Slashdot Mirror

change the admin password

Ho-hum. Let's you change any password of any user to anything (for instance, blank out the Administrator password) and many other things. It's nice to have, especially at work (and I suppose especially when you're not an actual administrator ;-) ).

Okay, so I don't know what you'd do about the encrypted hard drive, but who knows, it may be possible if the encryption is weak enough (you just know that there's someone out there who can break it, or it wouldn't be there).

You don't really need to crack the password. There is a boot tool that overwrites the SAM with whatever password you want.

There is a difference - a boss might feel comfortable knowing that you can reset a password if the Admin quits, but might not like the idea that you have some sort of hacking tool that lets you decipher the password, since many bosses use the same passwords for everything from NT logins to online banking.

Go here and use their nt password recovery tool. Click here for the floppy boot disk or click here for the cd boot image (only 2.0 mb)

This works well on Win2k machines and WinXp boxes with sp 3 and 1 respectively as well as the native installs.

cheers!

Go here and use their nt password recovery tool. Click here for the floppy boot disk or click here for the cd boot image (only 2.0 mb)

This works well on Win2k machines and WinXp boxes with sp 3 and 1 respectively as well as the native installs.

cheers!

Go here and use their nt password recovery tool. Click here for the floppy boot disk or click here for the cd boot image (only 2.0 mb)

This works well on Win2k machines and WinXp boxes with sp 3 and 1 respectively as well as the native installs.

cheers!

Is there a way that I could have recovered/changed my admin password knowing that I had the original Win XP install CD and I could log-in to the box with a limited access user id that wouldn't allow me to change admin password or install anything that needed admin rights??

Yes.

I always thought there was something wrong with Microsofts password "encryption." Now it's confirmed.

Why bother cracking NT (and Win2K/XP) passwords when you can just overwrite them? Boot from this floppy and you can change any local password (including the administrator). It's been useful on more than one occasion at work...when somebody quits or is fired, I can go in and retrieve everything in just a few minutes.

That they're nearly as trivial to crack is somewhat disturbing...but given the ready availability of the password changer, it doesn't make Windows significantly less secure than it already is (hell, it can't get much less secure).

No one can boot Knoppix and overwrite your SAM - they can format the drive, but they can't CHANGE your system (presuming then, that you could always restore your data).

Yeah, Whatever. Do a little research. S-b-O is for lamers.

chntpw Yes, and it is crap.

Can they handle changing a win nt/2000/XP password?
I'd venture a quick guess and say that forgotton admin passwords are on of the top reasons why "expert" intervention is needed.

If not, the tools are there and could be easily incorporated in either of these two packages, but until this happens, there's Offline NT Password & Registry Editor, Bootdisk to help.

and Offline NT Password & Reg Editor to reset those pesky Windows NT/2K/XP admin passwords.

Please note this may be a waste of space as I'd imagine most Wintel machines have the admin passwords taped under the keyboard.

If you work in tech support for Windows users, you know how easy it appearantly is to forget all your passwords (christ). Or render your harddisk permanently unbootable. So..

This Windows NT password & registry editor bootdisk (linux based) is essential.

Knoppix rules. Boot it up. Recover files from ntfs partition, smbmount the users homedirectory. Voila.

Also, since evey time you need a Win98 bootdisk, you think will be the last time you'll ever need one.. bootdisk.com will come in handy.

The first thing I try to keep is a list of how to clear the BIOS settings for every computer I manage. You would be amazed at how dumb you feel if you have all these nifty CDROM/floppy based utilities and are unable to make the damn PC boot from anything other than the screwed up hard drive.

The second thing I keep is a NT password recovery disk. About 90% of my problems are based on not knowing the admin password for a machine that has been in some users closet for 3 years. The user suddenly needs the PC on his network, and there I am trying to figure out the admin password. The best disk I have found is here.

The third thing I keep is a Norton Utilities CDROM. You can boot off the CDROM and scan for a virus or diagnose a flaky hard drive.

I also keep a Gentoo live CD. I have thought about going over to Toms Boot Disk, but the Gentoo disk usually does what I need.

Although I don't carry it with me, I also keep a spare hard drive and a Win2k disk with all the latest patches and utilities that my company uses for the standard install. If worse comes to worse, I just move the users hard drive over to the secondary IDE and then install on a fresh hard drive. Then I can copy the users data onto the new hard drive. After that, the users old hard drive becomes my spare for the next user.

