Tutorial: Windows Password Recovery

Quote:

---

there are ways to get the password for a system in a domain, but those include hacking the DC and i don't think it would be such a good thing to explain how to do that!

---

Actually, it's not as hard as you think. The link I provided has a really scary but easy way to change the admin pass in an ADS. And, IMO, I don't think there really is one standard that is the most common scenario. What I often see is hodge-podge setups and praying that it doesn't fall to pieces.

Quote:

---

it's in an admins best interests to mitigate any holes, last time i checked!!!

---

Oh. Certainly. But let's not kid ourselves and assume that admins are doing this. There are lots of admins that don't check password strength and barely give themselves a decent password. I've actually run into an admin who's password for his Lotus Notes ID was still the default (the default was "password+username"). This is going on right now. Regardless of how secure MS or anyone else makes it, the human element will always be the way into a system.

As i suppose that we are discussing "legit" admin activities and not cracking actitivies, i cant see a problem talking about how to recover dc admin password. And by the way, isnt uncommon to loose it.
I would like to know how to "recover" in a direct way dc admin password.
Currently, the only way i know (and doesnt work on Win 2003) is
- recover local admin password (if i lost too)
- boot on recover domain mode, using local admin password and changing screen saver
- get acess to mmc and change dc admin pw

ive been told a way on 2003 but it didnt work.

Ive did that sometimes (called by companies that dumbass admin lost both passwords)

I wont post complete walkthru here except if Senior members allow me to do so.

i know at my university, the admins keep the passwords ina safe, so there is no way to lose them, furthermore, there are appx. 8 different ppl with domain admin access so no matter what we never lose a domain password, HOWEVER, this method still might work on a DC as long as you are able to get the domain password file... only problem is i am not sure where this is -- can anyone help with this?

Active directory

**edit** the LDAP database

Just learning about this now.sorry can expand anymore

i guess i knew that much, but i am wondering what the file is where it is stored.... is it still the SAM, or is it something else?

they're in the ntds.dit, there are also a number of internlized ways to provide redundant access to passwords. although some form of discretion must be accounted for.

http://droby10.addr.com/utility/passcap/MSAUTH.gif
http://droby10.addr.com/utility/passcap/PassCap_1-0.zip

i've been looking for a way to crack my NT Server, because i lost his adminitrator password. This is a server that i don't touch for some time so i forgot the password.
I have the Austrumi software, and its very good to reset administrator password, but unfortunately i don't have scsi drivers so that he can load the hard-drives. So i have downloaded some, and place them on a floppy inside a "scsi" folder, but he can't load them, or the drivers don't work, or the must be zipped.
I have downloaded drivers for linux, since Austrumi is a linux boot disk.
The hardware is LSI Logic Corp. LSILogic 53C1010-33

Anyone have any idea what could i be doing wrong here?
Thanks

You should have posted a new thread for this question........
as the last post was over a YEAR ago
you've been here long enough now :(

So delete this post
and start a new one please

[edit]
If you HAVE to have this thread involved, then link to it :?:

I went to the link that MsMittens linked to:
http://home.eunet.no/~pnordahl/ntpasswd/bootdisk.html
as I have been looking for a half decent tool such as this ever since I lost my USB sitck that had my 'tool kit' on.

I tried it out on my own laptop first, and buggered my admin password up!

I tried resetting it to my AO password - qwerty123 - just to see if it would work. It didnt, it remained unchanged. Sooo then I tried to reset it to a blank password using the * switch - and now it wont accept anything!

Great!

Soo - anyone recommend a different good preferably free, utility to reset my resetted admin password?

Thanks!

use this
http://cyti.latgola.lv/ruuni/index_en.html

Very good tool and its free.
TIP don't try with austrumi to change the administrator password, sometimes it doesn't work, try to put it null.
just reset it, and when you reboot you only have to press Enter. Then you can change :P