Win 2000 admin password, help needed - Page 2
Page 2 of 2 FirstFirst 12
Results 11 to 15 of 15

Thread: Win 2000 admin password, help needed

  1. #11
    Just a Virtualized Geek MrLinus's Avatar
    Join Date
    Sep 2001
    Location
    Redondo Beach, CA
    Posts
    7,324
    .. if I had a machine that had been that seriously compromised I would want to do a format and re-install.
    I wouldn't. I'd want to find out HOW this happened first before doing a format/re-install. Otherwise the hole still exists. And wiping may not be a solution if sensitive data is on there (and no backup or recent backup has been made). A definate task after whatever has been dealt with (access retrieved) would be to determine how this happened and prevented it from happening again (appropriate patches, upgrades, disabling floppy/CDRom, locking USB, restricting access to server/server room, etc.)

    It is wise, however, to get permission to do this activity in writing from the boss (this would be a CYA).
    Goodbye, Mittens (1992-2008). My pillow will be cold without your purring beside my head
    Extra! Extra! Get your FREE copy of Insight Newsletter||MsMittens' HomePage

  2. #12
    Senior Member
    Join Date
    Jun 2004
    Posts
    379
    well the hole could have been just leaving some one alone with the comp i mean they could have used a boot disk or even have booted off a usb stick which is even easer to hide then a cd then once they copied the sams and they syskey they may have just done what they needed. it would not be a hard thing to do but i would reformate it after you got what you need off of it because mmore then likely if they wanted somthing off of their or if they just wanted to piss or keep pising people off their is a backdoor.

  3. #13
    Super Moderator: GMT Zone nihil's Avatar
    Join Date
    Jul 2003
    Location
    United Kingdom: Bridlington
    Posts
    17,192
    MsM,

    My comments partly related to my own environment, which is physically secure..................

    However, because of previous [physical and password security] problems the admin account's password has been changed by some one who has not come forward. Formatting is out of the question...
    So here is a typical "conference room box" that is not secure, and is used for "morning messages" which I have assumed to be non-sensitive. After all if you had a machine with sensitive data on it that had been compromised, would you advertise the fact on AO?

    Not very high security I guess. In my experience, these are the boxes are the most easily compromised.

    Now, there is a big difference betweeen what you do on your own equipment, and what you do when you are going to submit a bill for your time? I guess that is what I was alluding to?

    I would clean it and secure it, because I would not have sufficient information to perform a meaningful forensic analysis (and would not be paid, anyways )

    We agree entirely on updating and locking down (and CYA ...........I liked that one, not noticed it before!)

    My only difference is that which I could reasonably expect to charge for
    If you cannot do someone any good: don't do them any harm....
    As long as you did this to one of these, the least of my little ones............you did it unto Me.
    What profiteth a man if he gains the entire World at the expense of his immortal soul?

  4. #14
    Member
    Join Date
    Aug 2004
    Posts
    95
    A good security admin. should never relent. Fight back, push the hacker out of your sys.,
    I would never format the hard disk, I will find out the password change it, trace all the rootkits or trojans or worms, identify the hacker, defeat him.

    mr.Nhili Never relent.

  5. #15
    Senior Member
    Join Date
    Jun 2004
    Posts
    379
    A good security admin. should never relent. Fight back, push the hacker out of your sys.I would never format the hard disk, I will find out the password change it, trace all the rootkits or trojans or worms, identify the hacker, defeat him.
    i am guessing that this is not a server client network this comp is on. so tracing all the rootkits would be good if they uesed any because i am guessing that they did not come in through the internet but had physical access so a rootkit would not be needed he could do it manualy because if he didn't enter from the internet their would be no roughter logs or incomming connection logs. rember this is a school many students love to try and do this kind of stuff to say they beat the system which the haven't but SK's dont know that.

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •  

 Security News

     Patches

       Security Trends

         How-To

           Buying Guides