Password Problems

I'm after a little help.

I'm visting my partner's mum, a 4 hour drive away from home for the weekend.

She is learning computers and is at the very basic steps.

I got her her computer, which is runnng XP and I left it configured so that there was no password required to log in.

At some point a password has been put onto this system and now there is no way to log in. I have physical access to the machine & I have my laptop running FC2 with me, but nothing like a knoppix CD with me.

I'm going to obtain a USB hard drive caddy so that I can gain access to the hard drive with a view to 'messing' - otherwise I am left taking it back home with me fixing & returning several weeks later.

I only have internet access via GPRS mobile phone.

Is there a passsword file I can delete which will sort this out?

Any suggestions will be greatfully received.

Steve

I am sure that you have tried but:

1. Try Blank
2. New users get confused, try the account name as the password..........I've seen that happen before ;)

Actually Steve, it would have been better if you had posted this in Addicts..........I will PM you :D

Cheers

Delete the SAM... See here ..... But back it up first.... theres a good chap.... ;)

Floppy Sized Boot Disk Password Adjuster. Have you tried putting this on to the USB and booting with the USB? A few other options are here

Yes, the password cracking floppy that MsMitts linked to is used daily by our desktop support folks. You'll need WinRawWrite to burn the image to floppy. Boot off this floppy (to a stripped Linux OS), set the Admin password to * and be SURE to write the hives back when it askes you to. Basically answer the default to all questions except the one that asks about writing the hives back over. It defaults to "N" but you have to write em back or else the password doesn't get changed (duh). After you reboot, the admin password will be blank. What does this mean? PWN3D. LOL. Good luck.

if it can access web
if it has some Vulnerability
try remote create a administrator account

Quote:

---

I'm going to obtain a USB hard drive caddy so that I can gain access to the hard drive with a view to 'messing' - otherwise I am left taking it back home with me fixing & returning several weeks later.

---

Did you install xp for her or was it pre-insalled when you aquired the pc??

I would hazard a guess that there is not a administrators password set. So you maybe able to access the pc via safe mode Administrators account.

Quote:

---

Originally posted here by Tiger Shark
Delete the SAM... See here ..... But back it up first.... theres a good chap.... ;)

---

The deleting the SAM trick worked for Windows 2000, but security accounts manager wont work if you delete the SAM in XP, then you can’t logon at all (at least when I tested it about 2 years ago).

Quote:

---

Originally posted here by Tiger Shark
Delete the SAM... See here ..... But back it up first.... theres a good chap.... ;)

---

This was just the kind of advice I was looking for....

But, it turns out my FC2 kernel didn't have ntfs compiled in & I didn't have the funds to spend hours browsing the net at mobile phone GPRS rates sorting out what I needed.

Quote:

---

Originally posted here by MsMittens
http://home.eunet.no/~pnordahl/ntpasswd/bootdisk.html"]Floppy Sized Boot Disk Password Adjuster[/url]. Have you tried putting this on to the USB and booting with the USB? A few other options are here

---

That absolutely rocks. I didn't have a usb with me but my laptop has a cd wwriter so I got the cd image & bingo.

It does exctly what it says on the tin.

Quote:

---

Originally posted here by Irongeek


The deleting the SAM trick worked for Windows 2000, but security accounts manager wont work if you delete the SAM in XP, then you can’t logon at all (at least when I tested it about 2 years ago).

---

Ahhh, so it wouldn't have worked after all.

Many, many thanks to all, not least for helping me look like a hacking ninja in front of my partner's mum.

Steve

Oh and BTW - I tried all the usual passwords that she might have used but to no avail.

I've no idea what happened to the admin account. The PW I would have used seemed not to work, but then again I might have used a different one & forgotten it <sigh>

did you try starting up the computer in safe mode and loging on in the admin account it has no password once your on all you need to do is change her password.

Irongeek if you delet the sams file i dont think it dose any thing because their is a back up sams file for recovery locates in C:\WINDOWS\REPAIR\SAM put that into the address bar at the my computer prompt and it will ask you how to open it. just so if any one wants to know this sam file is not protected like the other one this one you can open and copy it for decrepting if you want.

