Jump to content

- - - - -


  • Please log in to reply
3 replies to this topic

#1 regret


    SUPR3M3 31337 Mack Daddy P1MP

  • Members
  • 472 posts
  • Location:Are any of us ever in one place at any give time?

Posted 03 May 2007 - 06:31 PM

Anyone here familiar with PointSec for PC? Testing so stuff for a network admin to see if I can obtain the admin hash from the encrypted file system, but all my attempts have been unsuccessful.

I can get the system to boot from Linux live cd's (Knoppix, Knoppix STD, Ubuntu 6.10, BackTrack2.0, etc) and windows' live cd's (BartPE) but mounting the NTFS volume always comes back with a unknown volume error...even when manually mounting it with the linux commands and the ntfs-rw package in ubuntu.

I've learned from the documentation I've managed to squander that PointSec's software is put into the bootloader and the entire operating system is encrypted end-to-end, this would explain my inability to see the volume from other distro's...so I was thinking about clearing the MBR. Has anyone else encountered/had experience with this software? I don't want to end up requesting to have the software reloaded because of a security control that locks the OS out completely if the MBR is cleared?

What I would really like is a full *.pdf manual if anyone has it? PM me or post it here if you got it...

#2 fD3M@n


    the 0ne

  • Members
  • 1 posts

Posted 04 May 2007 - 08:24 PM

:spawn1: Give up :spawn1:

As much as I hate saying that, it's true. PointSuck uses asymmetric encryption for encrypting the entire drive/partition. Those live CDs will get you no where unless you have the creds to auth to the disk. PointSuck did have a security implementation flaw because after a user auth'd, then using a disk editor like WinHex the analyist can find the username and password to ALL the users. :blink: I heard it was fixed. :voteyes:

To gain access, you will need one of their support tools for DR and a valid account. If you try to attack the encryption algorithm, I hope you have a lot of time on your hands. <_<

Happy hunting

Edited by fD3M@n, 06 May 2007 - 11:07 AM.

#3 stacksmasher


    Mack Daddy 31337

  • Members
  • 214 posts

Posted 25 July 2007 - 02:13 PM

Don't waste your time, DOD uses this stuff and its FIPS V2 certified.

but I know a few tricks.....
I cannot disclose.......

#4 AnalogPear


    I broke 10 posts and all I got was this lousy title!

  • Members
  • 16 posts

Posted 30 July 2007 - 07:23 PM

Unfortunatly the easiest way to even try is to get the the Pointsec password screen and try to SE or brute force the ADMIN or other account. If it doesn't come up, hold both Shift keys when the Pontsec bar scrolls across.

If you can get into it, then you can do other stuff like alternative boot media, but you're already in at that point anyway. If the PPBA is enabled, then you can get it by beating the windows passwords. Normally once they are booted any exploit that would get you in will let you in.

BinRev is hosted by the great people at Lunarpages!