Go Premium for a chance to win a PS4. Enter to Win

x
?
Solved

Windows Vista - Hack of user account password

Posted on 2009-07-14
10
Medium Priority
?
1,282 Views
Last Modified: 2013-12-04
My cliient's Dell XPS 1530 laptop running Windows Vista 64-bit Service Pack 2 with Norton 360 version 3 had its only user account password hacked, i.e., someone changed the password to something different from the original password so my client could not log on.  The computer was hard wired to the Internet via a very old D-Link router attached to a Comcast cable modem.  I am interested in learining about the ways the user account password could have been changed without my client's knowledge.  For example, if someone had access to the computer, they could have made the change unbeknownst to my cient.  What are some other ways?  Thanks in advance for your thoughts.
0
Comment
Question by:bbaumberger
10 Comments
 
LVL 1

Assisted Solution

by:rickrythe
rickrythe earned 400 total points
ID: 24855758
Possibly the computer being left unlocked and logged into the desktop or their are various windows password recovery iso's that can be downloaded and burned to a disk. Weak password could have been an issue too. How secure is the location of the computer?
0
 
LVL 1

Assisted Solution

by:rickrythe
rickrythe earned 400 total points
ID: 24855778
Also their could be a possibility that the laptop wasn't connected to a secure wireless connection and someone was using a program like cain & abel to sniff the network and could have gained access that way too.
0
 

Author Comment

by:bbaumberger
ID: 24855806
The computer is located in a residential environment with access limited to my client and his wife.  He has had a practice of using the SAME password for EVERYTHING.  Naturally, he is now listening to my counsel about creating unique, strong passwords for every electrronic relationship.  Fortunately, he is not an e-commerce afficiando.  I am wondering if a malicious script tied to an email attachment could have changed the user account password.  Interestlingly, my client is in the public eye, and the new user account password hint reflected that the perpetrator knows his famous vocation, so it was not a random attack.
0
WatchGuard Case Study: Museum of Flight

“With limited money and limited staffing, we didn’t have a lot of choices in terms of what we could do to bring efficiency. WatchGuard played a central part in changing that.” To provide strong, secure Wi-Fi access within the museum, Hunter chose to deploy WatchGuard’s AP120 APs.

 
LVL 12

Accepted Solution

by:
Gideon7 earned 320 total points
ID: 24856395
I suggest developing a system of passwords that your client can recreate from memory.  For example take the last 2 letters of the web site and append it to a secret prefix -- for Amazon use "Secreton", for bankofamerica.com use "Secretca", for EBay use "Secretay", etc.   For added obfuscation you can do a letter shift ("Secretpo", "Secretdb", "Secretbz"), or some other simple transposition.
0
 

Assisted Solution

by:ReaktiuM
ReaktiuM earned 320 total points
ID: 24859425
As the above people have said, maybe the user has gotten directly into your computer and changed the password via the Control Panel. Another way is that the user may have used OphCrack, which is an application to crack the passwords of a Windows computer, to access the password, then change it from there.

Other ways also include the use of keyloggers to gain the password, then change it.
0
 
LVL 1

Assisted Solution

by:jb2286
jb2286 earned 320 total points
ID: 24891694
I've used a program called Spotmau Powersuite 2009 - this program has the capability to change user passwords from booting into it's Linux-based boot mode and also using the Spotmau Windows-based tool to change passwords.  According to Spotmau, there is a portion of the registry that stores user passwords and is encrypted.  It's difficult to change passwords supposedly, but wiping them and then re-establishing a password is the method Spotmau uses.

Is your client setup on a domain?  If so, you could change the user permissions to never allow a password change for that user, so unless the blackhat gets a hold of your server and domain admin. credentials, you should be better off.
0
 
LVL 17

Assisted Solution

by:OriNetworks
OriNetworks earned 320 total points
ID: 24892278
I really dont see any gain for someone wanting to maliciously change the password. Is it at all possible that the client did change the password and simply forgot?

Here are some methods for changing the password

If the person had physical access to the computer:
-Boot from a password reset cd (Offline NT Password and Registry Editor)
-If the computer was left unattended and unlocked, simply changing the password there
-The user changing the password with CAPS LOCK on so when they enter the password next time it seems like a different password
-A family member changes the password without informing the owner

Any other circumstance
-Brute force password guessing
-Dictionary attacks to guess the password
-Sniffing passwords sent over the internet/network (if same password is commonly used)
-Malware/spyware/virus/worm changing the current users password
0
 
LVL 66

Assisted Solution

by:johnb6767
johnb6767 earned 320 total points
ID: 24944365
Someone could have had remote access to a command shell, via some exploit, and changed it that way as well. Are you sure the password was changed? Possible that the SAM got corrupted, and doesnt recognize the current password?
0
 

Author Closing Comment

by:bbaumberger
ID: 31603560
Thanks to all for thoughtful, incisive suggestions.  
0
 

Author Comment

by:bbaumberger
ID: 24946172
Each person contrubing to thus question provided useful infomation that underscores the importance of using strong passwords that are changed periodically.  Thanks to all contributors.
0

Featured Post

WatchGuard Case Study: Museum of Flight

“With limited money and limited staffing, we didn’t have a lot of choices in terms of what we could do to bring efficiency. WatchGuard played a central part in changing that.” To provide strong, secure Wi-Fi access within the museum, Hunter chose to deploy WatchGuard’s AP120 APs.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Envision that you are chipping away at another e-business site with a team of pundit developers and designers. Everything seems, by all accounts, to be going easily.
The Cyber News Rundown brings you the latest happenings in cyber news weekly. Who am I? I’m Connor Madsen, a Webroot Threat Research Analyst, and a guy with a passion for all things security. Any more questions? Just ask.
Video by: ITPro.TV
In this episode Don builds upon the troubleshooting techniques by demonstrating how to properly monitor a vSphere deployment to detect problems before they occur. He begins the show using tools found within the vSphere suite as ends the show demonst…
Integration Management Part 2

971 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question