Deleting the SAM is an older trick. You can read about it here. The SAM in the Repair directory isn't auto-updated. It's created when the system is first created and then updated when you run rdisk /s in NT (this doesn't work in Win2K -- you have to use this method, IIRC). The file in the Repair directory, unless updated, will have the original admin password on it (that is, the one at the time of install).

Quote:

---

just so if any one wants to know this sam file is not protected like the other one this one you can open and copy it for decrepting if you want.

---

?? What do you mean? The difference under Win2K is that Syskey was enabled by default (and yes, programs like SamInside will bypass this) while under NT it wasn't (which is part of why LC was able to break it so quickly, IMO).

the sams in the repair file on winXP you can copy and open it if you want thats all i was saying.

Quote:

---

the sams in the repair file on winXP you can copy and open it if you want thats all i was saying.

---

Ah... And unless you've updated it (say through the Backup ERD tool), it will be the installation time password of the Administrator account so it could be useless in that regard. Then again, knowing how "diligent" some admins are, it may be sufficient. :D

lol yea.

One last for Steve:
I hope you remembered to put a password in, set it to never expire, and user cannot change ?

Just in case whatever / whoever did the dirty the first time, comes back.................. :D

Hmm, newbie as I am and maybe also tired after more than 12 hours at comp I still want to ask some questions regarding this thread. I hope I can get answers on every point cause I want to understand this and learn.



1. Isn't the solution to this problem the same as many of the ones I got and tested in my thread http://www.antionline.com/showthread...hreadid=262941 ?

2. Wouldn't it work with EBCD, as I've tested and told about in post #20 in above thread?

3. Why didn't starting in Safe Mode work (Built in Admin account has no pwd then) ?

4. Use NTPassword utility to creat new pwd (or is that the one used in the "Floppy Sized Boot Disk Password Adjuster.") ?

5. If EFS = Copying the SAM and System files, then using L0pht to crack it, especially if LMHash is enabled. ??



Hope for good teachers. Super noob wants to advance ;)

im not sure if xp will work this way but when you log into windows thru safe mode it does not ask for a password. then what you can do is delete any .pwd files (password files) and try logging in regularly. on my old 98 system it alsways worked. i have not used xp for very long but last time i was in safe mode i beleive it did the same. check it out and let me know if it worked or not.
Apex247

Quote:

---

1. Isn't the solution to this problem the same as many of the ones I got and tested in my thread http://www.antionline.com/showthrea...threadid=262941 ?

---

There are multiple ways to solve this. The one that I believe was used was the NT Offline Password floppy/CD. There really isn't a single answer to this but rather multiple variations on the same theme. The solution you used could have been used as well.

Quote:

---

Wouldn't it work with EBCD, as I've tested and told about in post #20 in above thread?

---

See above. The option to use a simple floppy can be helpful when in rather desperate situations (believe it or not, not everyone has a cd burner ;) )

Quote:

---

Use NTPassword utility to creat new pwd (or is that the one used in the "Floppy Sized Boot Disk Password Adjuster.")

---

Uh... what's the question? Generally if you are creating a new password you need the old password, unless you are using one of the "tools" that can by-pass this. Hrmmm.. have you clicked on the link I provided and seen what it does? Experiment with it on a "dumdum machine" (that is a machine you can scarifice in case of... "Ooops!" situations)

Quote:

---

If EFS = Copying the SAM and System files, then using L0pht to crack it, especially if LMHash is enabled. ??

---

Uh.. do you mean ERD rather than EFS? Or is there something you are referring to that you've read somewhere else? If you mean the ERD I was referring to whereby it copies the SAM to the Repair directory (much like rdisk /s did in the NT days), then yes you could grab it and then use a tool like L0phtCrack (aka LC5 and now $$$$$$$). Other tools to consider include Cain'n'Abel and/or SamInside. Now as admins we aren't doing this for malicious reasons but rather to test our users' password strength, right?

Quote:

---

im not sure if xp will work this way but when you log into windows thru safe mode it does not ask for a password. then what you can do is delete any .pwd files (password files) and try logging in regularly. on my old 98 system it alsways worked. i have not used xp for very long but last time i was in safe mode i beleive it did the same.

