win 2k&2003 password reset

8/8/2019 Win 2k&2003 Password Reset

1/8

Windows 2k &2003 Password Reset

This is my first howto/tutorial, so if there are any suggestions of any kind or questions, please let me know.my email is: mvogels [at] white-scorpion [dot] nlI thought this info might interest lot of other people so here it is:

Ok now for the passwords,

The windows 2000 and XP passwords are stored in the SAM file.

SAM stands for Security Account Manager.This is the service which stores the passwords in the registry and in the SAM file. This is done by using a LM-hash (for compatiblity with olderversions of windows) and a MD5-hash.This file can not be accessed when the OS is running.if that's not all, Windows also uses syskey to encrypt the file, so that offline viewing ( with a dos bootdisk) doesn't work. But there still are waysget them....

Let's start with getting administrator rights on a local machine.

If you have complete access to the system, then there are several tools to use to change the admin password or any other for that matter. here arethe tools:

Offline NT password & registry editor:

this is a linux based tool ( the program for making a bootable disk is for windows ) and allows you to change any password on a windows systemalthough it is advised not to use it on NTFS partitions for it can crash the system. But you can even disable syskey with this proggie so that all

passwords are reset to blank.And best of it, it's free! (with source)

CIA commander:

This tool only works on NTFS partitions, but it works great! You can even use it to copy data from one place to another. But it is not for free.

Passware password recovery kit:

This is a complete kit which allows you to get almost every password for anything you want (zip-files, msoffice documents, saved passwords inIE, etc) and ofcourse a tool in it to set the administrator password to '12345', and this can also be undone if you like, so no one will ever know yowere there..Also not for free but very very good!

These are the tools i mostly use, and i haven't seen a system yet where i didn't got in (with local access that is )

And now the registry, here the passwords are stored in HKEY_LOCAL_MACHINE\SAM.this can only be accessed by administrators, but even then you don't have the possibilities of seeing them without using some kind of tool (unlessyou can make yourself 'system' but that isn't neccessary here.)Here the tool 'pwdump2' comes in handy, this will give you a complete dump of all the local passwords on the system.

Another tool is 'lsadump2', you know the screen where you have to put in your name and password if you want to connect to internet using amodem?


2/8

Even if you don't save the password, it will be saved for you in the registry by windows and can be viewed with this tool. Also the defaultpassword (if there is any) will be shown.

there is another version of this tool 'pwdump3' which allows you to do the same on a remote machine, you'll need the admin password for thatmachine too for this tool.

And last but not least the tool i mentioned before:

The passware IE key, which allows you to get all the stored passwords (including sites) on the system.This tool can be found too in the Passware password recovery kit.

Now, i hope that this is of any use to anyone, i did my best writing it, that's for sureif you like this tutorial (or if you don't) please let me know with voting for it..

here are the links i promised:

Offline NT password & registry editor:http://home.eunet.no/~pnordahl/ntpasswd/

CIA commander:http://www.datapol-technologies.com/en/Products/Business/CIACommander/main.htm

Passware password recovery kit:http://www.lostpassword.com/

pwdump2:http://razor.bindview.com/tools/files/pwdump2.zip

pwdump3:http://packetstormsecurity.org/Crackers/NT/pwdump3.zip (this link should work, but the site is down at the moment)

lsadump2:http://razor.bindview.com/tools/files/lsadump2.zip

btw, pwdump 2 & 3 and lsadump2 are free tools...

hope this helps

grtz

lepricaun_________________Errors, Vulnerabilities & Exploits explainedThe Syringe- My Latest Project.

I'm not a complete idiot, some parts are missing.

Last edited by White Scorpion on Sat Mar 17, 2007 11:20 pm; edited 1 time in total

Back to top
http://home.eunet.no/~pnordahl/ntpasswd/http://home.eunet.no/~pnordahl/ntpasswd/http://www.datapol-technologies.com/en/Products/Business/CIACommander/main.htmhttp://www.datapol-technologies.com/en/Products/Business/CIACommander/main.htmhttp://www.lostpassword.com/http://www.lostpassword.com/http://razor.bindview.com/tools/files/pwdump2.ziphttp://packetstormsecurity.org/Crackers/NT/pwdump3.ziphttp://razor.bindview.com/tools/files/lsadump2.ziphttp://www.security-forums.com/viewtopic.php?p=252020http://www.security-forums.com/viewtopic.php?t=51309http://www.security-forums.com/viewtopic.php?t=51309http://security-forums.com/viewtopic.php?t=16252#top%23tophttp://home.eunet.no/~pnordahl/ntpasswd/http://www.datapol-technologies.com/en/Products/Business/CIACommander/main.htmhttp://www.lostpassword.com/http://razor.bindview.com/tools/files/pwdump2.ziphttp://packetstormsecurity.org/Crackers/NT/pwdump3.ziphttp://razor.bindview.com/tools/files/lsadump2.ziphttp://www.security-forums.com/viewtopic.php?p=252020http://www.security-forums.com/viewtopic.php?t=51309http://security-forums.com/viewtopic.php?t=16252#top%23top


3/8

Location: indiaPosted: Fri Jun 25, 2004 1:15 pm Post subject:

is ther any simple prosedure like renaming SAM to recover lost password on Win 2k domain controller??

