|
-
June 14th, 2002, 06:11 AM
#1
Junior Member
forgotten Admin password recovery
Before I get flamed...
I am a student in a network security program. I am a *N*X user.
This in fact is being posted from galeon Red Hat 7.3 for those who care.
We were discussing password policies during a class on OS security. We were discussing how difficult they should be to remember. As if it's to hard people will write them down, circumventing the policy itself. Then we discussed storing passwd
ords in safes etc. Then the topic of forgotton passwords came up... Users are easy, the admins or roots can take care of it.
As a *N*X user I know a means or two of getting around root. But I don't know jack about how windows works. My prof says NT and up use 128 bit encryption on passwords. That would be a b8tch to crack by brute force. If I knew where the Admin pass was stored could I erase it and leave a blank? Does M$ have a tool they sell with a server kit that can take care of it?
can anyone poitn me in a direction? Really I'd like to take an answer back to my prof.
In the breifest flash I once understood the concept of randomness as a reflex. My question,\"Is it voluntary?\"
5amYan
--last line--<4.6692016090
-
June 14th, 2002, 06:20 AM
#2
There have been previous threads about admin pass recovery, but briefly:
win NT/2k passes are stored in the sam, they can be reset using special linux boot disks for example...
Ammo
Credit travels up, blame travels down -- The Boss
-
June 18th, 2002, 04:37 PM
#3
Junior Member
Here is the link to the linux boot disk that will reset Admin passwords on NT/2K (Not sure about XP) I have used this on NT4.0 Workstation - works great!
http://home.eunet.no/~pnordahl/ntpasswd/bootdisk.html
-
June 18th, 2002, 04:54 PM
#4
Junior Member
If you can use the Run option in start menu (Start/Run) and type REGEDIT to edit the registery - finding the computers access control and change the password through there - but then again linux boot disks are the best option, and I dont know much anyway, I've never taken classes or anything like that...
-
June 19th, 2002, 10:12 AM
#5
Member
Other than the above, the only other obvious answer is brute force... Such as lophts software or brutus...
WE ARE the anti cancer...
WE ARE the only answer...
email
-
June 19th, 2002, 02:27 PM
#6
Member
Those boot disk work great do bother with any thing else it will just interrogate the sam and print out a nice list on the screen of names and passwords on the machine 
-=Legacy Boy=-
-= You mean there is stuff better then DOS? =-
-
June 19th, 2002, 04:33 PM
#7
Originally posted here by h3iki
If you can use the Run option in start menu (Start/Run) and type REGEDIT to edit the registery - finding the computers access control and change the password through there - but then again linux boot disks are the best option, and I dont know much anyway, I've never taken classes or anything like that...
I've never seen anyway to change a password through editing the registry. The password information is not in the Registry, two totally different databases. Also, if you can get into the registry and make changes, that would also mean that you have administrative level access already. Linux boot disks are the only way I know of to "change" an administrative password.
-
June 19th, 2002, 04:35 PM
#8
There is a tool called NTrecover don't know if that will help you... I never used it, but I do hope this helps 
-{[ Joe ]}- ( [email protected])
http://www.nitesecurity.com
[shadow]I\'m Just A Soldier In This War Against Ignorance.[/shadow]
-
June 19th, 2002, 05:08 PM
#9
I just made this disk and tried it on my XP Pro box. It's QUITE effective and VERY dangerous in the wrong hands lock down that boot access sysadims before you get screwed.
-
June 19th, 2002, 05:28 PM
#10
Junior Member
You want to be careful though if you are using a SCSI controller and running NTFS because some of those bootdisks won't write the sam back properly. You can also use a tool called NTFSDos Pro from sysinternals to read/write NTFS from DOS.
If you are running a FAT file system, there is an easy way to recover passwords. All you need to do is boot to a DOS disk and rename the logon.scr screensaver to logon.bak. Then copy cmd.exe to logon.scr. Boot up and wait for the logon screensaver to come on. You will then get a command prompt instead. Your next question is probably "What account is the command prompt running as?" It's running as SYSTEM. When the command prompt comes up, just type "explorer" and the desktop will come up. If you run the resource kit tool "whoami", it will tell you that you are logged on as SYSTEM. If you are on NT, you can run musrmgr and change the passwords that you need.
The logging on as SYSTEM part works with Windows 2000 and Windows XP, but I don't think that you can change passwords with w2k because SYSTEM isn't a privaleged account.
.-=Ken=-.
Posting Permissions
- You may not post new threads
- You may not post replies
- You may not post attachments
- You may not edit your posts
-
Forum Rules
|
|
Reply With Quote