Sign in to follow this  
Followers 0
regret

Pointsec

4 posts in this topic

Anyone here familiar with PointSec for PC? Testing so stuff for a network admin to see if I can obtain the admin hash from the encrypted file system, but all my attempts have been unsuccessful.

I can get the system to boot from Linux live cd's (Knoppix, Knoppix STD, Ubuntu 6.10, BackTrack2.0, etc) and windows' live cd's (BartPE) but mounting the NTFS volume always comes back with a unknown volume error...even when manually mounting it with the linux commands and the ntfs-rw package in ubuntu.

I've learned from the documentation I've managed to squander that PointSec's software is put into the bootloader and the entire operating system is encrypted end-to-end, this would explain my inability to see the volume from other distro's...so I was thinking about clearing the MBR. Has anyone else encountered/had experience with this software? I don't want to end up requesting to have the software reloaded because of a security control that locks the OS out completely if the MBR is cleared?

What I would really like is a full *.pdf manual if anyone has it? PM me or post it here if you got it...

Share this post


Link to post
Share on other sites
:spawn1: Give up :spawn1:

As much as I hate saying that, it's true. PointSuck uses asymmetric encryption for encrypting the entire drive/partition. Those live CDs will get you no where unless you have the creds to auth to the disk. PointSuck did have a security implementation flaw because after a user auth'd, then using a disk editor like WinHex the analyist can find the username and password to ALL the users. :blink: I heard it was fixed. :voteyes:

To gain access, you will need one of their support tools for DR and a valid account. If you try to attack the encryption algorithm, I hope you have a lot of time on your hands. <_<

Happy hunting Edited by fD3M@n

Share this post


Link to post
Share on other sites
Don't waste your time, DOD uses this stuff and its FIPS V2 certified.


but I know a few tricks.....
I cannot disclose.......

Share this post


Link to post
Share on other sites
Unfortunatly the easiest way to even try is to get the the Pointsec password screen and try to SE or brute force the ADMIN or other account. If it doesn't come up, hold both Shift keys when the Pontsec bar scrolls across.

If you can get into it, then you can do other stuff like alternative boot media, but you're already in at that point anyway. If the PPBA is enabled, then you can get it by beating the windows passwords. Normally once they are booted any exploit that would get you in will let you in.

Share this post


Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!


Register a new account

Sign in

Already have an account? Sign in here.


Sign In Now
Sign in to follow this  
Followers 0