I also have a folder with a hard copy of every config for every switch, router, and other configurable device on my network. This folder also has IP address schemes, network maps, building diagrams, and user names and phone numbers. The folder also has a floppy with soft copies of the above, PuTTY, and a TFTP server for uploading into a router quickly.

I try to locate at least one geek for every office. I try to show this geek some of the details about his office. I let him have localadmin for the computers in his office. If the (l)users in his office need a printer reinstalled or otherwise need localadmin access, I direct them to their local geek. This also serves to deflect all the "my home PC is acting dumb and can you fix it" type users.

Finally, I try to write a "Why Stuff Breaks" document for all the major problems on my network. "User in office 12a keeps unplugging the switch so he can make coffee" type comments for common problems can help my minions diagnose a problem quickly.

About two years ago I created my own bootable CD that contained the Cab files for Windows 95, 98, 98SE and ME, along with scripts for unattended installs for each of them. This CD has saved me countless of hours. Can't really do the same for 2000 and XP, more's the pity. I also made a second CD that contained a full install of Internet Explorer 6 for all OS versions. It's amazing how many problems you can fix in Windows just be installing the latest version of IE. I also carry around of set of floppy disks with me:

Maxblast - Maxtor tool for copying hard drives, works with other brands too. I prefer this to Ghost.
Powermax, SeaDiag, HDDiag, WD Lifeguard - Various manufacturers HD diagnostic disks
Offline NT password and reg editor - Need I say more?

thanks horde. :)

I suppose the moral is to remove all floppy and CD drives from your corporate PCs. Disabling floppy boot in the BIOS will keep the haX0rs out for about 20 seconds, as this is how long it takes to flip open the case and short out JP1 to reset the BIOS password. If they have to bring their own floppy drive it slows them down a bit more, plus it's rather obvious.

Talk, talk, talk. All you need is this:

http://home.eunet.no/~pnordahl/ntpasswd/

Bootable linux floppy that can reset the password for any local account without knowing the old one. At our .edu students are constantly doing Win2k labs, forgeting their passwords, and showing up at my office door to get it fixed. Been using that same floppy for greater then a year now and it's never failed.

But, like eleventy people have stated before, once you have physical access to the machine, discussing it in any more detail is just verbal jacking off.

You can crack NT/2K/XP with the boot disk found at the following location. With that disk, you can change the password of the local administrator acount! I've tried it (on my own machine that for some reason forgot the passwds after a brownout), and it worked great! Floppy and CD images available at the site - and best part is it's a LINUX boot disk! :-D

http://home.eunet.no/~pnordahl/ntpasswd/

Here is another way of doing the exact same thing, only this lets you actually change the passwords as well so you can log in as Administrator when the computer is restarted.

If you must have a computer that's physically accessible to people, set it to boot from the hard drive first, set a password on the BIOS, and put a nice big lock on the case.

Why not just use one of *several* NT password recovery disks? They work on XP, as well. I've used this one to bust into several Win2k Pro machines we'd forgotten the password for.

- A.P.

At the last job I had, it took 3 MSCEs 2 days to get my password changed on a single NT server.

2) There's a friendly boot disk that has all the tools to reset admin passwords on a single floppy: http://home.eunet.no/~pnordahl/ntpasswd/bootdisk.h tml - it works well, I've used it on a box at work we could not otherwise access.

2) Not that Knoppix has this, but why would this be a dangerous addition? You can reset the admin password by editing a single file - the boot disk above just makes it a snap. If we start eliminating utilities in the name of preventing "hackers" from abusing them, then we might as well disable shell, network, and disk access as well.

No user should be without the handy-dandy Linux boot disk for Administrator Password recovery: http://home.eunet.no/~pnordahl/ntpasswd

I have both OSes password protected. The only method for the crooks to be able to use my machine would be to either replace the hard drive, fdisk the drives and reinstall an operating system.

Unfortunately not. Unless you have encrypted harddisk partitions (which is _not_ a password protection, but orders of magnitude more secure), a new linux root password can be set with a bootdisk, if neccessary after transplanding the harddisk to another computer.

