Solved

Is there a way to get into virtual servers on VMWARE  without the admin passwords ?

Posted on 2016-09-01
28
108 Views
Last Modified: 2016-09-05
I have a friend who hired an IT consultant who set up 2 virtual servers for him . This consultant is now refusing to give the owner the passwords to his environment . Is there anyway to get him into his environment without the cooperation of the IT consultant .
I believe the consultant is extorting my friend. I can get physical access to the servers but cannot log in without the passwords.
I would be walking into a blackbox scenario here.
0
Comment
Question by:Andre P
  • 9
  • 8
  • 5
  • +2
28 Comments
 
LVL 90

Expert Comment

by:John Hurst
Comment Utility
The consultant was paid to do the work for the company. The passwords belong to the company. Get your company lawyers involved as what the consultant is doing is illegal in terms of any business arrangement or contract.

I believe the consultant is extorting my friend  You can also contact the police.
1
 
LVL 28

Expert Comment

by:asavener
Comment Utility
What is the OS?

I know that Windows through 2008 can have the administrator password reset via an ISO.

You can get root access on Linux at boot, if you have console access.


Basically, it's the same as if you had physical access to the server.

Windows;  http://www.wintips.org/reset-windows-account-password/
Linux:  http://www.cyberciti.biz/faq/linux-reset-forgotten-root-password/
1
 
LVL 15

Assisted Solution

by:WalkaboutTigger
WalkaboutTigger earned 250 total points
Comment Utility
If these are Active Directory Domain Controllers, STOP!!!  DO NOT FOLLOW THIS PROCEDURE!!!

I presume the virtual machines are running a Windows operating system.  If so, it is relatively trivial to break into them, VM or not.

I am presuming you have the administrative credentials for the VMWare host - root's password.

Go to this page and download the bootable CD image.

Unzip this file, mount the ISO on the machines' virtual CDROM drive, change the virtual BIOS to allow booting from CD, boot the VMs from the CD, zero-out the password (presuming there are no encrypted files), write the changes, restart the boxes and VOILA!  You're in as the local administrator with a blank password.

As John indicates, this is a violation of 18 U.S. Code § 880 - Receiving the proceeds of extortion and 18 U.S.C. § 1951 : US Code - Section 1951: Interference with commerce by threats or violence.

Unless there is substantive, contractual reason the consultant is failing to provide administrative credentials to said servers, whether the consultant has been compensated for their work, if they are refusing to disclose said credentials unless material or monetary transactions are performed, or are threatening physical violence, they are in violation of both of these federal statutes and possibly state or local statutes as well.

Your friend should immediately contact their legal counsel who will be able to provide them appropriate counsel in regards to the detailed facts of the case.

If the computers are at all responsible for financial transactions which may cross state lines, such as Internet sales, said consultant could also be in violation of impeding interstate commerce, yet another set of felony charges.

Before you do anything, even following the above procedure, get the attorneys involved.
0
 

Author Comment

by:Andre P
Comment Utility
The lawyers will not prevent my friend from losing his data .
The extortion  I probably used the wrong terms , Is that he wants to hike his fees above where my friend wants to pay and he is not in a position to get a better deal or even a quote .  I call it extortion because without the passwords the guy can charge whatever he wants . Right now the situation is not hostile yet but there needs to be a plan B .
I believe these are windows virtual servers 2012  one is exchange .
0
 
LVL 15

Expert Comment

by:WalkaboutTigger
Comment Utility
Is either one an active directory controller?
Do you know the Domain Administrator password?
Where is he located such that he has no options but this one consultant?
This situation is PRECISELY extortion.  Said consultant is failing to provide the credentials in lieu of raising his rates.  Not merely immoral and unethical, but genuinely criminal.
The lawyers get involved to guide you and your friend, not to contact this criminal.
0
 

