Unoffical empeg BBS

Quick Links: Empeg FAQ | Software | RioCar.Org | Hijack | BigDisk Builder | jEmplode | emphatic
Repairs: Repairs | Addons: Eutronix | Cases

Topic Options
#371633 - 05/02/2019 12:42 Cracking windows password...
pca
old hand

Registered: 20/07/1999
Posts: 1094
Loc: UK
Hi.

Some background info. A friend of a friend recently died rather unexpectedly, at a fairly young age. His wife needs to get access to his paypal and ebay accounts for the business he ran. Unfortunately he doesn't seem to have left the details for them anywhere easily accessable.There is a decent chance that his accounts are logged in on his windows box, or the passwords are stored there, but of course, THAT also has a password on it that she doesn't know...

Now, presuming he didn't use disk encryption, the obvious solution is to plug the drive from the computer into another system, or in fact boot it from a USB stick into linux. Either approach should allow access to the filesystem. But if things are not quite that easy, is there any viable method to bypass the password on a modern windows system?

I'm not certain which flavor of windows it is running, but knowing the man it would almost certainly be either windows 7 or windows 10. Nothing earlier, certainly, and he didn't like Win 8 smile

Any suggestions?

pca
_________________________
Experience is what you get just after it would have helped...

Top
#371634 - 05/02/2019 14:48 Re: Cracking windows password... [Re: pca]
K447
old hand

Registered: 29/05/2002
Posts: 712
Loc: Toronto, Ontario, Canada
Is this a desktop computer or some sort of laptop?

SSD drive?

If the computer is currently connected to a local network, perhaps the Windows version might be sniffed out by the way it presents itself to the network. Best scenario, it has open network shares.

——————
Discussed elsewhere on an old thread on here - what happens when you depart without leaving a map and password access for your survivors...
Crypto CEO dies with the password to unlock $200+ million of customers' Bitcoin

Top
#371635 - 05/02/2019 15:25 Re: Cracking windows password... [Re: pca]
Attack
addict

Registered: 01/03/2002
Posts: 583
Loc: Florida
I've used NTPassword many times in the past to reset a forgotten password.

https://www.iseepassword.com/reset-windows-password-ntpasswd-free.html
_________________________
Chad

Top
#371636 - 05/02/2019 15:42 Re: Cracking windows password... [Re: pca]
JBjorgen
carpal tunnel

Registered: 19/01/2002
Posts: 3538
Loc: Columbus, OH
I’m going to second what Attack said, I’ve used it many times, although it’s been a few years
_________________________
~ John

Top
#371637 - 05/02/2019 16:01 Re: Cracking windows password... [Re: pca]
pca
old hand

Registered: 20/07/1999
Posts: 1094
Loc: UK
Thanks, I'll tell my friend about that and we can see if it works.

pca
_________________________
Experience is what you get just after it would have helped...

Top
#371638 - 05/02/2019 16:55 Re: Cracking windows password... [Re: Attack]
K447
old hand

Registered: 29/05/2002
Posts: 712
Loc: Toronto, Ontario, Canada
Originally Posted By: Attack
I've used NTPassword many times in the past to reset a forgotten password.

https://www.iseepassword.com/reset-windows-password-ntpasswd-free.html

Step 8 is missing?

Top
#371639 - 05/02/2019 17:06 Re: Cracking windows password... [Re: pca]
K447
old hand

Registered: 29/05/2002
Posts: 712
Loc: Toronto, Ontario, Canada
Originally Posted By: pca
... His wife needs to get access to his paypal and ebay accounts for the business he ran. ... There is a decent chance that his accounts are logged in on his windows box, or the passwords are stored there, but of course, THAT also has a password on it that she doesn't know...

Now, presuming he didn't use disk encryption, the obvious solution is to plug the drive from the computer into another system, or in fact boot it from a USB stick into linux. Either approach should allow access to the filesystem. But if things are not quite that easy, is there any viable method to bypass the password on a modern windows system?
...
Given the scenarios listed, shutting down the Windows computer may lose access to the currently logged PayPal and ebay accounts? Should the desired account passwords not be present.

If the fellow had any other device (Smartphone or tablet) that also has access to the email accounts linked to ebay and PayPal, I might start there. Reset the ebay password, wait for the confirm email with password reset link. Click that, reset password. Should allow access.

Same method with PayPal. But there may also be ‘secret security questions’ to which the answers must be given.

Tricky stuff, to get the sequence just right or access to some accounts may never be recovered.