---

Uh... the security (or rather the lack of security) on Win98 is far different from WinXP. I'll have to experiment with the XP Safe mode (haven't used it that often) but the control userpasswords2 command (as referenced in this KB Article) might be one way to by-pass things. I'll have to experiment with a dumdum user on my WinXP box and see.

After a little experimentation and a bit of research I've discovered the following (feel rather silly as I probably should know this.. but anyways):

Windows XP Professional: since this was designed for corporate environments, the option to boot into safe-mode and thus be the administrator won't work. You'll need to know the password of the administrative account(s)

Windows XP Home: you cannot log on as an administrator in regular mode. You have to switch to safe-mode to do administrative tasks and thus, it automatically puts you into that user (ie., you don't need to log on). I haven't tested this (it's based on some research I did) as I have a WinXP Pro box. Further clarification can be had though reading Article Q290109 of the MS knowledge base.

Quote:

---

Originally posted here by -=Wayuu=-
Hmm, newbie as I am and maybe also tired after more than 12 hours at comp I still want to ask some questions regarding this thread. I hope I can get answers on every point cause I want to understand this and learn.



1. Isn't the solution to this problem the same as many of the ones I got and tested in my thread http://www.antionline.com/showthread...hreadid=262941 ?

2. Wouldn't it work with EBCD, as I've tested and told about in post #20 in above thread?

3. Why didn't starting in Safe Mode work (Built in Admin account has no pwd then) ?

4. Use NTPassword utility to creat new pwd (or is that the one used in the "Floppy Sized Boot Disk Password Adjuster.") ?

5. If EFS = Copying the SAM and System files, then using L0pht to crack it, especially if LMHash is enabled. ??



Hope for good teachers. Super noob wants to advance ;)

---

There are many ways to solve this problem, but I've never had to solve it before.

The main issue was I was not at home or at work where I have access to an array of tools. Also the only internet access I had was via a mobile phone GPRS connection and hence costly to spend time searching for the correct answer.

If I had access to my tools and an internet connection I would have easily been able to solve the problem myself, perhaps with some of the methods you mention.

However I did what many people would do:

I asked some people I trust for help and I greatfully received it

Steve

Quote:

---

Originally posted here by MsMittens
After a little experimentation and a bit of research I've discovered the following (feel rather silly as I probably should know this.. but anyways):

Windows XP Professional: since this was designed for corporate environments, the option to boot into safe-mode and thus be the administrator won't work. You'll need to know the password of the administrative account(s)

---

That explains why I couldn't get into safe mode!

Steve

Quote:

---

Originally posted here by MsMittens
Uh... what's the question? Generally if you are creating a new password you need the old password, unless you are using one of the "tools" that can by-pass this. Hrmmm.. have you clicked on the link I provided and seen what it does? Experiment with it on a "dumdum machine" (that is a machine you can scarifice in case of... "Ooops!" situations)

---

Byt the output it looks very much like EBCD. At least it does the same. Most seem to be working in about the same way and same or similar menus.
NTPassword works on a boot diskette and gives you the option to reset pwd or to change/replace the pwd (NT Hash value) for certain user (built in and non built in accounts).

Quote:

---

Uh.. do you mean ERD rather than EFS? Or is there something you are referring to that you've read somewhere else? If you mean the ERD I was referring to whereby it copies the SAM to the Repair directory (much like rdisk /s did in the NT days), then yes you could grab it and then use a tool like L0phtCrack (aka LC5 and now $$$$$$$). Other tools to consider include Cain'n'Abel and/or SamInside. Now as admins we aren't doing this for malicious reasons but rather to test our users' password strength, right?

---

No, I mean Encrypted File System (EFS). Read + viewed demo movies + tested myself :)
Since replacing or resetting a pwd on a system with EFS wont let you access any of the files you need to crack the original pwd. So you copy the SAM and the SECURITY files and crack the pwd with, say L0phtCrack. Especially easy if LM Hash is enabled.


Thx for some clarifications :)

Btw. I'm too old to like destroying others properties by hacking for evil intentions. I do, though, LOVE making it tough for hackers and wannabe hackers to access my domain/comps.
Lost passwords is a common thing among normal users, even when they use easy pwds.

Forgot.

There is also this preventive measure I found on MS site:
http://support.microsoft.com/kb/305478

Too late for Steve though.