CodeMonkeyZ think the auditors will be able to easily crack the password
(media.greatawakening.win)
? Notable
You're viewing a single comment thread. View all comments, or full comment thread.
Comments (115)
sorted by:
So long as the disk isn’t encrypted. Given how sloppy it seems Dominion was I figure it’s a safe bet the disk isn’t encrypted.
You don’t crack what you can just change. I haven’t done this in years. Anymore it is probably a lot easier than back then. You can likely boot the computer with a Live USB of Kali LInux. This will run the operating system completely in memory. You then mount the disk of the computer to the OS you booted. Change a file or two where the password is stored and BAM. Reboot the computer using its disk, login with the password you set. This assumes the disk isn’t encrypted.
The people that do this stuff are wizards. With physical access, they can likely break into damn near anything. Even if the disk is encrypted, they might just drop it onto a network and use some kind of vulnerability to crawl across the network and break in.
With Windows XP you could boot from MsDos from a CD, access the file system, and there was a file that store all the passwords and user accounts you could delete. Once you deleted it all accounts were locked and the administrator password was reset to default.
The best part is it, I bet Space Force has all the login info anyway. These people are just further implicating themselves.
I’ve recovered so many windows machines. Mount the disk, replace the accessibility software with a command prompt and run a few commands. Reboot and log in with the password you set.
Even if the disk is encrypted, there are tools to break the encryption. There are hardware tools designed for especially that, and not software tools, hardware.
The question is did Dominion use bitlocker? I'm betting no. White hats were able to get into these machines during the election in georgia. My guess is they don't need the password at all.
Next question: did Dominion shell out the extra 20 to 30 for TPM chips per system? I'm also betting no.
I don't believe that Dominion saw a situation where white hats would ever get their hands on one of these machines. In all the other countries they were being used, they were in a position that election wasn't questioned. However this is the USA, and Patriots do not sit and do as they are told.
My guess is they are already in the machines. They are just asking as some sort of "4D" chess move.
It's been awhile, but I know there were various LANMAN attacks and such that made cracking windows passwords really easy. It's always a cat and mouse game, hell, I remember being in College hearing how MD5 was uncrackable, could only be brute forced, by the time I graduated MD5 hash collisions trivialized all that.
A lot of times shitty companies hide their multimillion dollar software behind simple security through obscurity bs. I've cracked multiple HASP dongle programs that only had simple test donglestatus, jne nodongle almost everytime. The most complex dongle I defeated took me about 10 hours. I created my own dll injection and overwrote most of the HASP API so that I could provide my own responses (luckily they didn't hide any code on the actual dongle as that was MIA), all the information on how to do that was part of the HASP API, just had to find the proper calls and replace em with my own functions returning bullshit that's similar.
I've had to go in and do some database modification for apps that didn't allow me into the database, it'll be existing in plaintext in some form or another (sometimes can just capture the SQL opening up the database, but usually it's also just hiding in plaintext somewhere).
That being said, our admin's Windows NT password was ~13 characters, couple special chars and took about two weeks with a few of our geeks in school dividing our awesome Pentium 2 power at home running l0pht against it in the late 90s.
u/#michaelconfused
And I'm reading that it sounds like I'm coming off as an asshole a bit. There's been plenty of shit I didn't crack in my day too, either because it was beyond my skill. SecuROM used to be one of my big banes, only was able to crack one game successfully and that was because they didn't encode properly.
I actually enjoyed doing it though, so would take on various reqs on IRC and from friends back in the day, . While these devices are rare in the wild, they can be gotten if you care enough to throw money at it. The older equipment can be found for around $200-$300 per machine.
God I love this community. We have the best, simply the best.
All about that
Enable algorithm-type scrypt secret password value SRS