Hey guys My teacher showed me a program called Nt Offline Passwd Cracker from http://home.eunet.no/~pnordahl/ntpasswd/bootdisk.html. I was wondering is there anyway to block this besides a bios password.
Printable View
Hey guys My teacher showed me a program called Nt Offline Passwd Cracker from http://home.eunet.no/~pnordahl/ntpasswd/bootdisk.html. I was wondering is there anyway to block this besides a bios password.
I couldn't get to the site so I'm not sure what the program does but here's a great resource on how to secure all types of servers.
http://www.antionline.com/tutorials/?c=7
If a person has phisical access to the box and is malicious, you already lose.
That is why phisical security is just as important as digital security.
Well, as XTC46 correctly observes, if someone has physical access you are doomed That is why servers are generally kept behind locked doors.
Here is an interesting site on the subject:
http://www.petri.co.il/reset_domain_...ws_2000_ad.htm
I would point out the distinction between "cracking" a password and "re-setting" it. If a malicious individual re-sets a password, they advertise their intrusion.
:)
dittoQuote:
There actually is a way to block this. I'm not up to speed on how but rest assured that it is possible. I witnessed a friend try it at our local library and when he rebooted the system The disk didnt have any effect? I think it may have something to do with disk partitioning.
If it was in a library, the most likely method is to physically disconnect the drive. Otherwise go into the BIOS and remove the floppy from the boot sequence..............you would have to password protect the BIOS for that to be effective.
:)
Treanglin:
With physical access to the computer there is _no_ way to block the attacker. Everything you want to try to stop them is easily circumvented.... Remember, all he has to do is remove the HD, place it in a different system and boot to his own OS. Your HD is now his to do with what he wishes and his wishes probably don't equal your dreams..... ;)
or if he is purley after destruction... a baseball bat will work fine.
Okay guys thanks very much for all the info. I kinda suspected that there was no way to stop it but I thought I would ask anyways
http://home.eunet.no/~pnordahl/ntpasswd/bootdisk.html
Geez. How difficult is it to remove that final period?
This particular tool is one I use in class when students forget their password or it gets changed during wargames. It's pretty good and I like the fact that it works off of a floppy (yes, those things still exist). If you look you'll see instructions on how to remove a password for an AD as well as AD using Win2003. :D
I agree with the second reply. Without physical security there really is no security.
What if your drive is encrypted? Check out loop-AES or some other data protection encryption. There are ways to ensure that even if your drive is stolen and hooked up to another machine, that the data is protected.Quote:
Originally posted here by Tiger Shark
Treanglin:
With physical access to the computer there is _no_ way to block the attacker. Everything you want to try to stop them is easily circumvented.... Remember, all he has to do is remove the HD, place it in a different system and boot to his own OS. Your HD is now his to do with what he wishes and his wishes probably don't equal your dreams..... ;)
There's ways of stopping people with physical access. This place is very narrow minded.
Yes, although there are many ways to ecrypt your data there is always the thought that the encryption was created by a program and at the same time can be decrypted.
As for being narrow minded, I would check my attitude at the login prompt I have found some of the most useful and thought provoking information on here from the majority of the "old schoolers."
WITHOUT PHYSICAL SECURITY THERE IS NO SECURITY!!!!!!!!!
- MilitantEidolon
You go decrypt AES or PGP without my key and get back to me on that. With a combination or encryption and monitoring it is easily possible to control physical access.
You sure you feel secure with that? Let me ask you would you be willing to put you life on the line for that statement? I don't just mean physically I mean everything to where I would physically own you and everything you ever had/have including family. (This is something my boss would ask me when I would plan for a new security level and people wonder why I am no longer working for her.)
This is when three armed/masked men pull up in black Suburban hop out run in house grab computer (and some cookies from the cookie jar sitting on top the fridge) continue backing out slowly. They proceed to exit the house lay the computer down on the ground and put about 700 rounds in to the computer... Where is your physical security now...!!!! buuuyyaaa!!
- MilitantEidolon
Okay if they want my box that bad they can have it just dont touch my cookies or else.Quote:
This is when three armed/masked men pull up in black Suburban hop out run in house grab computer (and some cookies from the cookie jar sitting on top the fridge) continue backing out slowly. They proceed to exit the house lay the computer down on the ground and put about 700 rounds in to the computer... Where is your physical security now...!!!! buuuyyaaa!!
- MilitantEidolon [/B]
To call it "NT offline password cracker" is a bit unfair.
It is NOT a cracker and cannot be used to crack passwords. It's simply a utility that allows someone with physical access (presumably legitimately) to reset the Administrator and other passwords.
I have used it on several occasions, for legitimate "data recovery", i.e. someone hands me an old Windows box that nobody seems to know the password for, and wants some data off it.
It's not some sort of l3337 0-DaY Bl4ckH4t T00lz :)
Slarty
Slarty is correct, it has nothing to do with "cracking" it is about obtaining control of the operating system, and hence, the computer.............................and I have never heard of anyone who encrypted their operating system and got their computer to reboot :D
Encryption is for data: physical security needs to be provided physically.
:)
I know that it is not a "cracker" per say, it was just easier than saying "nt offline password reset tool"
Hrmm.. Perhaps if you called it by it's proper name (as given by the author) -- Offline NT Password & Registry Editor -- that might help.