1st make sure that Bitlocker is used with a TPM at all (in transparent mode or with PIN entry). If it is not, but you use a Bitlocker password, becoming admin is easy: you may mount the drive offline from a booted windows setup and its command line with manage-bde.exe and modify its registry - in that case, please ask for details. But if a TPM is being used, which I assume, you would need to abuse an unpatched security wholehole in order to gain admin privileges and then you will not only be able to retrieve the recovery key or Bitlocker, but modify the admin group membership as well. If you don't find such a hole, you would need to do so-called TPM-sniffing or perform a cold-boot-attack against the Bitlocker key.
Bernd Schwanenmeister
- 351
- 1
- 5