forgotten Admin password recovery
Page 1 of 2 12 LastLast
Results 1 to 10 of 14

Thread: forgotten Admin password recovery

  1. #1
    Junior Member
    Join Date
    Apr 2002
    Posts
    21

    forgotten Admin password recovery

    Before I get flamed...

    I am a student in a network security program. I am a *N*X user.
    This in fact is being posted from galeon Red Hat 7.3 for those who care.

    We were discussing password policies during a class on OS security. We were discussing how difficult they should be to remember. As if it's to hard people will write them down, circumventing the policy itself. Then we discussed storing passwd
    ords in safes etc. Then the topic of forgotton passwords came up... Users are easy, the admins or roots can take care of it.

    As a *N*X user I know a means or two of getting around root. But I don't know jack about how windows works. My prof says NT and up use 128 bit encryption on passwords. That would be a b8tch to crack by brute force. If I knew where the Admin pass was stored could I erase it and leave a blank? Does M$ have a tool they sell with a server kit that can take care of it?

    can anyone poitn me in a direction? Really I'd like to take an answer back to my prof.
    In the breifest flash I once understood the concept of randomness as a reflex. My question,\"Is it voluntary?\"
    5amYan
    --last line--<4.6692016090

  2. #2
    Senior Member
    Join Date
    Sep 2001
    Posts
    1,027
    There have been previous threads about admin pass recovery, but briefly:
    win NT/2k passes are stored in the sam, they can be reset using special linux boot disks for example...

    Ammo
    Credit travels up, blame travels down -- The Boss

  3. #3
    Junior Member
    Join Date
    Apr 2002
    Posts
    1
    Here is the link to the linux boot disk that will reset Admin passwords on NT/2K (Not sure about XP) I have used this on NT4.0 Workstation - works great!

    http://home.eunet.no/~pnordahl/ntpasswd/bootdisk.html

  4. #4
    Junior Member
    Join Date
    Jun 2002
    Posts
    2
    If you can use the Run option in start menu (Start/Run) and type REGEDIT to edit the registery - finding the computers access control and change the password through there - but then again linux boot disks are the best option, and I dont know much anyway, I've never taken classes or anything like that...
    h3iki

  5. #5
    Other than the above, the only other obvious answer is brute force... Such as lophts software or brutus...
    WE ARE the anti cancer...
    WE ARE the only answer...
    email

  6. #6
    Member
    Join Date
    Oct 2001
    Posts
    64
    Those boot disk work great do bother with any thing else it will just interrogate the sam and print out a nice list on the screen of names and passwords on the machine
    -=Legacy Boy=-

    -= You mean there is stuff better then DOS? =-

  7. #7
    Senior Member
    Join Date
    Oct 2001
    Posts
    748
    Originally posted here by h3iki
    If you can use the Run option in start menu (Start/Run) and type REGEDIT to edit the registery - finding the computers access control and change the password through there - but then again linux boot disks are the best option, and I dont know much anyway, I've never taken classes or anything like that...
    I've never seen anyway to change a password through editing the registry. The password information is not in the Registry, two totally different databases. Also, if you can get into the registry and make changes, that would also mean that you have administrative level access already. Linux boot disks are the only way I know of to "change" an administrative password.

  8. #8
    Senior Member
    Join Date
    Mar 2002
    Posts
    238
    There is a tool called NTrecover don't know if that will help you... I never used it, but I do hope this helps
    -{[ Joe ]}- (Joe@nitesecurity.com)
    http://www.nitesecurity.com

    [shadow]I\'m Just A Soldier In This War Against Ignorance.[/shadow]

  9. #9
    Originally posted here by thoth
    Here is the link to the linux boot disk that will reset Admin passwords on NT/2K (Not sure about XP) I have used this on NT4.0 Workstation - works great!

    http://home.eunet.no/~pnordahl/ntpasswd/bootdisk.html
    I just made this disk and tried it on my XP Pro box. It's QUITE effective and VERY dangerous in the wrong hands lock down that boot access sysadims before you get screwed.

  10. #10
    Junior Member
    Join Date
    Jun 2002
    Posts
    3
    You want to be careful though if you are using a SCSI controller and running NTFS because some of those bootdisks won't write the sam back properly. You can also use a tool called NTFSDos Pro from sysinternals to read/write NTFS from DOS.

    If you are running a FAT file system, there is an easy way to recover passwords. All you need to do is boot to a DOS disk and rename the logon.scr screensaver to logon.bak. Then copy cmd.exe to logon.scr. Boot up and wait for the logon screensaver to come on. You will then get a command prompt instead. Your next question is probably "What account is the command prompt running as?" It's running as SYSTEM. When the command prompt comes up, just type "explorer" and the desktop will come up. If you run the resource kit tool "whoami", it will tell you that you are logged on as SYSTEM. If you are on NT, you can run musrmgr and change the passwords that you need.

    The logging on as SYSTEM part works with Windows 2000 and Windows XP, but I don't think that you can change passwords with w2k because SYSTEM isn't a privaleged account.

    .-=Ken=-.

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •