third party software - umago
http://reboot.pro/topic/17872-reset-a-windows-8-password-without-using-any-third-party-software/

======
antoncohen
I can't believe they haven't fixed that. I discovered that the login prompt
ran with system-level privileges in Windows 95. I used it to play Duke3D in
computer class when I was 14. You could press Ctl+Alt+Del to bring up Task
Manager, from Task Manager you could choose to run a command, and run
explorer.exe. It would start Windows with full admin access.

~~~
EvanAnderson
Windows 95 had no security model. There are no "system-level privileges" in
Windows 95. If you could execute any code on the machine you "owned" it. There
were some contrivances in the shell to attempt to limit user access, but
nothing serious like the security architecture of Windows NT.

~~~
antoncohen
You are correct that Windows 95 did not have the security model of NT, but
administrators could limit what users were allowed to do in the Windows shell.
If I logged in with my user account I could not play the game I wanted to
play.

"You can restrict what users are allowed to do from the desktop and what they
are allowed to configure using Control Panel." -
<http://technet.microsoft.com/en-us/library/cc751094.aspx>

~~~
mganon
Because of the absence of an underlying security model, this very often did
not work properly, i.e. you could workaround pretty much every kind of
"restriction" on Windows 9x by smart mouse and keyboard only moves.

------
hrrsn
Physical access is always game over.

~~~
nodata
No it isn't. That would only be true assuming you have a knowledgable
attacker. For most cases physical access definitely does not mean game over.

~~~
Aardwolf
Yes it is: remove harddrive. Put harddrive on other PC. Read contents of
harddrive. Or even reboot the existing PC with an OS on USB or optical drive.

Unless the HD is encrypted of course, but that is not what this article and
password is about.

~~~
Xylakant
Well, given that you can install a keylogger on the usb keyboard nowadays, it
is - even with encrypted harddrives. Or you can freeze the RAM, remove it and
read the encryption key.

However, encryption makes things quite a bit harder.

~~~
bloblaw
The trick with defeating cold boot attacks (aka freezing the RAM) is easily
mitigated by a system administrator that forces the system to hibernate
instead of sleep (aka write volatile memory to disk).

It can also be mitigated by requiring not just the TPM chip, but also a PIN,
PASSCODE, or a PASSCODE that is cycled ever 60 seconds or so (on something
like an RSA fob).

This presumes the system has a TPM chip, or a similar mechanism that can
provide an original point for a trusted boot.

~~~
Xylakant
The trick is also easily defeated by turning the machine off instead of
letting it sleep. Certainly. You could as well just go and make the case
locked and hard to break, possibly coupled with an alarm. I was just pointing
out that "encrypted disk" does not mean "100% secure".

------
nwh
Same goes for Macs really. Unless you have a firmware password set, resetting
the root password is a few keystrokes away.

~~~
zapu
Isn't it the case with any other nix or bsd system? Boot into single user,
mount filesystem, change password. I have been mostly working on Windows
lately, but that's how I remember that.

~~~
nwh
Pretty much, but OSX provides a nice GUI to do it.

------
zokier
basically by replacing utilman you can execute arbitrary code with system(?)
privileges? does the login manager check the signature of the executables?

Full-disk encryption sure is nice thing to have, even if it isn't bulletproof.

~~~
eps
Checking signatures obviously won't help here.

------
zapu
Check this DEFCON presentation for Windows tricks:
<http://www.youtube.com/watch?v=Xi0qUZCz6F0>

Interesting demos start at about 20 minutes in.

------
Forili
Reset Windows 8 password without using party software may be have many methods
can be chose. But most of them can be complex or too much request. Anmosoft
Windows Password Reset can solve those problems. Learn more, please visit
<http://www.resetwindowspassword.com>

