Active Directory

[King X13]

Is there a way out there for me to find out users passwords. With like a thousand teachers in my network, if i have to change another password because they cant remember something that they made it im gonna hurt someone. and the students are even worse.

So is there a place In server 2000 where the passwords are stored or whatever. i dont understand why if we can lock the accounts, disable or enable the accounts and change the passwords at our will, how come there isnt a way to view passwords. i mean we have access to everything else as an administrator.

just curious thanks for your replys.

 

[IBMan]

you can't see passwords, thats a security breach, you're gonna have to reset them.

 

[Law]

I'm not sure if there's a program on the Internet that will let you view the password, but I haven't look, plus the last time I was doing Windows server security, we had to crack the password using a dictionary attack on Linux using John the ripper to view the password. Depending on the password length and it's complexity, it would take you pretty long just doing 1 account.

 

[office politics]

prolly faster to use rainbow tables

http://www.datastronghold.com/archive/t14450.html

Tools Used:
knoppix 3.7, burned to a CDR
Cain and Abel
Rainbow crack 1.2a
Rainbowcalc
SamInside 2.3.0.1

All these tools can be found quickly and easily by using a magical device known as "google".

So here's basically what you'll be doing for this attack:

1) You get the encrypted version of the windows SAM database and Syskey using Knoppix, and copy it to a usb pen drive.

2) You extract the encrypted hashes for each password using SAMINSIDE to process the SAM and Syskey files

3) You create a big rainbow table for the LM charset using Rainbow crack

4) You feed this table, along with the hashes, into Cain and Abel, and get the passwords.

Alternatively, to do a dictionary or brute force style attack, you may skip step 3.

 

[King X13]

Thanks guys, i just find it stupid, if i can change the passwords to whatever i want it wouldnt make a difference if i could see the password to begin with. im gonna try csamuels info just for fun i think lol.

plus i dont think it would be a security breach, i mean i can put porn in there home folder that i created if i wanted to with out even knowing a password, think that would be more of a breach if anything lol.

Thanks again tho.

 

[Vormund]

Thanks guys, i just find it stupid, if i can change the passwords to whatever i want it wouldnt make a difference if i could see the password to begin with. im gonna try csamuels info just for fun i think lol.

plus i dont think it would be a security breach, i mean i can put porn in there home folder that i created if i wanted to with out even knowing a password, think that would be more of a breach if anything lol.

Thanks again tho.

I think it's more on the idea of... many people use one password for multiple things--and with many things, you can't identify the person who has "lost" their password.

Just like the forum here, they try to verify your identity by e-mail...

I'm sure there are millions of reasons... one for me is, I dislike trying to create new random passwords and memorize them again...hah!

On the other hand...to solve your situation, put a key logger on their comp...that'll do the trick! ...just kidding, of course...

 

[King X13]

yeah i get what your saying makes sense, just that then they should remember the **** password lol. its really not hard. freakin users.

 

[cabling1]

I agree with the IBMan: viewing passwords could constitute a security breach...

 

[King X13]

ok, but why do you think it would be a security breach?

Heres some background info so you cant say while they use 1 password for many things and stuff like that.

They are forced to change there password every 30 days

I obviously can change there passwords so the breach wouldnt be me getting into there files since i can change it and do that.

I can get into there files on the server with out even logging in as them.

I control exchange server so i can anyones email with out a password by just puttin there user name into outlook on exchange so i dont need a password for that.

I can go into there files on our server anytime i want with out there account.

There really is nothing that the password does protect against from an admin, so there is no security breach if i am the security.

so im just curious why you guys think its a security issue.

 

[cabling1]

Allright! I did not realize that you already have access to all their individual files, info, emails, etc. except for the passwords. (Are they aware of this???) In that case perhaps there is no security breach, just a lot of trust in you!!!!