Top
#371640 - 05/02/2019 18:01 Re: Cracking windows password... [Re: pca]
tahir
pooh-bah

Registered: 27/02/2004
Posts: 1769
Loc: London
When my brother died it was only through his iphone that we gained access to any of his non work stuff. No one in his family knew any details.

I must put something together myself!

Top
#371641 - 05/02/2019 22:56 Re: Cracking windows password... [Re: K447]
Shonky
pooh-bah

Registered: 12/01/2002
Posts: 1976
Loc: Brisbane, Australia
Originally Posted By: K447
Originally Posted By: Attack
I've used NTPassword many times in the past to reset a forgotten password.

https://www.iseepassword.com/reset-windows-password-ntpasswd-free.html

Step 8 is missing?

It is but that page is also trying to get you to use method 2 which is their software.

Things like Paypal and ebay should be accessible if you have his phone and email access even without the Windows machine. Just hope he saved passwords. If he didn't email+phone should get you there in almost all cases to reset them.

Rebooting the device shouldn't affect cookies and really wiping the user's password is going to be the quickest way.

Also should you get as far as Windows running, to get to things like auto saved passwords in the browser (rather than just resetting them):
https://www.nirsoft.net/utils/web_browser_password.html

To extract an mail password
https://www.nirsoft.net/utils/mailpv.html

Outlook PST password:
https://www.nirsoft.net/utils/pst_password.html

There may be some other useful ones here too:
https://www.nirsoft.net/
_________________________
Christian
#40104192 120Gb (no longer in my E36 M3, won't fit the E46 M3)

Top
#371642 - 06/02/2019 14:58 Re: Cracking windows password... [Re: pca]
Dignan
carpal tunnel

Registered: 08/03/2000
Posts: 12162
Loc: Sterling, VA
Originally Posted By: pca
Hi.

Some background info. A friend of a friend recently died rather unexpectedly, at a fairly young age. His wife needs to get access to his paypal and ebay accounts for the business he ran. Unfortunately he doesn't seem to have left the details for them anywhere easily accessable.There is a decent chance that his accounts are logged in on his windows box, or the passwords are stored there, but of course, THAT also has a password on it that she doesn't know...

Now, presuming he didn't use disk encryption, the obvious solution is to plug the drive from the computer into another system, or in fact boot it from a USB stick into linux. Either approach should allow access to the filesystem. But if things are not quite that easy, is there any viable method to bypass the password on a modern windows system?

I'm not certain which flavor of windows it is running, but knowing the man it would almost certainly be either windows 7 or windows 10. Nothing earlier, certainly, and he didn't like Win 8 smile

Any suggestions?

pca

I unlock Windows machines all the time. It's surprisingly easy. This is my favorite technique. The tl;dr version is that you use a Windows 10 install disk or drive to get a command prompt. Then you replace the utilman.exe file (backing it up first) with cmd.exe. Then you restart and at the login screen you click on the Utility Manager icon at the lower left (that nobody has ever used ever) and it launches a command prompt where you can create an admin account, log in as that account, and change the passwords on the other user(s).

Other than that, I also use the Nirsoft tools listed by Christian, especially Mailpassview (which you'll need to download using Internet Explorer because Chrome doesn't want to let a tool like that through wink ).

*edit*
Note that the above method doesn't work if it's a Microsoft account on Windows 10, just a local account. If it's a Microsoft account then I hope you have access to their email account in some way...


Edited by Dignan (06/02/2019 15:00)
_________________________
Matt

Top
#371644 - 07/02/2019 01:22 Re: Cracking windows password... [Re: pca]
DWallach
carpal tunnel

Registered: 30/04/2000
Posts: 3730
I don't have anything particular to add, with respect to breaking into the locked NT account, but I'll note that this sort of thing happens with enough regularity that any reputable business, and that includes PayPal, will have a process for resolving the issue. No doubt, it will require way too much legal documentation, but it's always going to be possible.

When pursuing this sort of thing, you first should regain control of the email account(s) and cell phone number(s). The latter might be recoverable simply by popping the SIM card into a fresh phone. At that point, you've got what you need to "forget" your password on other sites and deal with most common account recovery procedures.

Top
#371645 - 07/02/2019 14:23 Re: Cracking windows password... [Re: DWallach]
Dignan
carpal tunnel

Registered: 08/03/2000
Posts: 12162
Loc: Sterling, VA
Originally Posted By: DWallach
I don't have anything particular to add, with respect to breaking into the locked NT account, but I'll note that this sort of thing happens with enough regularity that any reputable business, and that includes PayPal, will have a process for resolving the issue. No doubt, it will require way too much legal documentation, but it's always going to be possible.