Author Comment

by:Andre P
Comment Utility
Walkabout Tiger .
He does not have access to the vmware host root . He basically had someone set this up and let them "do what they do" while he focused on the business.  All he knows is that there are virtual servers and that one of them runs exchange .
0
 

Author Comment

by:Andre P
Comment Utility
No passwords .. Just physical access .Total Black box
0
 
LVL 90

Expert Comment

by:John Hurst
Comment Utility
You have to figure out a way to boot the VM offline. I have not see that done.
0
 
LVL 15

Expert Comment

by:WalkaboutTigger
Comment Utility
Booting the VM offline is easy.  Getting the VM Host root password is not at all trivial.
What version of VMWare is being used?
If things are still cordial, for what reason is the consultant claiming he is withholding these credentials?  That doesn't sound at all friendly to me.
0
 
LVL 90

Expert Comment

by:John Hurst
Comment Utility
Publish the Consultants Name and Address PUBLICLY here - you can do that. Tell him you have done so that an entire community of experts can blacklist him.

See if he wants NO business.
0
 

Author Comment

by:Andre P
Comment Utility
He is passive aggressively not returning calls etc .. He isnt saying NO he just isnt complying with requests . My friend is afraid of getting more aggressive because he is afraid that things could go horribly wrong . I have not seen the boxes so I dont know the version . I would like to give him another option before he turns this into a thing ...

Understand he wants to preserve his data .. Even the backups are only known by this consultant . He could lose his business . What I am looking for is a secret ace he can have that can mitigate the potential  risk from this consultant .
0
 
LVL 15

Assisted Solution

by:WalkaboutTigger
WalkaboutTigger earned 250 total points
Comment Utility
Actually, that could be considered extortion as well, John.
Instead, Andre, do you have another server you can install VMWare on to test something so ensure it will work with the version of VMWare your friend is running?

Step 1 is recovering / resetting the root password on VMWare.  Step 2 is recovering the Windows administrator password.  If this is a domain controller, which I suspect it is, you are surely out of luck and will need to have the consultant provide the credentials or rebuild the systems from scratch.

Are these servers at all usable?  As in, can they be logged into at all?
0
 
LVL 90

Expert Comment

by:John Hurst
Comment Utility
You can publish names and addresses of public consultants. Saying why should be verbal but it should be obvious to the consultant.

That is in no way extortion.
0
 

Author Comment

by:Andre P
Comment Utility
The servers are functioning . The consultant has not done anything to damage the business . He is afraid that should he get aggressive then it COULD go that way .
Walkabout . I agree that one of them is probably a DC .
I suppose I could suggest that he purchase another server to test .
0
How to improve team productivity

Quip adds documents, spreadsheets, and tasklists to your Slack experience
- Elevate ideas to Quip docs
- Share Quip docs in Slack
- Get notified of changes to your docs
- Available on iOS/Android/Desktop/Web
- Online/Offline

 
LVL 90

Expert Comment

by:John Hurst
Comment Utility
Buying new gear costs money as a result of the consultant actions. At least get your lawyer involved and ask about getting the police involved.
0
 
LVL 15

Assisted Solution

by:WalkaboutTigger
WalkaboutTigger earned 250 total points
Comment Utility
Andre, this can be done with any computer that supports virtualization in BIOS, which must be enabled.
In the short term, your friend can pay the consultant but he really should be calling his lawyers to determine his legal standing.
I find your friend's consultant's behavior reprehensible.  The right thing to do is provide the credentials and then charge through the nose if your friend breaks anything.  It is utterly stupid, not to mention criminal, to withhold the information.
0
 
LVL 90

Expert Comment

by:John Hurst
Comment Utility
This is why, in addition, I recommend publishing the name and address of the consultant here. This is not illegal in any way to do. It is public information (yellow pages if you will) posted here.
0
 

Author Comment

by:Andre P
Comment Utility
Yes,
This tarnishes the trust we need to do our work .
Owners of businesses shd have this information in a safe somewhere .
0
 
LVL 95

Accepted Solution

by:
Lee W, MVP earned 250 total points
Comment Utility
If the hired consultant is refusing to provide you the information you require, TERMINATE HIS SERVICES.

