Password Reset Key

[LordXenu]

While the key itself seems like a good tool, I really don't like it being for sale to general consumers. If I'm gonna get my shit hacked, I would rather get hacked by a real hacker, and not some scumbag who bought some gadget off the internet.

 

And before anyone says it, yes you need physical presence, but the key would make it easier for thieves to get access to your data if they steal your computer. They would also have an easier time cleaning it off to resell it.

 

 

[Zodiark1593]

If this is just the Windows login password, the fact that it is easily broken isn't news. For what it's worth, I consider it akin to a locked front door. Enough to deter family and friends from snooping, though it is little more than a speed bump to a determined attacker. Encryption is where the real protection begins. 

[Bleedingyamato]

6 minutes ago, Zodiark1593 said:

If this is just the Windows login password, the fact that it is easily broken isn't news. For what it's worth, I consider it akin to a locked front door. Enough to deter family and friends from snooping, though it is little more than a speed bump to a determined attacker. Encryption is where the real protection begins. 

If a Windows password is so easy to get past especially with physical access to s computer what should I be using to keep an attacked from just easily getting into my computer?

[luigi90210]

12 minutes ago, Bleedingyamato said:

If a Windows password is so easy to get past especially with physical access to s computer what should I be using to keep an attacked from just easily getting into my computer?

Bitlocker and a drive that supports encryption and requires a password to be entered before booting. Although I'm sure a smart enough hacker could even get past that if they wanted to(that's assuming you had data really worth the time)

[AlTech]

6 hours ago, nicklmg said:

Buy Password Reset Key on Amazon: http://geni.us/HyKS

 

Are you a 1337 hacker? You don't need to be if you have this tiny device...

 

 

I hope LTT has good lawyers because if something happens to my PC using this Password reset key, you can bet that I will sue.

 

this is the most stupid thing on the planet. I lost all respect I ever had for Linus.

 

Informing people about this is as bad as showing bank robbers how to rob a bank and frankly this product should be illegal.

 

the potential for misuse is huge and this is the internet after all.

[Arty]

-snip-

[popman]

You don't need to buy this, there's already this commercial software that lets you make these kinds of keys already. As many as you want.

http://www.kon-boot.com/

 

Not just for windows either.

[Bouzoo]

11 hours ago, AluminiumTech said:

I hope LTT has good lawyers because if something happens to my PC using this Password reset key, you can bet that I will sue.

 

this is the most stupid thing on the planet. I lost all respect I ever had for Linus.

 

Informing people about this is as bad as showing bank robbers how to rob a bank and frankly this product should be illegal.

 

the potential for misuse is huge and this is the internet after all.

Of course you will. 

If someone manages to misuse this by physically getting to your PC and using this, well guess who's to blame.

This is nothing new really. Hiren's Boot (which contains kon-boot) has been out for a long time now. The difference is that this costs $20, while Hiren's has always been free. This can actually be used for good purposes, if you repair PCs for instance.

The misuse for this is the same, if not lower than it is with free programs that do the exactly same thing. 

[kirashi]

6 hours ago, LeapFrogMasterRace said:

This is why macs are always better than PCs 

Um, no, not unless you've enabled full disk encryption, similar to BitLocker or TrueCrypt.

I can "hack a mac" in 5 minutes using the built in resetpassword utility from single user mode or recovery mode:

http://www.macworld.co.uk/how-to/mac/how-hack-into-mac-change-password-3640399/

Even adding a firmware lock password isn't good enough as you can get around that too:

http://www.hackmac.org/tutorials/access-single-user-mode-when-locked-in-os-x/

4 hours ago, Daniel644 said:

well you went and RUINED my streak of being first comment on nearly every video posted for the last several weeks, now videos will release when I'm at work and can't watch them. I do not like this change.

In protest I will not be watching this video. Is getting more non subscriber views more important to you then your subscribers?

I hope you're being sarcastic or making a joke about being the first to comment on YouTube videos...

3 hours ago, Daniel9841 said:

The easiest and fastest way is to protect yourself is to run (Windows button + R) syskey.exe. It's a free program from Microsoft. It comes with Windows.

Absolutely! When it asks for a password, you should just mash on your keyboard randomly so you have no idea what it is.

