redttps

Bitlocker Recovery Key without admin privileges

Description

BitLocker is a full disk encryption feature included with certain editions of Microsoft Windows (like Pro and Enterprise). It encrypts the entire drive to help protect your data from unauthorized access if your computer is lost, stolen, or decommissioned.


Steps

  1. Imagine a scenario where you have physical access to a computer as an unprivileged user with Bitlocker enabled. In theory you cannot see the Bitlocker key since you are not an administrator
  2. If the user is logged into microsoft or you are logged into https://myaccount.microsoft.com/device-list or /devices you can find the Bitlocker recovery key
  3. Finally you can load a WinPE and remove the admin password and escalate privileges