"I understand you do not wish to provide the necessary administration credentials.  We are not comfortable with this.  Either they are provided in a sealed envelope we can keep in a safe just in case or we will be forced to terminate your services and seek assistance from a technology provider that is willing to work with us."

Let me be clear, depending on your agreement, he may be providing a fixed rate to care for and monitor the network and that fixed rate may depend on assurances (in part, knowing you cannot modify things) that your network will be fully under his control.  This IS reasonable if he's providing a fixed monthly service fee.  HOWEVER, the idea of having a separate administrative account with credentials stored in a safe place that is verifiable not accessed except in an "emergency" is reasonable in my opinion.  If you agree and that's what you want and this consultant is not providing that, then you need a new consultant.  PERIOD.

I do not know VMWare that well but in the one instance I had to access a server I didn't have access to, I built a new VMWare install on a new drive within the server and booted that, importing the existing VMs.  Once imported, you can create another Windows VM and then attach the server OS VMDKs and and use tools and utilities freely available to reset the admin passwords on the domain.  Any good Windows Admin should be able to do this for you but may need to be local to get it done.
0
 

Author Comment

by:Andre P
Comment Utility
Lee, You may be right in the case that i believe it is a fixed rate contract . How does that preclude the owner from having credentials or being able to access his own data or shop for other services should he choose ?
0
 
LVL 90

Expert Comment

by:John Hurst
Comment Utility
He may want a small additional fee that can be negotiated, but holding server authorization ransom is (from my point of view) illegal. That is why you need a lawyer.
0
 
LVL 95

Expert Comment

by:Lee W, MVP
Comment Utility
Think about it this way: If the owner has the ability to change settings on the network, then he COULD do it at any time.  Doing so COULD alter something and cause an issue that would otherwise NOT have occurred and in turn cause the consultant to do work on the system without compensation (because he's supposed to provide a flat rate).  

Here's a scenario, Suppose I'm your friend.  I notice I'm low on disk space on the Exchange server.  I log in and delete Exchange logs.  It's innocent enough... I certainly don't mean to cause a problem... but it seemed like such a simple thing, why bother the consultant... only the next morning there's a problem with Exchange... and now the consultant has to fix it... and that problem was caused by the actions of the owner.  

My agreements with my flat fee service clients are to provide an envelope with an admin account and password that is SEALED.  If that envelope is opened for any reason without my authorization, it's a $500 fee.  You have the keys.  You are ABSOLUTELY NOT to use the key except if I get hit by a bus or otherwise disappear for more than 24 hours.  My perspective is that I DO NOT own the network, but if you want me to provide a flat fee for service, you must grant me EXCLUSIVE control over it.
0
 
LVL 95

Expert Comment

by:Lee W, MVP
Comment Utility
And a sealed envelope with some kind of unique marking (even his signature) can be checked at any time.
0
 

Author Comment

by:Andre P
Comment Utility
Lee ,
Thats very interesting .
Perhaps that could be a way for him to ask for the credentials ?
But then what if your client wants to shop for an alternative to you without your knowledge ? Any prospect would need to know what they are working with and to do that would need to see the system .
Once that envelope is opened ..
That would be an issue no ?
0
 
LVL 90

Expert Comment

by:John Hurst
Comment Utility
The above is a way, of course. I have been consulting for 15 years and I make sure business management or my colleague have what they need. Trust has never been broken.
0
 
LVL 95

Expert Comment

by:Lee W, MVP
Comment Utility
You have to trust that everyone, including your friend will behave professionally and honorably (they should be one and the same).  There are, without question those who are not.  But if your friend has a problem with the service, he needs to discuss it with his provider.  I have reasonable clients... and I've unreasonable ones.  And I've fired clients too unreasonable.  

