Windows Password Reset Disks/Tools etc.
- Thread starter Osiris
- Start date
- Status
office politics
It's all just 1s and 0s
- Messages
- 6,555
- Location
- in the lab
shorak said:
i tried running the John the Ripper app once here at work. I was trying to get a list of usernames & passwords for my network. I was able to pull a copy of the SAM but couldnt figure out out to run the dictionary attack against it.
prolly easier to run one of those login recovery boot cds
brrymnvette
In Runtime
- Messages
- 225
csamuels said:
If you tried to rip my admin p-word and used it. You'd be fired on the spot o questions. I take my network very seriously, it's my paycheck. So, be carefull on how you use these tools.
jcourtenay
Beta member
- Messages
- 5
Theres a free linux-based program that can reset passwords on any version of Windows, i forget what its called but its on google somewhere.
hillbillybob
In Runtime
- Messages
- 341
ya, austrumi 9.2. That's what I used. My clients are forgetting their passwords all the time. I just burnt it onto a business card CD and keep it in my wallet. It's an awesome tool.
I am still learning to use john the ripper though. Austrumi was pretty point and shoot
I am still learning to use john the ripper though. Austrumi was pretty point and shoot
Depending on the machine and user involved, losing a password for an account can be anything from a pain to a disaster. Fortunately, in Windows Server 2003 and Windows XP there's something you can do to prepare for such an eventuality: create a password reset disk.
In Windows Server 2003 you can create a password reset disk for any local user account on a member server (a nondomain controller in a domain) or stand-alone server (a server in a workgroup). You can't create a password reset disk for a domain controller because a domain controller doesn't have any local user accounts, only domain accounts stored in Active Directory.
A typical use for a password reset disk would be to create one for the all-powerful local Administrator account on your server. To do this, get a blank formatted floppy and follow these steps:
Press Ctrl-Alt-Del to open the Windows Security dialog box.
Click on the Change Password button to open the Change Password box.
In the User Name field, type the name of the local user account--for example, Administrator--whose password you want to be able to reset.
In the Log On To listbox, select the name of the computer--for example, TEST210 (this computer).
The Backup button should now appear at the bottom left of the Change Password box. If it doesn't, backspace inside the User Name field to erase what you typed and type it again.
Do not type anything in the Old Password or New Password fields. (You can't change your password and create a reset disk in the same operation.)
Click on the Backup button to start the Forgotten Password wizard.
Click Next, insert your floppy, and click Next.
Type the current password of the account for which you are creating a reset disk and click Next.
When the wizard is finished, click Next and then Finish.
Click Cancel twice to close the Windows Security screen and return to your desktop.
Related Reading
Code Fragments only
Put your password reset disk in a secure location--especially if you created it for the local Administrator account on your server, because anyone who gets hold of your reset disk can log on to the machine and have unlimited access.
What if you lose your password and you need to log on to your machine? That may sound unlikely, but what if the administrator who installed the server is sick or out of the office and you can't remember the password? Simply dig out your password reset disk (hopefully you know where to find it) and do the following:
Take a random guess what the password might be. If you're right, you're in; if not, a Login Failed dialog box will appear, which is what you want to get to.
Click on the Reset button to start the Password Reset wizard.
Click Next, insert your password reset disk, and click Next again.
Type a new password for the account and, if desired, a hint as well. (Hints are probably not a good idea for Administrator accounts.)
Click Next and then Finish to reset the password for the account. You should now be able to log on with the account using the new password.
How It Works
Running the Forgotten Password wizard creates a public/private key pair for the local user account you specified in the Change Password box. The private key is then stored on the reset disk while the public key is stored on the hard drive and used to encrypt the current password for your user account. Then, if you later have to run the Reset Password wizard, the private key on your floppy is used to decrypt the account's current password, and when you enter a new password for the account, this new password is encrypted using the same public key. This means you can use the same password reset disk to reset the password for your account as many times as you need to. It also means the password reset disk itself can't be hacked to extract the account's password, as it contains only a cryptographic key rather than the password itself.
What Can Go Wrong
A few things can go wrong when you use password reset disks. First and most obvious, if you run the Forgotten Password wizard a second time to create a new password reset disk, this generates a new public/private key pair for the account and invalidates the previous reset disk. So if you're really paranoid and want to create multiple reset disks, run the wizard only once, then make duplicates of the reset disk and store them in different secure locations.