This helps protect your account from any damage that you may (un)intentionally do to it as well, since even you won't know the password.

1 hour ago, AluminiumTech said:

I hope LTT has good lawyers because if something happens to my PC using this Password reset key, you can bet that I will sue.

this is the most stupid thing on the planet. I lost all respect I ever had for Linus.

Informing people about this is as bad as showing bank robbers how to rob a bank and frankly this product should be illegal.

the potential for misuse is huge and this is the internet after all.

I also hope this comment is sarcastic and you're not actually considering legal action because of what is essentially a map.

[Daniel644]

13 minutes ago, kirashi said:

I hope you're being sarcastic or making a joke about being the first to comment on YouTube videos...

No actually look at every video posted since PAX ended and we returned to a normal upload schedule, I have been the first comment on all but like 5 videos (of the videos posted to the LinusTechTips channel, not Techquickie or C.S.F.) 2 of those videos where special releases posted in the middle of the day like the Razor 3 Million Sub giveaway.

 

And to answer your question YES I have no life, If I did I wouldn't care what they do, heck I probably wouldn't even sub to their channel.

[Zodiark1593]

2 hours ago, Bleedingyamato said:

If a Windows password is so easy to get past especially with physical access to s computer what should I be using to keep an attacked from just easily getting into my computer?

Software that allows for full disk encryption is the best bet. While there are methods of obtaining the password via keylogger (and brute forcing), these take time and knowledge, something most two-bit thieves mercifully lack. 

 

Of course, if you're being physically targeted by a skilled hacker, you will need a lot more than a single layer of encryption to save your apparently valuable data. 

[Bleedingyamato]

7 hours ago, LeapFrogMasterRace said:

This is why macs are always better than PCs 

Plesse tell me you're joking.

 

It is 100% untrue that MacOS is more secure than Windows. 

[Bleedingyamato]

55 minutes ago, Zodiark1593 said:

Software that allows for full disk encryption is the best bet. While there are methods of obtaining the password via keylogger (and brute forcing), these take time and knowledge, something most two-bit thieves mercifully lack. 

 

Of course, if you're being physically targeted by a skilled hacker, you will need a lot more than a single layer of encryption to save your apparently valuable data. 

Is there something you'd suggest for full disk encryption?

 

I only have W10 Home which I'm pretty sure doesn't have bitlocker.  

 

Questions:

 

1. Does bitlocker need a tpm module to fully work?

 

2.  Any idea where would I get a tpm module from that's a current version and compatible with my motherboard? 

 

I don't currently keep any private stuff on my computer so idk if I really need to bother.  It's mostly just iTunes, games, and schoolwork.

 

But I figure knowing at least one good option for encryption might be smart.  

[Bleedingyamato]

3 hours ago, AluminiumTech said:

I hope LTT has good lawyers because if something happens to my PC using this Password reset key, you can bet that I will sue.

 

this is the most stupid thing on the planet. I lost all respect I ever had for Linus.

 

Informing people about this is as bad as showing bank robbers how to rob a bank and frankly this product should be illegal.

 

the potential for misuse is huge and this is the internet after all.

This does seem somewhat hypocritical to me.  I mean LTT is supposedly against any actual discussion of illegal things like Hackintoshing.  Yet whether they meant to or not, by discussing this key thing LTT is straddling that thin line between hypocrisy and following their own selectively overly strict rules.  Since they're essentially coming just short of openly discussing how to illegally break into someone else's computer by disguising it with mentions of techs using it or commenting on the horrors of how easy it can be to break into a computer.

 

 

[GG_Killer]

Is there anyway to just download the ISO file and put it on a flash drive yourself?

[alextulu]

This works because it boots from the key, so the operating system isn't running.

Because the OS isn't running, it can bypass any access control, and write anywhere on the filesystem, which allows it to delete the password, and the OS can't do anything. (except full disk encryption, like BitLocker)

Since the OS can't do anything, then it should work on any OS, not just Windows.

 

The reason why it doesn't work with online accounts, is because when you boot Windows, it automatically syncs the password with the Microsoft server, and you can only change the password at the server.

 

Also, when Linus says, that this isn't the only way to break into a Windows computer, he shows a page, where it says, that you must already be logged in as administrator, in order for that to work.

Seriously Linus ?

