?
Solved

Is there a way to get into virtual servers on VMWARE  without the admin passwords ?

Posted on 2016-09-01
28
Medium Priority
?
159 Views
Last Modified: 2016-09-05
I have a friend who hired an IT consultant who set up 2 virtual servers for him . This consultant is now refusing to give the owner the passwords to his environment . Is there anyway to get him into his environment without the cooperation of the IT consultant .
I believe the consultant is extorting my friend. I can get physical access to the servers but cannot log in without the passwords.
I would be walking into a blackbox scenario here.
0
Comment
Question by:Andre P
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 9
  • 8
  • 5
  • +2
28 Comments
 
LVL 97

Expert Comment

by:Experienced Member
ID: 41780792
The consultant was paid to do the work for the company. The passwords belong to the company. Get your company lawyers involved as what the consultant is doing is illegal in terms of any business arrangement or contract.

I believe the consultant is extorting my friend  You can also contact the police.
1
 
LVL 28

Expert Comment

by:asavener
ID: 41780802
What is the OS?

I know that Windows through 2008 can have the administrator password reset via an ISO.

You can get root access on Linux at boot, if you have console access.


Basically, it's the same as if you had physical access to the server.

Windows;  http://www.wintips.org/reset-windows-account-password/
Linux:  http://www.cyberciti.biz/faq/linux-reset-forgotten-root-password/
1
 
LVL 15

Assisted Solution

by:WalkaboutTigger
WalkaboutTigger earned 1000 total points
ID: 41780810
If these are Active Directory Domain Controllers, STOP!!!  DO NOT FOLLOW THIS PROCEDURE!!!

I presume the virtual machines are running a Windows operating system.  If so, it is relatively trivial to break into them, VM or not.

I am presuming you have the administrative credentials for the VMWare host - root's password.

Go to this page and download the bootable CD image.

Unzip this file, mount the ISO on the machines' virtual CDROM drive, change the virtual BIOS to allow booting from CD, boot the VMs from the CD, zero-out the password (presuming there are no encrypted files), write the changes, restart the boxes and VOILA!  You're in as the local administrator with a blank password.

As John indicates, this is a violation of 18 U.S. Code § 880 - Receiving the proceeds of extortion and 18 U.S.C. § 1951 : US Code - Section 1951: Interference with commerce by threats or violence.

Unless there is substantive, contractual reason the consultant is failing to provide administrative credentials to said servers, whether the consultant has been compensated for their work, if they are refusing to disclose said credentials unless material or monetary transactions are performed, or are threatening physical violence, they are in violation of both of these federal statutes and possibly state or local statutes as well.

Your friend should immediately contact their legal counsel who will be able to provide them appropriate counsel in regards to the detailed facts of the case.

If the computers are at all responsible for financial transactions which may cross state lines, such as Internet sales, said consultant could also be in violation of impeding interstate commerce, yet another set of felony charges.

Before you do anything, even following the above procedure, get the attorneys involved.
0
NEW Veeam Agent for Microsoft Windows

Backup and recover physical and cloud-based servers and workstations, as well as endpoint devices that belong to remote users. Avoid downtime and data loss quickly and easily for Windows-based physical or public cloud-based workloads!

 

Author Comment

by:Andre P
ID: 41780814
The lawyers will not prevent my friend from losing his data .
The extortion  I probably used the wrong terms , Is that he wants to hike his fees above where my friend wants to pay and he is not in a position to get a better deal or even a quote .  I call it extortion because without the passwords the guy can charge whatever he wants . Right now the situation is not hostile yet but there needs to be a plan B .
I believe these are windows virtual servers 2012  one is exchange .
0
 
LVL 15

Expert Comment

by:WalkaboutTigger
ID: 41780817
Is either one an active directory controller?
Do you know the Domain Administrator password?
Where is he located such that he has no options but this one consultant?
This situation is PRECISELY extortion.  Said consultant is failing to provide the credentials in lieu of raising his rates.  Not merely immoral and unethical, but genuinely criminal.
The lawyers get involved to guide you and your friend, not to contact this criminal.
0
 

