Cracking windows password...

Posted by: pca

Cracking windows password... - 05/02/2019 12:42

Hi.

Some background info. A friend of a friend recently died rather unexpectedly, at a fairly young age. His wife needs to get access to his paypal and ebay accounts for the business he ran. Unfortunately he doesn't seem to have left the details for them anywhere easily accessable.There is a decent chance that his accounts are logged in on his windows box, or the passwords are stored there, but of course, THAT also has a password on it that she doesn't know...

Now, presuming he didn't use disk encryption, the obvious solution is to plug the drive from the computer into another system, or in fact boot it from a USB stick into linux. Either approach should allow access to the filesystem. But if things are not quite that easy, is there any viable method to bypass the password on a modern windows system?

I'm not certain which flavor of windows it is running, but knowing the man it would almost certainly be either windows 7 or windows 10. Nothing earlier, certainly, and he didn't like Win 8 smile

Any suggestions?

pca
Posted by: K447

Re: Cracking windows password... - 05/02/2019 14:48

Is this a desktop computer or some sort of laptop?

SSD drive?

If the computer is currently connected to a local network, perhaps the Windows version might be sniffed out by the way it presents itself to the network. Best scenario, it has open network shares.

——————
Discussed elsewhere on an old thread on here - what happens when you depart without leaving a map and password access for your survivors...
Crypto CEO dies with the password to unlock $200+ million of customers' Bitcoin
Posted by: Attack

Re: Cracking windows password... - 05/02/2019 15:25

I've used NTPassword many times in the past to reset a forgotten password.

https://www.iseepassword.com/reset-windows-password-ntpasswd-free.html
Posted by: JBjorgen

Re: Cracking windows password... - 05/02/2019 15:42

I’m going to second what Attack said, I’ve used it many times, although it’s been a few years
Posted by: pca

Re: Cracking windows password... - 05/02/2019 16:01

Thanks, I'll tell my friend about that and we can see if it works.

pca
Posted by: K447

Re: Cracking windows password... - 05/02/2019 16:55

Originally Posted By: Attack
I've used NTPassword many times in the past to reset a forgotten password.

https://www.iseepassword.com/reset-windows-password-ntpasswd-free.html

Step 8 is missing?
Posted by: K447

Re: Cracking windows password... - 05/02/2019 17:06

Originally Posted By: pca
... His wife needs to get access to his paypal and ebay accounts for the business he ran. ... There is a decent chance that his accounts are logged in on his windows box, or the passwords are stored there, but of course, THAT also has a password on it that she doesn't know...

Now, presuming he didn't use disk encryption, the obvious solution is to plug the drive from the computer into another system, or in fact boot it from a USB stick into linux. Either approach should allow access to the filesystem. But if things are not quite that easy, is there any viable method to bypass the password on a modern windows system?
...
Given the scenarios listed, shutting down the Windows computer may lose access to the currently logged PayPal and ebay accounts? Should the desired account passwords not be present.

If the fellow had any other device (Smartphone or tablet) that also has access to the email accounts linked to ebay and PayPal, I might start there. Reset the ebay password, wait for the confirm email with password reset link. Click that, reset password. Should allow access.

Same method with PayPal. But there may also be ‘secret security questions’ to which the answers must be given.

Tricky stuff, to get the sequence just right or access to some accounts may never be recovered.
Posted by: tahir

Re: Cracking windows password... - 05/02/2019 18:01

When my brother died it was only through his iphone that we gained access to any of his non work stuff. No one in his family knew any details.

I must put something together myself!
Posted by: Shonky

Re: Cracking windows password... - 05/02/2019 22:56

Originally Posted By: K447
Originally Posted By: Attack
I've used NTPassword many times in the past to reset a forgotten password.

https://www.iseepassword.com/reset-windows-password-ntpasswd-free.html

Step 8 is missing?

It is but that page is also trying to get you to use method 2 which is their software.

Things like Paypal and ebay should be accessible if you have his phone and email access even without the Windows machine. Just hope he saved passwords. If he didn't email+phone should get you there in almost all cases to reset them.

Rebooting the device shouldn't affect cookies and really wiping the user's password is going to be the quickest way.

Also should you get as far as Windows running, to get to things like auto saved passwords in the browser (rather than just resetting them):
https://www.nirsoft.net/utils/web_browser_password.html

To extract an mail password
https://www.nirsoft.net/utils/mailpv.html

Outlook PST password:
https://www.nirsoft.net/utils/pst_password.html

There may be some other useful ones here too:
https://www.nirsoft.net/
Posted by: Dignan

Re: Cracking windows password... - 06/02/2019 14:58

Originally Posted By: pca
Hi.

Some background info. A friend of a friend recently died rather unexpectedly, at a fairly young age. His wife needs to get access to his paypal and ebay accounts for the business he ran. Unfortunately he doesn't seem to have left the details for them anywhere easily accessable.There is a decent chance that his accounts are logged in on his windows box, or the passwords are stored there, but of course, THAT also has a password on it that she doesn't know...

Now, presuming he didn't use disk encryption, the obvious solution is to plug the drive from the computer into another system, or in fact boot it from a USB stick into linux. Either approach should allow access to the filesystem. But if things are not quite that easy, is there any viable method to bypass the password on a modern windows system?