When pursuing this sort of thing, you first should regain control of the email account(s) and cell phone number(s). The latter might be recoverable simply by popping the SIM card into a fresh phone. At that point, you've got what you need to "forget" your password on other sites and deal with most common account recovery procedures.

Agreed with all of that. Also, from experience when my father died, you might want to get extra death certificates.
_________________________
Matt

Top
#371646 - 07/02/2019 15:04 Re: Cracking windows password... [Re: Dignan]
K447
old hand

Registered: 29/05/2002
Posts: 712
Loc: Toronto, Ontario, Canada
Originally Posted By: Dignan
Originally Posted By: DWallach
I don't have anything particular to add, with respect to breaking into the locked NT account, but I'll note that this sort of thing happens with enough regularity that any reputable business, and that includes PayPal, will have a process for resolving the issue. No doubt, it will require way too much legal documentation, but it's always going to be possible.

When pursuing this sort of thing, you first should regain control of the email account(s) and cell phone number(s). The latter might be recoverable simply by popping the SIM card into a fresh phone. At that point, you've got what you need to "forget" your password on other sites and deal with most common account recovery procedures.

Agreed with all of that. Also, from experience when my father died, you might want to get extra death certificates.
Situation specific, but sometimes, for certain institutions (financial or otherwise) it can be pragmatic to access the accounts (log in) and get things sorted before notifying them that the primary account holder has passed.

Typically as soon as they become aware the entire account typically gets locked out until they receive complete paperwork regarding the executor or whoever is legally authorized to take control. Even then it can be rather limited control. And it can take a long time for that control to become active. Weeks, sometimes months.

For example, a stock market investment or trading account may have active trades in progress. If the account gets locked down before those open positions are sold or otherwise closed out, the stock market can take a turn ‘the wrong way’ and nothing can be done to stem the losses.

Soooo ... log in as the account owner, trigger the actions necessary to close active/open positions and go to cash. Account value will then remain stable while the legal process grinds along.

Even better, have a second person fully authorized on each/every account, long before the demise of the primary account holder. The second person can then log in as themselves, quite separate from the primary.

Top
#371649 - 08/02/2019 12:28 Re: Cracking windows password... [Re: K447]
tahir
pooh-bah

Registered: 27/02/2004
Posts: 1769
Loc: London
Originally Posted By: K447
Even better, have a second person fully authorized on each/every account, long before the demise of the primary account holder. The second person can then log in as themselves, quite separate from the primary.


I need to do that, but it's so time consuming

Top
#371650 - 08/02/2019 17:44 Re: Cracking windows password... [Re: tahir]
tanstaafl.
carpal tunnel

Registered: 08/07/1999
Posts: 5407
Loc: Ajijic, Mexico
Originally Posted By: tahir
Originally Posted By: K447
Even better, have a second person fully authorized on each/every account, long before the demise of the primary account holder. The second person can then log in as themselves, quite separate from the primary.


I need to do that, but it's so time consuming


Or... what I have done is share a LastPass account so that both my wife and myself have access to all of each other's accounts.

tanstaafl.
_________________________
"There Ain't No Such Thing As A Free Lunch"

Top
#371651 - 08/02/2019 18:50 Re: Cracking windows password... [Re: tanstaafl.]
K447
old hand

Registered: 29/05/2002
Posts: 712
Loc: Toronto, Ontario, Canada
Originally Posted By: tanstaafl.
Originally Posted By: tahir
Originally Posted By: K447
Even better, have a second person fully authorized on each/every account, long before the demise of the primary account holder. The second person can then log in as themselves, quite separate from the primary.


I need to do that, but it's so time consuming


Or... what I have done is share a LastPass account so that both my wife and myself have access to all of each other's accounts.

tanstaafl.
Scenarios exist in which someone other than the couple may need to access the accounts and understand what is what, and what to do with them.

Essentially, a system in which a duly authorized ‘stranger’ is able see a ‘map’ of assets and accounts, have the access.

Top
#371693 - 15/02/2019 21:53 Re: Cracking windows password... [Re: pca]
tfabris
carpal tunnel

Registered: 20/12/1999
Posts: 31313
Loc: Seattle, WA
_________________________
Tony Fabris

Top