Author Comment

by:Andre P
ID: 41780818
Walkabout Tiger .
He does not have access to the vmware host root . He basically had someone set this up and let them "do what they do" while he focused on the business.  All he knows is that there are virtual servers and that one of them runs exchange .
0
 

Author Comment

by:Andre P
ID: 41780819
No passwords .. Just physical access .Total Black box
0
 
LVL 97

Expert Comment

by:Experienced Member
ID: 41780820
You have to figure out a way to boot the VM offline. I have not see that done.
0
 
LVL 15

Expert Comment

by:WalkaboutTigger
ID: 41780824
Booting the VM offline is easy.  Getting the VM Host root password is not at all trivial.
What version of VMWare is being used?
If things are still cordial, for what reason is the consultant claiming he is withholding these credentials?  That doesn't sound at all friendly to me.
0
 
LVL 97

Expert Comment

by:Experienced Member
ID: 41780825
Publish the Consultants Name and Address PUBLICLY here - you can do that. Tell him you have done so that an entire community of experts can blacklist him.

See if he wants NO business.
0
 

Author Comment

by:Andre P
ID: 41780826
He is passive aggressively not returning calls etc .. He isnt saying NO he just isnt complying with requests . My friend is afraid of getting more aggressive because he is afraid that things could go horribly wrong . I have not seen the boxes so I dont know the version . I would like to give him another option before he turns this into a thing ...

Understand he wants to preserve his data .. Even the backups are only known by this consultant . He could lose his business . What I am looking for is a secret ace he can have that can mitigate the potential  risk from this consultant .
0
 
LVL 15

Assisted Solution

by:WalkaboutTigger
WalkaboutTigger earned 1000 total points
ID: 41780829
Actually, that could be considered extortion as well, John.
Instead, Andre, do you have another server you can install VMWare on to test something so ensure it will work with the version of VMWare your friend is running?

Step 1 is recovering / resetting the root password on VMWare.  Step 2 is recovering the Windows administrator password.  If this is a domain controller, which I suspect it is, you are surely out of luck and will need to have the consultant provide the credentials or rebuild the systems from scratch.

Are these servers at all usable?  As in, can they be logged into at all?
0
 
LVL 97

Expert Comment

by:Experienced Member
ID: 41780831
You can publish names and addresses of public consultants. Saying why should be verbal but it should be obvious to the consultant.

That is in no way extortion.
0
 

Author Comment

by:Andre P
ID: 41780832
The servers are functioning . The consultant has not done anything to damage the business . He is afraid that should he get aggressive then it COULD go that way .
Walkabout . I agree that one of them is probably a DC .
I suppose I could suggest that he purchase another server to test .
0
 
LVL 97

Expert Comment

by:Experienced Member
ID: 41780834
Buying new gear costs money as a result of the consultant actions. At least get your lawyer involved and ask about getting the police involved.
0
 
LVL 15

Assisted Solution

by:WalkaboutTigger
WalkaboutTigger earned 1000 total points
ID: 41780837
Andre, this can be done with any computer that supports virtualization in BIOS, which must be enabled.
In the short term, your friend can pay the consultant but he really should be calling his lawyers to determine his legal standing.
I find your friend's consultant's behavior reprehensible.  The right thing to do is provide the credentials and then charge through the nose if your friend breaks anything.  It is utterly stupid, not to mention criminal, to withhold the information.
0
 
LVL 97

Expert Comment

by:Experienced Member
ID: 41780840
This is why, in addition, I recommend publishing the name and address of the consultant here. This is not illegal in any way to do. It is public information (yellow pages if you will) posted here.
0
 

Author Comment

by:Andre P
ID: 41780843
Yes,
This tarnishes the trust we need to do our work .
Owners of businesses shd have this information in a safe somewhere .
0
 
LVL 96

Accepted Solution

by:
Lee W, MVP earned 1000 total points
ID: 41780869
If the hired consultant is refusing to provide you the information you require, TERMINATE HIS SERVICES.