As a second step, there is a fine utility to reset a w2k admin password from Linux. I recently forgot my admin passwod for w2k on my Vaio, because I usually use Linux, and was able to set a new password with this utility.

On the other hand if you actually mean encrypted partitions by "password protection", that is a very good means to protect your data from equipment theft.

This disk image creates a floppy that boots a customized Linux kernel that allows the administrator password to be reset. And thats the chance of getting caught, that next time they come around to administer the machine they can't get in. But who's to say that they didn't screw up the password?

You can also look at tools such as L0phtcrack that try to brute force the password, done correctly that wouldn't raise eyebrows, at least until they decide to re-image the box.

But really, what kind of job is it that you have to go to these lengths to circumvent policy?

Nothing a great little Linux boot disk won't help.

Information here, RawWrite Image file here.

All unauthorized hax0ring aside, how can you trust employees to work in your office, access confidential information, deal with financial issues, and speak to clients, if they refuse to listen to what software can be installed.

Security. It's my understanding that you cannot compromise NTFS simply by rebooting with a boot disk. FAT32 is allegedly vulnerable to this.

This isnt entirely true. There is a linux program that lets you set account passwords on both NTFS and FAT32 NT partitions (upto and including Win2k Advanced Server, not sure about XP though) and can be run entirely off of a floppy. You can grab it here. Its a good one to add to anyone's toolkit, saved my life a couple times.

Security. It's my understanding that you cannot compromise NTFS simply by rebooting with a boot disk. FAT32 is allegedly vulnerable to this.

This isnt entirely true. There is a linux program that lets you set account passwords on both NTFS and FAT32 NT partitions (upto and including Win2k Advanced Server, not sure about XP though) and can be run entirely off of a floppy. You can grap it here. Its a good one to add to anyone's toolkit, saved my life a couple times.

the NTFS support in Linux is already good enough for many uses.
This is a lifesaver - It's come in handy for both recovering admin passwords
(some people where I work have the admin password for their machines)
as well as recovering data from corrupted filesystems.
--

I think winternals might be able to help you to a certain extent.

1) Users with multiple OS's on one machine.

... which happens to include most desktop and laptop Linux installations, that I know of anyway.

2) Users who wish to have one of those linux versions that run off of a floppy disk (I don't remember any for linux, just picobsd for bsd)

See this, and this. All of these are using a Linux boot disk to break NT security. Mostly useful for admins who don't know the password of the box they're trying to administrate!

It makes me wonder... What was their attitude towards stuff like Norton Utilities back when these things first emerged? Did Norton have permission from M$ to write things like undelete and defrag ? Or did he reverse engineer DOS ?

2. General Rules

2.1 An organization may only register one domain name for itself.

2.2 An organization must document it's exsistance to NORID when applying for a domain name. This is normally done by presenting the organization number from the Brønnøysund register (National register of all organizations/corporations).

2.3 NORID decides whether a registration is to be performed, and whether the registration will be directly under .no or in the geographic nametree or i a category domain. Appeals go to NOK - NORID's complaint department.

3. Who may apply

3.1 The applicant must represent or be a member of an organization registered as such in Norway, see section 2.2. Normally it's required that the applicant presents an organization number registered in the Brønnøysund register for the organization. Registration of domains for sub-levels of the organization are not allowed.

3.2 The registered address of the organization must be in Norway, or on Svalbard.

3.3 Individuals may not register domain names directly under .no. Individuals must register a domain under the category domain priv.no, which is administered by EUnet Norway.

I hope this explains why the domain is registered to Micro Media ADB and not Jon Johansen's father.

It's worth metioning that there are loads of dummy organizations solely registered in order to get funny domain names. Examples from the top of my head, and what they translate to are:

• inni.no: inside something
• eller.no: or something
• ikke.no: nothing

http://home.eunet.no/~pnordahl/ntpasswd/

If you do not know your administrator account password, you will have to completely reinstall Windows NT because eventually you'll need to have access to this account.

Actually, this isn't true. A linux boot disk can be used to change the administrator password. Do read the warnings though.

The best way to avoid this dilemma is to immediately add your personal user account to the administrators local group of the system. This will make your main user account an administrator of the system, sparing you from heartaches and time later.

No comment on this one....

Can you get an equivalent of su for nt, and run the GUI apps by typing in a console?

check this out nice
utility.