More subtly, I encountered an interesting problem the first time I tried this approach for recovering the local Administrator password on a Windows Server 2003 member server. I created a password reset disk using the procedure described above and then tried to use it to reset the account password as outlined. But when I specified a new password and clicked Next, a message appeared saying, "The new password is too short or otherwise unusable due to the policy settings for this computer." Opening the Default Domain Policy in Group Policy Editor revealed that my Password Policy settings included a minimum password age of two days:
What this policy setting means is that if you change the password for an account, you have to wait an additional two days before you can change it again. And guess what; I had changed the password for the local Administrator account on the machine just before I created my password reset disk. (I had demoted the machine from the role of domain controller to member server, which always entails specifying a new password for the local Administrator account.) So I changed the minimum password age policy setting to zero days, ran gpupdate /force on the member server, tested the reset disk (it worked), and then changed the policy setting back again. Funny how things can trip you up, but hey, that's life as a sysadmin!
In Windows Server 2003 you can create a password reset disk for any local user account on a member server (a nondomain controller in a domain) or stand-alone server (a server in a workgroup). You can't create a password reset disk for a domain controller because a domain controller doesn't have any local user accounts, only domain accounts stored in Active Directory.
A typical use for a password reset disk would be to create one for the all-powerful local Administrator account on your server. To do this, get a blank formatted floppy and follow these steps:
Press Ctrl-Alt-Del to open the Windows Security dialog box.
Click on the Change Password button to open the Change Password box.
In the User Name field, type the name of the local user account--for example, Administrator--whose password you want to be able to reset.
In the Log On To listbox, select the name of the computer--for example, TEST210 (this computer).
The Backup button should now appear at the bottom left of the Change Password box. If it doesn't, backspace inside the User Name field to erase what you typed and type it again.
Do not type anything in the Old Password or New Password fields. (You can't change your password and create a reset disk in the same operation.)
Click on the Backup button to start the Forgotten Password wizard.
Click Next, insert your floppy, and click Next.
Type the current password of the account for which you are creating a reset disk and click Next.
When the wizard is finished, click Next and then Finish.
Click Cancel twice to close the Windows Security screen and return to your desktop.
Related Reading
Code Fragments only
Put your password reset disk in a secure location--especially if you created it for the local Administrator account on your server, because anyone who gets hold of your reset disk can log on to the machine and have unlimited access.
What if you lose your password and you need to log on to your machine? That may sound unlikely, but what if the administrator who installed the server is sick or out of the office and you can't remember the password? Simply dig out your password reset disk (hopefully you know where to find it) and do the following:
Take a random guess what the password might be. If you're right, you're in; if not, a Login Failed dialog box will appear, which is what you want to get to.
Click on the Reset button to start the Password Reset wizard.
Click Next, insert your password reset disk, and click Next again.
Type a new password for the account and, if desired, a hint as well. (Hints are probably not a good idea for Administrator accounts.)
Click Next and then Finish to reset the password for the account. You should now be able to log on with the account using the new password.
How It Works
Running the Forgotten Password wizard creates a public/private key pair for the local user account you specified in the Change Password box. The private key is then stored on the reset disk while the public key is stored on the hard drive and used to encrypt the current password for your user account. Then, if you later have to run the Reset Password wizard, the private key on your floppy is used to decrypt the account's current password, and when you enter a new password for the account, this new password is encrypted using the same public key. This means you can use the same password reset disk to reset the password for your account as many times as you need to. It also means the password reset disk itself can't be hacked to extract the account's password, as it contains only a cryptographic key rather than the password itself.
What Can Go Wrong
A few things can go wrong when you use password reset disks. First and most obvious, if you run the Forgotten Password wizard a second time to create a new password reset disk, this generates a new public/private key pair for the account and invalidates the previous reset disk. So if you're really paranoid and want to create multiple reset disks, run the wizard only once, then make duplicates of the reset disk and store them in different secure locations.
More subtly, I encountered an interesting problem the first time I tried this approach for recovering the local Administrator password on a Windows Server 2003 member server. I created a password reset disk using the procedure described above and then tried to use it to reset the account password as outlined. But when I specified a new password and clicked Next, a message appeared saying, "The new password is too short or otherwise unusable due to the policy settings for this computer." Opening the Default Domain Policy in Group Policy Editor revealed that my Password Policy settings included a minimum password age of two days:
What this policy setting means is that if you change the password for an account, you have to wait an additional two days before you can change it again. And guess what; I had changed the password for the local Administrator account on the machine just before I created my password reset disk. (I had demoted the machine from the role of domain controller to member server, which always entails specifying a new password for the local Administrator account.) So I changed the minimum password age policy setting to zero days, ran gpupdate /force on the member server, tested the reset disk (it worked), and then changed the policy setting back again. Funny how things can trip you up, but hey, that's life as a sysadmin!
alexsabree
Fully Optimized
- Messages
- 1,845
- Location
- United States
Wow thanks.... this is very helpfull 
Also, wats a "sticky"????
Also, wats a "sticky"????
- Status