"I understand you do not wish to provide the necessary administration credentials.  We are not comfortable with this.  Either they are provided in a sealed envelope we can keep in a safe just in case or we will be forced to terminate your services and seek assistance from a technology provider that is willing to work with us."

Let me be clear, depending on your agreement, he may be providing a fixed rate to care for and monitor the network and that fixed rate may depend on assurances (in part, knowing you cannot modify things) that your network will be fully under his control.  This IS reasonable if he's providing a fixed monthly service fee.  HOWEVER, the idea of having a separate administrative account with credentials stored in a safe place that is verifiable not accessed except in an "emergency" is reasonable in my opinion.  If you agree and that's what you want and this consultant is not providing that, then you need a new consultant.  PERIOD.

I do not know VMWare that well but in the one instance I had to access a server I didn't have access to, I built a new VMWare install on a new drive within the server and booted that, importing the existing VMs.  Once imported, you can create another Windows VM and then attach the server OS VMDKs and and use tools and utilities freely available to reset the admin passwords on the domain.  Any good Windows Admin should be able to do this for you but may need to be local to get it done.
0
 

Author Comment

by:Andre P
ID: 41780873
Lee, You may be right in the case that i believe it is a fixed rate contract . How does that preclude the owner from having credentials or being able to access his own data or shop for other services should he choose ?
0
 
LVL 97

Expert Comment

by:Experienced Member
ID: 41780878
He may want a small additional fee that can be negotiated, but holding server authorization ransom is (from my point of view) illegal. That is why you need a lawyer.
0
 
LVL 96

Expert Comment

by:Lee W, MVP
ID: 41780883
Think about it this way: If the owner has the ability to change settings on the network, then he COULD do it at any time.  Doing so COULD alter something and cause an issue that would otherwise NOT have occurred and in turn cause the consultant to do work on the system without compensation (because he's supposed to provide a flat rate).  

Here's a scenario, Suppose I'm your friend.  I notice I'm low on disk space on the Exchange server.  I log in and delete Exchange logs.  It's innocent enough... I certainly don't mean to cause a problem... but it seemed like such a simple thing, why bother the consultant... only the next morning there's a problem with Exchange... and now the consultant has to fix it... and that problem was caused by the actions of the owner.  

My agreements with my flat fee service clients are to provide an envelope with an admin account and password that is SEALED.  If that envelope is opened for any reason without my authorization, it's a $500 fee.  You have the keys.  You are ABSOLUTELY NOT to use the key except if I get hit by a bus or otherwise disappear for more than 24 hours.  My perspective is that I DO NOT own the network, but if you want me to provide a flat fee for service, you must grant me EXCLUSIVE control over it.
0
 
LVL 96

Expert Comment

by:Lee W, MVP
ID: 41780888
And a sealed envelope with some kind of unique marking (even his signature) can be checked at any time.
0
 

Author Comment

by:Andre P
ID: 41780891
Lee ,
Thats very interesting .
Perhaps that could be a way for him to ask for the credentials ?
But then what if your client wants to shop for an alternative to you without your knowledge ? Any prospect would need to know what they are working with and to do that would need to see the system .
Once that envelope is opened ..
That would be an issue no ?
0
 
LVL 97

Expert Comment

by:Experienced Member
ID: 41780892
The above is a way, of course. I have been consulting for 15 years and I make sure business management or my colleague have what they need. Trust has never been broken.
0
 
LVL 96

Expert Comment

by:Lee W, MVP
ID: 41780900
You have to trust that everyone, including your friend will behave professionally and honorably (they should be one and the same).  There are, without question those who are not.  But if your friend has a problem with the service, he needs to discuss it with his provider.  I have reasonable clients... and I've unreasonable ones.  And I've fired clients too unreasonable.  