I'm not certain which flavor of windows it is running, but knowing the man it would almost certainly be either windows 7 or windows 10. Nothing earlier, certainly, and he didn't like Win 8 smile

Any suggestions?

pca

I unlock Windows machines all the time. It's surprisingly easy. This is my favorite technique. The tl;dr version is that you use a Windows 10 install disk or drive to get a command prompt. Then you replace the utilman.exe file (backing it up first) with cmd.exe. Then you restart and at the login screen you click on the Utility Manager icon at the lower left (that nobody has ever used ever) and it launches a command prompt where you can create an admin account, log in as that account, and change the passwords on the other user(s).

Other than that, I also use the Nirsoft tools listed by Christian, especially Mailpassview (which you'll need to download using Internet Explorer because Chrome doesn't want to let a tool like that through wink ).

*edit*
Note that the above method doesn't work if it's a Microsoft account on Windows 10, just a local account. If it's a Microsoft account then I hope you have access to their email account in some way...
Posted by: DWallach

Re: Cracking windows password... - 07/02/2019 01:22

I don't have anything particular to add, with respect to breaking into the locked NT account, but I'll note that this sort of thing happens with enough regularity that any reputable business, and that includes PayPal, will have a process for resolving the issue. No doubt, it will require way too much legal documentation, but it's always going to be possible.

When pursuing this sort of thing, you first should regain control of the email account(s) and cell phone number(s). The latter might be recoverable simply by popping the SIM card into a fresh phone. At that point, you've got what you need to "forget" your password on other sites and deal with most common account recovery procedures.
Posted by: Dignan

Re: Cracking windows password... - 07/02/2019 14:23

Originally Posted By: DWallach
I don't have anything particular to add, with respect to breaking into the locked NT account, but I'll note that this sort of thing happens with enough regularity that any reputable business, and that includes PayPal, will have a process for resolving the issue. No doubt, it will require way too much legal documentation, but it's always going to be possible.

When pursuing this sort of thing, you first should regain control of the email account(s) and cell phone number(s). The latter might be recoverable simply by popping the SIM card into a fresh phone. At that point, you've got what you need to "forget" your password on other sites and deal with most common account recovery procedures.

Agreed with all of that. Also, from experience when my father died, you might want to get extra death certificates.
Posted by: K447

Re: Cracking windows password... - 07/02/2019 15:04

Originally Posted By: Dignan
Originally Posted By: DWallach
I don't have anything particular to add, with respect to breaking into the locked NT account, but I'll note that this sort of thing happens with enough regularity that any reputable business, and that includes PayPal, will have a process for resolving the issue. No doubt, it will require way too much legal documentation, but it's always going to be possible.

When pursuing this sort of thing, you first should regain control of the email account(s) and cell phone number(s). The latter might be recoverable simply by popping the SIM card into a fresh phone. At that point, you've got what you need to "forget" your password on other sites and deal with most common account recovery procedures.

Agreed with all of that. Also, from experience when my father died, you might want to get extra death certificates.
Situation specific, but sometimes, for certain institutions (financial or otherwise) it can be pragmatic to access the accounts (log in) and get things sorted before notifying them that the primary account holder has passed.

Typically as soon as they become aware the entire account typically gets locked out until they receive complete paperwork regarding the executor or whoever is legally authorized to take control. Even then it can be rather limited control. And it can take a long time for that control to become active. Weeks, sometimes months.

For example, a stock market investment or trading account may have active trades in progress. If the account gets locked down before those open positions are sold or otherwise closed out, the stock market can take a turn ‘the wrong way’ and nothing can be done to stem the losses.

Soooo ... log in as the account owner, trigger the actions necessary to close active/open positions and go to cash. Account value will then remain stable while the legal process grinds along.

Even better, have a second person fully authorized on each/every account, long before the demise of the primary account holder. The second person can then log in as themselves, quite separate from the primary.
Posted by: tahir

Re: Cracking windows password... - 08/02/2019 12:28

Originally Posted By: K447
Even better, have a second person fully authorized on each/every account, long before the demise of the primary account holder. The second person can then log in as themselves, quite separate from the primary.


I need to do that, but it's so time consuming
Posted by: tanstaafl.

Re: Cracking windows password... - 08/02/2019 17:44

Originally Posted By: tahir
Originally Posted By: K447
Even better, have a second person fully authorized on each/every account, long before the demise of the primary account holder. The second person can then log in as themselves, quite separate from the primary.


I need to do that, but it's so time consuming


Or... what I have done is share a LastPass account so that both my wife and myself have access to all of each other's accounts.

tanstaafl.
Posted by: K447

Re: Cracking windows password... - 08/02/2019 18:50

Originally Posted By: tanstaafl.
Originally Posted By: tahir
Originally Posted By: K447
Even better, have a second person fully authorized on each/every account, long before the demise of the primary account holder. The second person can then log in as themselves, quite separate from the primary.


I need to do that, but it's so time consuming


Or... what I have done is share a LastPass account so that both my wife and myself have access to all of each other's accounts.

tanstaafl.
Scenarios exist in which someone other than the couple may need to access the accounts and understand what is what, and what to do with them.

Essentially, a system in which a duly authorized ‘stranger’ is able see a ‘map’ of assets and accounts, have the access.
Posted by: tfabris

Re: Cracking windows password... - 15/02/2019 21:53

Relevant:

https://www.theregister.co.uk/2019/02/14/password_length/