Professional Documents
Culture Documents
This is my first howto/tutorial, so if there are any suggestions of any kind or questions, please let me know.
my email is: mvogels [at] white-scorpion [dot] nl
<i'm not responsible for any of this info i will give you here, it is for educational purposes only, what you do with it is your business, not mine!!>
<For all the tools i've mentioned i will give the link to download them or the original site of that tool at the bottom of this article.>
I thought this info might interest lot of other people so here it is:
The windows 2000 and XP passwords are stored in the SAM file.
If you have complete access to the system, then there are several tools to use to change the admin password or any other for that matter. here are
the tools:
this is a linux based tool ( the program for making a bootable disk is for windows ) and allows you to change any password on a windows system,
although it is advised not to use it on NTFS partitions for it can crash the system. But you can even disable syskey with this proggie so that all
passwords are reset to blank.
And best of it, it's free! (with source)
CIA commander:
This tool only works on NTFS partitions, but it works great! You can even use it to copy data from one place to another. But it is not for free.
This is a complete kit which allows you to get almost every password for anything you want (zip-files, msoffice documents, saved passwords in
IE, etc) and ofcourse a tool in it to set the administrator password to '12345', and this can also be undone if you like, so no one will ever know you
were there..
Also not for free but very very good!
These are the tools i mostly use, and i haven't seen a system yet where i didn't got in (with local access that is )
And now the registry, here the passwords are stored in HKEY_LOCAL_MACHINE\SAM.
this can only be accessed by administrators, but even then you don't have the possibilities of seeing them without using some kind of tool (unless
you can make yourself 'system' but that isn't neccessary here.)
Here the tool 'pwdump2' comes in handy, this will give you a complete dump of all the local passwords on the system.
Another tool is 'lsadump2', you know the screen where you have to put in your name and password if you want to connect to internet using a
modem?
Even if you don't save the password, it will be saved for you in the registry by windows and can be viewed with this tool. Also the default
password (if there is any) will be shown.
there is another version of this tool 'pwdump3' which allows you to do the same on a remote machine, you'll need the admin password for that
machine too for this tool.
The passware IE key, which allows you to get all the stored passwords (including sites) on the system.
This tool can be found too in the Passware password recovery kit.
Now, i hope that this is of any use to anyone, i did my best writing it, that's for sure
if you like this tutorial (or if you don't) please let me know with voting for it..
CIA commander:
http://www.datapol-technologies.com/en/Products/Business/CIACommander/main.htm
pwdump2:
http://razor.bindview.com/tools/files/pwdump2.zip
pwdump3:
http://packetstormsecurity.org/Crackers/NT/pwdump3.zip
(this link should work, but the site is down at the moment)
lsadump2:
http://razor.bindview.com/tools/files/lsadump2.zip
grtz
lepricaun
_________________
Errors, Vulnerabilities & Exploits explained
The Syringe - My Latest Project.
Last edited by White Scorpion on Sat Mar 17, 2007 11:20 pm; edited 1 time in total
Back to top
Posted: Fri Jun 25, 2004 1:15 pm Post subject:
Location: india
is ther any simple prosedure like renaming SAM to recover lost password on Win 2k domain controller??????
Back to top
Back to top
Deep Viewer Posted: Fri Jun 25, 2004 4:17 pm Post subject:
New Member
Locksmith Utility -->> http://www.winternals.com/products/repairandrecovery/locksmith.asp
_________________
Imagination is more important than knowledge.
Albert Einstein
Back to top
Back to top
ThePsyko Posted: Fri Jun 25, 2004 5:29 pm Post subject:
SF Mod
mel wr
is the
Renaming the SAM won't allow you to recover any passwords, but it is possible to create an administrative account and access the
3) maneuver to c:\winnt\system32\config
At this point you have administrative access, but any changes you make to
the profiles will not be saved to the proper SAM file and will be lost.
All other changes (configurations, installations, etc) made at this point
will be saved.
6) open notepad
save as c:\useradd.bat
11) delete the c:\winnt\system32\config\SAM. file and rename the old one
back to SAM.
12) reboot and wait 10-15 minutes for the batch file to execute. The batch file will execute with system privledges and create the '
You can then logon with your newuser account with local administrative rights and can reset the original administrator account, cl
Unfortunately, the only way to defend against something like this in the wild is to ensure you have proper auditing and hope whom
Back to top
piccolo_21 Posted: Fri Jun 25, 2004 5:53 pm Post subject:
Forum Addict
that is all usefull info you can also use LC4 once you get the sam to see the passes it has store or the most simples way is to get th
wonders when my users forgets the pass.
_________________
A wise man asked question, a fool is afraid of knowledge>>>>
Joined: 07 Jan 2004
Posts: 294
Location: NYC, USA
Back to top
White Scorpion Posted: Sat Jun 26, 2004 11:27 am Post subject:
Forum Junky
there is one other way to reset the password on a DC pretty easy, this is also by using a tool from passware recovery kit, but this ti
Joined: 19 Sep 2003 I'm not a complete idiot, some parts are missing.
Posts: 878
Location: The
Netherlands
Back to top
http://www.loginrecovery.com/
Quote:
Login Recovery is a service to reveal user names and recover passwords for Windows NT, 2000, XP
computer, your passwords can be recovered
http://ebcd.pcministry.com/
Quote:
change password of any user, including administator of Windows NT/2000/XP OS. You do not need
http://trinityhome.org/Home/index.php?wpid=1&front_id=12
Quote:
Here 's a sumup of some of the most important features, new and old:
-easily reset windows passwords
-4 different virusscan products integrated in a single uniform commandline with online update capa
-full ntfs write support thanks to ntfs-3g (all other drivers included as well)
-clone NTFS filesystems over the network
-wide range of hardware support (kernel 2.6.19.1 and recent kudzu hwdata)
-easy script to find all local filesystems
http://www.ubcd4win.com/contents.htm
Quote:
(re)set the passwords of any user that has a valid local account, create a new local user with admin
on your NT system
_________________
ASCII stupid question, get a stupid ANSI!
Back to top
By the way, anyone know if the same tools will work with Vista?
_________________
If water is hydrogen and oxygen why doesn’t it burn?
Back to top
majo323 Posted: Wed Jan 31, 2007 11:28 pm Post subject:
Lurker
I use software with name ERD Commander 2003, It works well
_________________
Ask Google first
Back to top
loraandbush Pos
Just Arrived
Best
Back to top
Uh, no.
_________________
main(_){for(_=')';_;_+=~!&_["]["]){char l;write(!_!=_,(l=_["mI}., m0:0,$6/\3,\
$6/m/&\"10*\177c,$6\17cm\4c/&\"10\12"]^unix["CC me on *nix"],&l),_==_);}}
Israel G. Lugo
Back to top
Back to top
Back to top