i was waiting for so long to try this script, now i have a pin secured laptop in front of me and it seems to be a little bit different
this is the setup right now
ist there a possibility to circumvent the pin and instead use the pass? given the SIDs and folderstructure there is only this one user account
the input window tells PIN but there is no arrow or anything else, it also only accepts digits and does an autoenter after 4 or 5 digits
for me it doesnt matter, i can do my research with the plain data but maybe you are interested in this one dataset?
FAST EDIT: question, the missing pinguid, how should the guid look like as your script accepts the folderstructure or the pinguid
this is the setup right now
- i was able to get an image of the onboard mmc storage, not encrypted so
- extracted the ntlm hash with mimi, hash was fast cracked (it is a simple password (wordnumberword)), so first of all i was happy
- booting and the laptop tells me plz provide the pin -> okay???
- extracted the desired folders and tried the script
- error GUID file (2.dat) missing -> well okay saw the info regarding TPM with 15.dat
- BUT i have the 15.dat which should be missing if TPM is used? (the laptop seems to have a tpm chip, but i cannot really tell from bios whether it is activated or not due to secure boot disabled and no keys available
- BUT also 1.dat tells MS Platform Crypto Provider so it should be activated?
ist there a possibility to circumvent the pin and instead use the pass? given the SIDs and folderstructure there is only this one user account
the input window tells PIN but there is no arrow or anything else, it also only accepts digits and does an autoenter after 4 or 5 digits
for me it doesnt matter, i can do my research with the plain data but maybe you are interested in this one dataset?
FAST EDIT: question, the missing pinguid, how should the guid look like as your script accepts the folderstructure or the pinguid