[alextulu]

5 hours ago, GG_Killer said:

Is there anyway to just download the ISO file and put it on a flash drive yourself?

Try torrent sites.

[Crashbash111]

Haha wow this thread got rather sour as I scrolled down further. To be fair, there are different methods that users can put in place, such as encrypting their drives to prevent devices such as these from tampering with windows files so I wouldn't be too worried. Besides, I see the Windows lock screen as more of a way to deter users from trying to get into your PC as it is so inconvenient to go these long routes to reset the passwords.

Personally I'd rather use the old Windows Logon screen trick where you replace a program such as Magnifier with CMD using a Windows setup USB, or during the boot repair screens to gain administrative privileges and modify account passwords/create accounts that way. You save a bit of money, and it works on every OS from Windows 7 and up. (You'll need a Windows 7 installer disk in order to exploit this, as newer OS install disks require that you enter your current Windows password before allowing you access to the command prompt).
EDIT: @respektek pointed out that it actually works on any Windows installer disk, if you hit SHIFT + F10 during the splash screen

[respektek]

2 hours ago, alextulu said:

This works because it boots from the key, so the operating system isn't running.

Because the OS isn't running, it can bypass any access control, and write anywhere on the filesystem, which allows it to delete the password, and the OS can't do anything. (except full disk encryption, like BitLocker)

Since the OS can't do anything, then it should work on any OS, not just Windows.

 

The reason why it doesn't work with online accounts, is because when you boot Windows, it automatically syncs the password with the Microsoft server, and you can only change the password at the server.

 

Also, when Linus says, that this isn't the only way to break into a Windows computer, he shows a page, where it says, that you must already be logged in as administrator, in order for that to work.

Seriously Linus ?

If you were an attacker, you could easily get online account passwords in plaintext.  Full disk encryption is your best bet to stay as secure as possible, for this sort of attack anyway...

[respektek]

3 minutes ago, Crashbash111 said:

Haha wow this thread got rather sour as I scrolled down further. To be fair, there are different methods that users can put in place, such as encrypting their drives to prevent devices such as these from tampering with windows files so I wouldn't be too worried. Besides, I see the Windows lock screen as more of a way to deter users from trying to get into your PC as it is so inconvenient to go these long routes to reset the passwords.

Personally I'd rather use the old Windows Logon screen trick where you replace a program such as Magnifier with CMD using a Windows setup USB, or during the boot repair screens to gain administrative privileges and modify account passwords/create accounts that way. You save a bit of money, and it works on every OS from Windows 7 and up. (You'll need a Windows 7 installer disk in order to exploit this, as newer OS install disks require that you enter your current Windows password before allowing you access to the command prompt).

I totally agree with this but you can use any windows installer disk like Windows 10, all you need to do when you boot up to the setup splash screen is hit SHIFT+F10 and there you have it

[Crashbash111]

1 minute ago, respektek said:

I totally agree with this but you can use any windows installer disk like Windows 10, all you need to do when you boot up to the setup splash screen is hit SHIFT+F10 and there you have it

Ah, thanks for that. I'll edit that into my original post

[alextulu]

2 hours ago, respektek said:

If you were an attacker, you could easily get online account passwords in plaintext.  Full disk encryption is your best bet to stay as secure as possible, for this sort of attack anyway...

You can use a keylogger to get the password, but full disk encryption is not going to help if a keylogger is used.

[mao91]

Way better than the original method I've used for the past 5 years to help clients who locked themselves out of their computer.

1) Remove primary boot HDD/SSD and hook it up to second computer via USB or SATA.
2) Go into the System32 folder on that drive

3) Change sethc.exe (or delete outright)

4) Copy/paste cmd.exe into same folder, change second copy to "sethc.exe"

5) Put HDD/SSD back in original machine and boot

6) At the login screen, hit SHIFT 5 times and CMD should pull up

7) from there you can reset the password on any account or add a new administrative account

 

I've just ordered the key. Thanks so much to whoever came up with this. Wow. Simply wow.

[Tempa]

what about if you have Force two factor authentication ?

[respektek]

2 hours ago, alextulu said:

You can use a keylogger to get the password, but full disk encryption is not going to help if a keylogger is used.

I wasn't talking about a keylogger, a hardware logger is way too obvious in something like a laptop (if you're an attacker)