Results 1 to 10 of 10

Thread: John Cracked Sam File - Unknown Users?

  1. #1
    Junior Member
    Join Date
    Jun 2012
    Posts
    6

    John Cracked Sam File - Unknown Users?

    Just cracked my XP password file, and was shocked at how quick it was. Admin almost immediately.

    But I don't understand a couple of the accounts.

    Now Administrator is obvious. But when I go to ControlPanel|Users it does not show Administrator. Is this because nothing about that account can be changed? (I am from the Linux world)

    I am seeing Guest, and John says no password, and Users says the account is disabled. But I want to delete the account and XP won't let me. Why?

    Then John finds another account that seems to be invisible: HelpAssistant. It has a long complex password, but WTH is it and why doesn't it show in Users?

    Another invisible account is SUPPORT_388945a0, with NO password. What is this? This is disturbing.

    And finally there is my user account. In Users it is showing as having admin privileges, but when I try to change my account type "Limited" is grayed out. How can I change my account type?

    Do I have to edit the registry with the system shut down to do the things I want?

  2. #2
    Senior Member nihil's Avatar
    Join Date
    Jul 2003
    Location
    United Kingdom: Bridlington
    Posts
    17,188
    OK, as far as I am aware in Windows XP:

    1. The "Administrator" account is a Windows internal account. It shows up when you boot into safe mode, and I believe that the default password is blank?. I don't think that you can access it other than through safe mode.

    2. The "Guest" account doesn't have a password, and I don't believe that you can delete it, only disable it. If you want a password protected account, you need to create your own limited user account. I believe that "guest" is intended for public lookup type computers like in hospitals, libraries and such.

    3. I think that the other two accounts are something to do with remote assistance? If there is no password I guess that it has to run as System rather than administrator.

    4. Windows wants one user account with admin privileges. Try creating another admin account and then you should be able to change your account from that. Basically, Windows has stopped you shooting yourself in the foot
    Last edited by nihil; June 22nd, 2012 at 09:38 PM.

  3. #3
    Junior Member
    Join Date
    Jun 2012
    Posts
    6
    I'm seeing at least two accounts in the SAM file that are unexplained. I try to log in to them directly with the known passwords, and it won't let me. Wish someone knew what they are.

  4. #4
    Senior Member nihil's Avatar
    Join Date
    Jul 2003
    Location
    United Kingdom: Bridlington
    Posts
    17,188
    OK mate, please get this tool and run it (FREE for private use )

    http://www.belarc.com/free_download.html

    The user accounts are down the left hand side, and are split into local user (your ones) and System.

    Help Assistant is like I said: the Microsoft Remote Desktop Help Assistant Account.

    Also like I said, SUPPORT_388945a0 is Microsoft's support account, as in 1, Microsoft Way, Redmond, WA. [Better tape up your 3.5" floppy drive or Steve Balmer will sneak out, raid your 'fridge and drink your beer!]

    If you have UpdatusUser then you have NVIDIA's automatic updates installed.

    ASPNET is the asp.net machine account. It only has "guest" as does the MS (Redmond) support account.

    Anything else?.............. you may well have a problem.

    Whilst you are using Belarc Advisor, scroll down and check that your Windows updates have installed correctly

  5. #5
    Junior Member
    Join Date
    Jun 2012
    Posts
    6
    You were clearly uncertain in your original response, and so I appealed to anyone else who may know for sure.

    Quote Originally Posted by nihil View Post
    [Better tape up your 3.5" floppy drive or Steve Balmer will sneak out, raid your 'fridge and drink your beer!]
    And this condescending attitude indicates that you know little of what is possible. Right, I know little about Winduhs; because I've run Linux exclusively for 14 years.

    Not a friendly place.
    Last edited by Quantumstate; June 24th, 2012 at 04:07 PM.

  6. #6
    Senior Member nihil's Avatar
    Join Date
    Jul 2003
    Location
    United Kingdom: Bridlington
    Posts
    17,188
    You were clearly uncertain in your original response, and so I appealed to anyone else who may know for sure.
    Yeah, just like the good little TROLL that you are. I may not have sounded certain...............that means I was only 99.99% certain....................... like I wasn't booting an 11 year old OS at the time and I have been using and supporting that OS for that long.

    And this condescending attitude indicates that you know little of what is possible.
    I really don't know where to send you to find a sense of humour.

    Right, I know little about Winduhs; because I've run Linux exclusively for 14 years.
    Well now, perhaps you should just go back there then; but I would recommend not using an 11 year old distro I think that Ubuntu would suit you just fine.

    Also you don't even know how to spell the name of the OS...... it's "Windows"..............and I am 100%+ certain of that.

    Not a friendly place.
    Yeah, maybe we should post a TROLL hazard warning?

  7. #7
    Friend of Site Staff
    Join Date
    May 2012
    Posts
    389
    Quantumstate, he did real good dodging the AUP (Acceptable Use Policy).
    You will not violate any laws nor to discuss illegal activities.
    http://www.antionline.com/aup.html

  8. #8
    Junior Member
    Join Date
    Jun 2012
    Posts
    6
    Not dodging anything SuperMod. CEH/CNDA here, cracking my own files trying to learn something about WinDUHS.

    Turns out it's a piece of cherry pie.

    But I see now why everyone ran off...
    Last edited by Quantumstate; June 24th, 2012 at 11:20 PM.

  9. #9
    Senior Member nihil's Avatar
    Join Date
    Jul 2003
    Location
    United Kingdom: Bridlington
    Posts
    17,188
    Only a moronic little linux fanboi would try to use John the Ripper on an XP machine that they had full physical control over. Why waste good drinking time?

    Cognoscenti would just tap the F8 key, boot into safe mode, and use the automagically appearing system administrator account, which has a blank password unless you set one

    We don't run away..............Trolls do.

  10. #10
    Senior Member faust's Avatar
    Join Date
    Oct 2001
    Location
    Chicagoland/Murphysboro
    Posts
    105
    http://pogostick.net/~pnh/ntpasswd/
    Offline nt password and registry editor. this will let you get all the info on those pesky accounts.

    cant we get along? This tool from the past can help both sides.
    1. This thing is ANCIENT and works fine.
    2. I just reset a win 7 admin password

    I concure, why waste time John forcing a local machine unless you're building rainbow tables...

    Xp Pro has an Administrator account with a password you have to set. Xp Home has a blank administrator password. (No one said Pro/Home 2002?) Just like in 2k pro if you set the admin password in setup, it was stored clear text. Side tracked...

    Quantumstate, check out that site, make a boot cd and maybe it will help you make sense. Peace to all.
    The gene pool has no life guard!

Similar Threads

  1. 4 steps to making your computer immortal online.
    By ali1 in forum The Security Tutorials Forum
    Replies: 27
    Last Post: January 1st, 2004, 11:59 AM
  2. *nix small lesson
    By sweet_angel in forum Other Tutorials Forum
    Replies: 0
    Last Post: November 7th, 2002, 01:19 AM
  3. Black Wolf's Guide to Memory Resident Viruses.
    By ahmedmamuda in forum AntiVirus Discussions
    Replies: 2
    Last Post: March 20th, 2002, 02:03 AM
  4. Batch File Tut
    By Badassatchu in forum Non-Security Archives
    Replies: 1
    Last Post: November 23rd, 2001, 11:13 PM

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •