?
Solved

Password Recovery - Need some Advice

Posted on 2005-04-14
11
Medium Priority
?
3,303 Views
Last Modified: 2008-01-09
Hey all,

I run a small network support company and have run into quite a snafu. I am familiar with the procedures for resetting password via the bootable linux distros, and familiar with LC5 and have the program. I am a SSCP, MCSE, CCSA, and am very familiar with netowrking. Just need a little help from the strong AntiOnline community to help me in the endevor. I will post my success and failures after tomorrow to give props to those who helped :-) My problems is this.

My new client terminated their network administrator yesterday (hence why they are my new client). The network admin left a few passwords but none of them actually work. I am now faced with about 20 client machines and 3-4 servers.

2 servers are Windows 2000 server
1 server is NT4.
25 mixed XP, 98, 2000, (with local accounts created for the users, which are part of the admin group on the local machine, i know, as I said the old admin was not to skilled)

The environment is one large workgroup...I dont know why it wasent set up as a domain, but that may be part of the reason the old admin is gone, lack of skills.

I have no true idea of what is on each server, and need to gain access to the admin account. I know I can reset the admin password with a bootable linux disk, or obtain the SAM and crack it offline possibly with LC5.

But, I need to ensure that there is very little disruption to the network, mapped drives, possible services that are running under the administrator account credentials.

Can anyone provide any input or helpfull ideas.

Basicly I need to regain control of the entire network, and start mapping it so I know its entire layout. ROOT is KEY!!!!

I was thinking of starting with a Languard scan to enumerate all accounts on the servers to see if there is other accounts that may be easier to access with admin privilages, which will allow me to reset the main admin account. THis will also let me know what share I may be dealing with.

Anyway, any ideas to make my life easier tomorrow??
0
Comment
Question by:kruptos
  • 3
  • 2
  • 2
  • +3
11 Comments
 
LVL 2

Assisted Solution

by:stevem5000
stevem5000 earned 1000 total points
ID: 13787954
This will do it...

http://www.password-changer.com/

It installs on a floppy and will allow you to change the local passwords on just about anything...

It changes the password to "no password"...does require a reboot...

Steve

0
 
LVL 30

Expert Comment

by:Duncan Meyers
ID: 13789914
http://home.eunet.no/~pnordahl/ntpasswd/

Is the business. I have used this on a number of occasions (similar to yours) to get me out of the deep smelly stuff. You use it to reset the administrator password on Windows boxes.

You can use good 'ole L0phtCrack (now @stake LC5) to take a registry dump of teh SAM and use a dictionary or brute-force crack to get the remaining passwords.

Since you have a workgroup, you have your work cut out for you. I'd create a domain and all necessary user accounts,, reset the local administrator passwords and then join the domain. It'll be a short term pain, but worth it in the long run.,
0
 
LVL 38

Accepted Solution

by:
Rich Rumble earned 1000 total points
ID: 13792358
LC is slow, try JohnTheRipper to crack, or if you have the time use RainbowCrack to pregenerate all possible LM hashes. Pwdump3v2.zip is a good way to get the hash's from the machines, but as with LC you need admin rights to use it- so once you've reset the adminpass for each machine, there may be no cracking that needs to happen at all.
-rich
0
Independent Software Vendors: We Want Your Opinion

We value your feedback.

Take our survey and automatically be enter to win anyone of the following:
Yeti Cooler, Amazon eGift Card, and Movie eGift Card!

 
LVL 2

Expert Comment

by:stevem5000
ID: 13792445
Kruptos...check my previous post...

Get the program, install it on your computer, it than makes a floppy disk sector by sector...

Reboot the machine with the floppy in...it will load up, present you with a DOS like screen telling you it found the SAM database and gives you a screen of all the accounts on it...including the administrator account...asks which one you want changed...

Choose the admin account, and it will reset the pw to "no password"...remove floppy and reboot...then just "enter" at the administrator login...

You'll be done in 5 minutes...

Then if you need to change other passwords, just re-run the floppy...

This thing works like a charm...

Steve
0
 
LVL 25

Expert Comment

by:Ron Malmstead
ID: 13799896
Download this password recovery program.

http://us.f1f.yahoofs.com/bc/1484d281/bc/PRoGrAmz/Passware/Passware+recovery+tools.exe?bfhWeYCBsHOtiZCn

Now make a disk using the program.

Get a bootable xp and win2k disk...

boot the disk.....when it asks you to hit f6 to specify additional hardware do so, and insert the diskette.... .

this will reset the admin password to "12345678" I think....I don't remember, but the program has instructions.
0
 
LVL 22

Expert Comment

by:pjedmond
ID: 13802795
http://www.petri.co.il/forgot_administrator_password.htm

provides download links for a number of CDs that will do what you require. These include:

1.   The EBCD (can reset user passwords):

http://ebcd.pcministry.com/

2.    Austrami - a  minimal linux distribution for editing the registry:

http://prdownloads.sourceforge.net/austrumi

3.    Registry password reset disk (aims to recover the password *NOT* reset them - also works with EFS):

http://www.xppasswordrecovery.co.uk/
0
 
LVL 22

Expert Comment

by:pjedmond
ID: 13802803
..ooops - noted a Windows 98 system.

The passwords for Windows 98 are all in the *.pwl files. Just delete all the *.pwl files, and you can reset them to anything you want next time you log in as the name required, you will be required to enter the new password.

The above mentioned discs work on NT, Windows 2K (inc server) and XP and reset the LOCAL administrator passwords. Once you've got that control, then you have free reign:)

HTH:)
0
 
LVL 38

Expert Comment

by:Rich Rumble
ID: 13811842
he did mention 98, press ESC, that's all for them. The reset disk linked to SECOND is also a good suggestion, resetting the password should have no ill effects on your pc's/servers- but there is also no guarntee with any password recovery/reset utility.
http://home.eunet.no/~pnordahl/ntpasswd/ I recommend the CD-version for speed and reliablity
-rich
0
 
LVL 22

Expert Comment

by:pjedmond
ID: 13813653
To save you potentially a 'lot' of time. If the software states that it is 'password recovery', the it could potentially take days, or even months to recover, depending on the strength of password/speed of system. Hence, unless there is a *real* need to recover the password.....just reset them! The link I provided gives options for both.
0
 
LVL 1

Expert Comment

by:bloodrazor
ID: 13845806
Useful article details many different methods:
http://www.petri.co.il/forgot_administrator_password.htm

Site also contains tools that can escalate privaledges to admin. (Warning: Many of these types of programs are likely detected as trojans or similar by antivirus products - to put people off using them)
0
 
LVL 1

Expert Comment

by:bloodrazor
ID: 13845811
Opps, lol, just noticed someone else beat me to mentioning the site *blush*
0

Featured Post

Who's Defending Your Organization from Threats?

Protecting against advanced threats requires an IT dream team – a well-oiled machine of people and solutions working together to defend your organization. Download our resource kit today to learn more about the tools you need to build you IT Dream Team!

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Phishing emails are a popular malware delivery vehicle for attack.  While there are many ways for an attacker to increase the chances of success for their phishing emails, one of the most effective methods involves spoofing the message to appear to …
This blog will spread awareness about Dropbox. We have given the statements based upon our experience. Along with this, there is a section of some new plans that should be added in Dropbox this year. This will make the storage service enhanced from …
This video Micro Tutorial shows how to password-protect PDF files with free software. Many software products can do this, such as Adobe Acrobat (but not Adobe Reader), Nuance PaperPort, and Nuance Power PDF, but they are not free products. This vide…
Is your data getting by on basic protection measures? In today’s climate of debilitating malware and ransomware—like WannaCry—that may not be enough. You need to establish more than basics, like a recovery plan that protects both data and endpoints.…

612 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question