Like I said, you open that envelope without my authorization I charge you $500 or we part ways.  That simple.  Both parties have to understand that and even if your friend THINKS they opened it reasonably, has to be prepared and willing to pay.  *I* might be willing to waive that fee or reduce it depending on what was done and why.  But I don't have.  There should be an agreement in place that defines when that envelop can be opened.  

Your friend needs to review his agreement with the provider and potentially demand it be renegotiated.  But (despite my using the word demand) be reasonable and understanding of the potential risk the consultant is taking giving you that information...

Here's another scenario - your friend, while logged in as a domain admin for a "simple" task on his computer, checks his yahoo mail and accidentally opens a worm that, because it's run as a domain admin, now infects all systems on the network.  Your consultant is on a flat fee and now has to rebuild 10 different computers over two days... He'd have to worry about only one if your friend hadn't been logged in as a domain admin!  You just cost that consultant a lot of money.
0
 

Author Comment

by:Andre P
ID: 41780916
Lee , I understand what you are saying and i agree with most of it . The thing i guess that confuses me is the idea that the OWNER of a business has to pay you to look at the systems that he is paying you to support . I can understand a previous poster's position that the client should pay if they BREAK something . Your solution precludes the client from verifying that his system is being cared for properly ,
I give you an example ..
A consultant is on a flat fee and does the bare minimal to keep the system running .. He is not patching or making sure its secure from hacking .  The system has not crashed much but still is vulnerable to data exfiltration .
Under your scenario the owner is precluded from auditing the quality of the work he assumes is being done without paying the 500 fee for opening the envelope .

At any rate .
I still would like to know what technical options are available should the system access be denied to my friend .
0
 
LVL 96

Expert Comment

by:Lee W, MVP
ID: 41780953
It does not preclude anything - the consultant providing reports to you should be a requirement.  Further, consider this: A consultant charging a flat fee has it in his or her best interest to ensure your systems stay patched and up to date and running smoothly.  If they charge you $1000 per month to do that and can do that in 2 hours of work, FANTASTIC for them.  But if their negligence results in them spending 20 hours troubleshooting virus infections, and server failures, when it WOULD have only taken a couple of hours a month to maintain things... how is that benefiting the consultant?

Read my article:
https://www.experts-exchange.com/articles/6633/Becoming-A-Small-Business-IT-Consultant-Choosing-a-Business-Model.html

If the consultant you hire does not share reports with you than either you, or the consultant, or both have done a VERY poor job setting up service.  

I still would like to know what technical options are available should the system access be denied to my friend .
Repeating what I said earlier:
I do not know VMWare that well but in the one instance I had to access a server I didn't have access to, I built a new VMWare install on a new drive within the server and booted that, importing the existing VMs.  Once imported, you can create another Windows VM and then attach the server OS VMDKs and and use tools and utilities freely available to reset the admin passwords on the domain.  Any good Windows Admin should be able to do this for you but may need to be local to get it done.
0

Featured Post

Ransomware-A Revenue Bonanza for Service Providers

Ransomware – malware that gets on your customers’ computers, encrypts their data, and extorts a hefty ransom for the decryption keys – is a surging new threat.  The purpose of this eBook is to educate the reader about ransomware attacks.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Unified and professional email signatures help maintain a consistent company brand image to the outside world. This article shows how to create an email signature in Exchange Server 2010 using a transport rule and how to overcome native limitations …
New style of hardware planning for Microsoft Exchange server.
This video shows how to quickly and easily add an email signature for all users on Exchange 2016. The resulting signature is applied on a server level by Exchange Online. The email signature template has been downloaded from: www.mail-signatures…
A short tutorial showing how to set up an email signature in Outlook on the Web (previously known as OWA). For free email signatures designs, visit https://www.mail-signatures.com/articles/signature-templates/?sts=6651 If you want to manage em…
Suggested Courses
Course of the Month11 days, 3 hours left to enroll

770 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question