Like I said, you open that envelope without my authorization I charge you $500 or we part ways.  That simple.  Both parties have to understand that and even if your friend THINKS they opened it reasonably, has to be prepared and willing to pay.  *I* might be willing to waive that fee or reduce it depending on what was done and why.  But I don't have.  There should be an agreement in place that defines when that envelop can be opened.  

Your friend needs to review his agreement with the provider and potentially demand it be renegotiated.  But (despite my using the word demand) be reasonable and understanding of the potential risk the consultant is taking giving you that information...

Here's another scenario - your friend, while logged in as a domain admin for a "simple" task on his computer, checks his yahoo mail and accidentally opens a worm that, because it's run as a domain admin, now infects all systems on the network.  Your consultant is on a flat fee and now has to rebuild 10 different computers over two days... He'd have to worry about only one if your friend hadn't been logged in as a domain admin!  You just cost that consultant a lot of money.
0
 

Author Comment

by:Andre P
Comment Utility
Lee , I understand what you are saying and i agree with most of it . The thing i guess that confuses me is the idea that the OWNER of a business has to pay you to look at the systems that he is paying you to support . I can understand a previous poster's position that the client should pay if they BREAK something . Your solution precludes the client from verifying that his system is being cared for properly ,
I give you an example ..
A consultant is on a flat fee and does the bare minimal to keep the system running .. He is not patching or making sure its secure from hacking .  The system has not crashed much but still is vulnerable to data exfiltration .
Under your scenario the owner is precluded from auditing the quality of the work he assumes is being done without paying the 500 fee for opening the envelope .

At any rate .
I still would like to know what technical options are available should the system access be denied to my friend .
0
 
LVL 95

Expert Comment

by:Lee W, MVP
Comment Utility
It does not preclude anything - the consultant providing reports to you should be a requirement.  Further, consider this: A consultant charging a flat fee has it in his or her best interest to ensure your systems stay patched and up to date and running smoothly.  If they charge you $1000 per month to do that and can do that in 2 hours of work, FANTASTIC for them.  But if their negligence results in them spending 20 hours troubleshooting virus infections, and server failures, when it WOULD have only taken a couple of hours a month to maintain things... how is that benefiting the consultant?

Read my article:
https://www.experts-exchange.com/articles/6633/Becoming-A-Small-Business-IT-Consultant-Choosing-a-Business-Model.html

If the consultant you hire does not share reports with you than either you, or the consultant, or both have done a VERY poor job setting up service.  

I still would like to know what technical options are available should the system access be denied to my friend .
Repeating what I said earlier:
I do not know VMWare that well but in the one instance I had to access a server I didn't have access to, I built a new VMWare install on a new drive within the server and booted that, importing the existing VMs.  Once imported, you can create another Windows VM and then attach the server OS VMDKs and and use tools and utilities freely available to reset the admin passwords on the domain.  Any good Windows Admin should be able to do this for you but may need to be local to get it done.
0

Featured Post

Get up to 2TB FREE CLOUD per backup license!

An exclusive Black Friday offer just for Expert Exchange audience! Buy any of our top-rated backup solutions & get up to 2TB free cloud per system! Perform local & cloud backup in the same step, and restore instantly—anytime, anywhere. Grab this deal now before it disappears!

Join & Write a Comment

Exchange server is not supported in any cloud-hosted platform (other than Azure with Azure Premium Storage).
In this step by step tutorial with screenshots, we will show you HOW TO: Enable SSH Remote Access on a VMware vSphere Hypervisor 6.5 (ESXi 6.5). This is important if you need to enable SSH remote access for additional troubleshooting of the ESXi hos…
In this Micro Video tutorial you will learn the basics about Database Availability Groups and How to configure one using a live Exchange Server Environment. The video tutorial explains the basics of the Exchange server Database Availability grou…
how to add IIS SMTP to handle application/Scanner relays into office 365.

762 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

13 Experts available now in Live!

Get 1:1 Help Now