Password Problems

[MrLinus]

Deleting the SAM is an older trick. You can read about it here. The SAM in the Repair directory isn't auto-updated. It's created when the system is first created and then updated when you run rdisk /s in NT (this doesn't work in Win2K -- you have to use this method, IIRC). The file in the Repair directory, unless updated, will have the original admin password on it (that is, the one at the time of install).

just so if any one wants to know this sam file is not protected like the other one this one you can open and copy it for decrepting if you want.

?? What do you mean? The difference under Win2K is that Syskey was enabled by default (and yes, programs like SamInside will bypass this) while under NT it wasn't (which is part of why LC was able to break it so quickly, IMO).

[Riot]

the sams in the repair file on winXP you can copy and open it if you want thats all i was saying.

[MrLinus]

the sams in the repair file on winXP you can copy and open it if you want thats all i was saying.

Ah... And unless you've updated it (say through the Backup ERD tool), it will be the installation time password of the Administrator account so it could be useless in that regard. Then again, knowing how "diligent" some admins are, it may be sufficient.

[Riot]

lol yea.

[foxyloxley]

One last for Steve:
I hope you remembered to put a password in, set it to never expire, and user cannot change ?

Just in case whatever / whoever did the dirty the first time, comes back..................

[-=Wayuu=-]

Hmm, newbie as I am and maybe also tired after more than 12 hours at comp I still want to ask some questions regarding this thread. I hope I can get answers on every point cause I want to understand this and learn.



1. Isn't the solution to this problem the same as many of the ones I got and tested in my thread http://www.antionline.com/showthread...hreadid=262941 ?

2. Wouldn't it work with EBCD, as I've tested and told about in post #20 in above thread?

3. Why didn't starting in Safe Mode work (Built in Admin account has no pwd then) ?

4. Use NTPassword utility to creat new pwd (or is that the one used in the "Floppy Sized Boot Disk Password Adjuster.") ?

5. If EFS = Copying the SAM and System files, then using L0pht to crack it, especially if LMHash is enabled. ??



Hope for good teachers. Super noob wants to advance

[Apex247]

im not sure if xp will work this way but when you log into windows thru safe mode it does not ask for a password. then what you can do is delete any .pwd files (password files) and try logging in regularly. on my old 98 system it alsways worked. i have not used xp for very long but last time i was in safe mode i beleive it did the same. check it out and let me know if it worked or not.
Apex247

[MrLinus]

1. Isn't the solution to this problem the same as many of the ones I got and tested in my thread http://www.antionline.com/showthrea...threadid=262941 ?

There are multiple ways to solve this. The one that I believe was used was the NT Offline Password floppy/CD. There really isn't a single answer to this but rather multiple variations on the same theme. The solution you used could have been used as well.

Wouldn't it work with EBCD, as I've tested and told about in post #20 in above thread?

See above. The option to use a simple floppy can be helpful when in rather desperate situations (believe it or not, not everyone has a cd burner )

Use NTPassword utility to creat new pwd (or is that the one used in the "Floppy Sized Boot Disk Password Adjuster.")

Uh... what's the question? Generally if you are creating a new password you need the old password, unless you are using one of the "tools" that can by-pass this. Hrmmm.. have you clicked on the link I provided and seen what it does? Experiment with it on a "dumdum machine" (that is a machine you can scarifice in case of... "Ooops!" situations)

If EFS = Copying the SAM and System files, then using L0pht to crack it, especially if LMHash is enabled. ??

Uh.. do you mean ERD rather than EFS? Or is there something you are referring to that you've read somewhere else? If you mean the ERD I was referring to whereby it copies the SAM to the Repair directory (much like rdisk /s did in the NT days), then yes you could grab it and then use a tool like L0phtCrack (aka LC5 and now $$$$$$$). Other tools to consider include Cain'n'Abel and/or SamInside. Now as admins we aren't doing this for malicious reasons but rather to test our users' password strength, right?

im not sure if xp will work this way but when you log into windows thru safe mode it does not ask for a password. then what you can do is delete any .pwd files (password files) and try logging in regularly. on my old 98 system it alsways worked. i have not used xp for very long but last time i was in safe mode i beleive it did the same.

Uh... the security (or rather the lack of security) on Win98 is far different from WinXP. I'll have to experiment with the XP Safe mode (haven't used it that often) but the control userpasswords2 command (as referenced in this KB Article) might be one way to by-pass things. I'll have to experiment with a dumdum user on my WinXP box and see.

[MrLinus]

After a little experimentation and a bit of research I've discovered the following (feel rather silly as I probably should know this.. but anyways):

Windows XP Professional: since this was designed for corporate environments, the option to boot into safe-mode and thus be the administrator won't work. You'll need to know the password of the administrative account(s)

Windows XP Home: you cannot log on as an administrator in regular mode. You have to switch to safe-mode to do administrative tasks and thus, it automatically puts you into that user (ie., you don't need to log on). I haven't tested this (it's based on some research I did) as I have a WinXP Pro box. Further clarification can be had though reading Article Q290109 of the MS knowledge base.

[steve.milner]

Originally posted here by -=Wayuu=-
Hmm, newbie as I am and maybe also tired after more than 12 hours at comp I still want to ask some questions regarding this thread. I hope I can get answers on every point cause I want to understand this and learn.



1. Isn't the solution to this problem the same as many of the ones I got and tested in my thread http://www.antionline.com/showthread...hreadid=262941 ?

2. Wouldn't it work with EBCD, as I've tested and told about in post #20 in above thread?

3. Why didn't starting in Safe Mode work (Built in Admin account has no pwd then) ?

4. Use NTPassword utility to creat new pwd (or is that the one used in the "Floppy Sized Boot Disk Password Adjuster.") ?

5. If EFS = Copying the SAM and System files, then using L0pht to crack it, especially if LMHash is enabled. ??



Hope for good teachers. Super noob wants to advance

There are many ways to solve this problem, but I've never had to solve it before.

The main issue was I was not at home or at work where I have access to an array of tools. Also the only internet access I had was via a mobile phone GPRS connection and hence costly to spend time searching for the correct answer.

If I had access to my tools and an internet connection I would have easily been able to solve the problem myself, perhaps with some of the methods you mention.

However I did what many people would do:

I asked some people I trust for help and I greatfully received it

Steve