PDA

View Full Version : My windows login password was bypass, what do I do???



JMobile
05-03-2007, 04:36 AM
OK, so here I go; I have my laptop protected with my password. No one knows it because its not your typical password. But my brother's friends come over and get into my laptop. When power my laptop, I see that there is the Administrator(me) and a guest account next to it. WTF??? I never turned on the Guest Acct!
How did they do this?

I never learned this, but the only acces before the login screen is Bios.
F8 and then I don't know where else.

Now my 2 questions is, how exactly did they do this?

And is there a way to protect anyone from using Bios?

I know it was them because I just got home and saw my laptop closed but the power light was left on.
Help me out. :(

Ezekiel
05-03-2007, 06:38 AM
And is there a way to protect anyone from using Bios?
(

Go into your BIOS settings when booting up (try reading this (http://http://www.michaelstevenstech.com/bios_manufacturer.htm)), and there should be an option to protect the BIOS with a password. For an even more secure setup, you can protect the whole system with a BIOS password; only booting with the correct password.

This is a fairly secure way of protecting your computer, but you can reset the BIOS (removing passwords) by taking out the small battery near it on the mother***rd. I've never tried this though.

JMobile
05-04-2007, 02:31 AM
This is a fairly secure way of protecting your computer, but you can reset the BIOS (removing passwords) by taking out the small battery near it on the mother***rd. I've never tried this though.


I have a laptop, I doubt it.

Voddo
05-18-2007, 05:39 PM
BIOS' could still have their passwords reset by FLASHing the chip and resetting it back to default. This can be done by booting up using a Bootable Floppy or CD-ROM with the BIOS flash on it then launching the program. (Mike the CMOS battery trick still works too.)

As for gaining access to the Administrator account. I wont go into details but you can aquire the password hash for user accounts by booting up using a on-the-fly CD such as various versions of linux and aquiring the file containing the hash (whilst in windows this file is hidden from view and *******). To keep your own account secure, Id recommend using (like its said so many times) a hard to guess alphanumeric password with at least 8 characters and * special character.

That and keeping it secret is your only real security if the guy knows what he's doing.