Welcome to HBH! If you have tried to register and didn't get a verification email, please using the following link to resend the verification email.

PointSec for PC

  1. Home
  2. Forum
  3. Hacking in general
  4. PointSec for PC

regret's Avatar

regret

Attack-Vector Perl
0 0

Anyone here familiar with PointSec for PC? Testing so stuff for a network admin to see if I can obtain the admin hash from the encrypted file system, but all my attempts have been unsuccessful.

I can get the system to boot from Linux live cd's (Knoppix, Knoppix STD, Ubuntu 6.10, BackTrack2.0, etc) and windows' live cd's (BartPE) but mounting the NTFS volume always comes back with a unknown volume error…even when manually mounting it with the linux commands and the ntfs-rw package in ubuntu.

I've learned from the documentation I've managed to squander that PointSec's software is put into the bootloader and the entire operating system is encrypted end-to-end, this would explain my inability to see the volume from other distro's…so I was thinking about clearing the MBR. Has anyone else encountered/had experience with this software? I don't want to end up requesting to have the software reloaded because of a security control that locks the OS out completely if the MBR is cleared?

What I would really like is a full *.pdf manual if anyone has it? PM me or post it here if you got it…


Acin's Avatar

Acin

Member
0 0

I have some experience with pointsec. I know that cracking the encryption should be a very hard task. I belive that it has a 512bit encryption(this I am not sure of). But every pointsec installation has a superuser. The user is often the username of the manager of the program. If this is the version with single signon the username is most likely the one he uses in windows. This user is what you need to decrypt the harddrive.

Edit: by the way, clearing the CMOS (if that was your intension) is not a good idea, it will leave the harddrive inuseable


regret's Avatar

regret

Attack-Vector Perl
0 0

Yeah that was my thought on clearing the MBR would trigger a defensive mechanism to render the harddrive un-usable. After talking (social-engineering, whatever you wanna call it) to PointSec's tech support while posing as a certain company contact from one of their client list, I found out that by doing that, one would have to use a piece of emergency AES recovery software that will only replace the MBR with pointsec again. When questioning about the security settings that would be in place after such a recovery, they would not give out any further information unless I could give them specifics on the system's implementation of the PointSec software.

Being as they only serve corporate environments with a per user/licensing agreement, they keep very good records of their client list. I'm slowly running out of options unless I can get my hands on the PointSec Software itself to run some test myself. I am currently working on a force memory dump program to see if I can net any kind of residual security credentials from the PointSec bootloader, but it may take sometime….I've got some reading up to do on AES encryption implementations in a C++ environment.