Cracking passwords with Windows 7 is no different or more difficult than it was with Windows XP.
As a result, a lost or stolen Windows 7 laptop is no more secure than a lost or stolen Windows 2000-based system. All anyone has to do is run the Ophcrack tool to recover many, if not all, passwords. (Just make sure you have a good set of NTLM hash tables, like the ones at Free Rainbow Tables.) If Ophcrack doesn't work -- or you want to go a different route -- then try Elcomsoft System Recovery, which can crack basic passwords, reset the local administrator account and more.
In addition, weak Windows 7 passwords can be found with a vulnerability scanner, such as the one built into QualysGuard. And although you can't directly log into the Windows 7 systems with these passwords, if they allow null sessions, someone can connect to them with a tool like Winfo or NetUsers and enumerate user accounts, the local password policy and other data. This information gives crackers another leg up against systems when used with manual analysis and tools like pwdump, John the Ripper and Proactive Password Auditor.
But the fun doesn't stop at the operating system: An attacker can crack your Windows 7 passwords if you're running an ill-configured Web application or Outlook Web Access system, which often has domain-level passwords that can be used against your network. It's a double whammy when the local system and the network are at risk.
Furthermore, there are BitLocker considerations as well as all the other accessible passwords past the Windows 7 login prompt. After gaining access to your Windows 7 systems, an attacker can dig around manually or use a tool such as Elcomsoft's Proactive System Password Recovery to collect additional system passwords, including the following:
-- Cached logon passwords
-- HomeGroup passwords
-- Web browser-cached passwords
-- WPA preshared key passwords
The majority of password issues may not be the direct fault of Windows 7 but instead a problem in the implementation of the OS. Regardless, weak passwords are still among the greatest vulnerabilities in many businesses.
Therefore, with Windows 7 here to stay, it may be time to rethink password policies across the enterprise. Remember that the key is to never let your guard down -- the bad guys certainly aren't letting up.