Back to top

Back to top

Deep ViewerNew Member

Joined: 30 Nov 2003Posts: 35Location: Europe

Posted: Fri Jun 25, 2004 4:17 pm Post subject:

Locksmith Utility -->>http://www.winternals.com/products/repairandrecovery/locksmith.asp

_________________Imagination is more important than knowledge.Albert Einstein

Back to top

MattATrusted SF Member

Joined: 13 Jun 2003Posts: 1794Location: Eastbourne + London


Amazingly Mel I wrote documentation earlier today on how to reset the administrative password on a DCherehttp://www.security-forums.com/forum/viewtopic.php?t=16217

_________________All across the Internet, routers whisper paths they learn to their peers,directing ideas,business transactionsholding my breath for fear of killing it with a twitch.

Back to top
http://security-forums.com/viewtopic.php?t=16252#top%23tophttp://security-forums.com/privmsg.php?mode=post&u=2009&sid=9e566493472db037c0aa51eb41672761http://security-forums.com/viewtopic.php?t=16252#top%23tophttp://www.winternals.com/products/repairandrecovery/locksmith.asphttp://www.winternals.com/products/repairandrecovery/locksmith.asphttp://www.winternals.com/products/repairandrecovery/locksmith.asphttp://security-forums.com/viewtopic.php?t=16252#top%23tophttp://security-forums.com/privmsg.php?mode=post&u=8073&sid=9e566493472db037c0aa51eb41672761http://www.security-forums.com/forum/viewtopic.php?t=16217http://www.security-forums.com/forum/viewtopic.php?t=16217http://www.security-forums.com/forum/viewtopic.php?t=16217http://security-forums.com/viewtopic.php?t=16252#top%23tophttp://security-forums.com/privmsg.php?mode=post&u=3231&sid=9e566493472db037c0aa51eb41672761http://security-forums.com/privmsg.php?mode=post&u=3231&sid=9e566493472db037c0aa51eb41672761http://security-forums.com/profile.php?mode=viewprofile&u=3231&sid=9e566493472db037c0aa51eb41672761http://security-forums.com/viewtopic.php?p=102523&sid=9e566493472db037c0aa51eb41672761#102523http://security-forums.com/privmsg.php?mode=post&u=8073&sid=9e566493472db037c0aa51eb41672761http://security-forums.com/profile.php?mode=viewprofile&u=8073&sid=9e566493472db037c0aa51eb41672761http://security-forums.com/viewtopic.php?p=102509&sid=9e566493472db037c0aa51eb41672761#102509http://wwp.icq.com/scripts/search.dll?to=179208821http://wwp.icq.com/179208821#pagerhttp://wwp.icq.com/scripts/search.dll?to=179208821http://security-forums.com/profile.php?mode=viewprofile&u=446&sid=9e566493472db037c0aa51eb41672761http://edit.yahoo.com/config/send_webmesg?.target=raghu_den&.src=pghttp://www.securitywonks.com/http://security-forums.com/privmsg.php?mode=post&u=446&sid=9e566493472db037c0aa51eb41672761http://security-forums.com/profile.php?mode=viewprofile&u=446&sid=9e566493472db037c0aa51eb41672761http://security-forums.com/privmsg.php?mode=post&u=2009&sid=9e566493472db037c0aa51eb41672761http://security-forums.com/profile.php?mode=viewprofile&u=2009&sid=9e566493472db037c0aa51eb41672761http://security-forums.com/viewtopic.php?p=102421&sid=9e566493472db037c0aa51eb41672761#102421http://security-forums.com/viewtopic.php?t=16252#top%23tophttp://security-forums.com/viewtopic.php?t=16252#top%23tophttp://www.winternals.com/products/repairandrecovery/locksmith.asphttp://security-forums.com/viewtopic.php?t=16252#top%23tophttp://www.security-forums.com/forum/viewtopic.php?t=16217http://security-forums.com/viewtopic.php?t=16252#top%23top


4/8

ThePsykoSF Mod

Joined: 17 Oct 2002Posts: 1427Location: California


Renaming the SAM won't allow you to recover any passwords, but it is possible to create an administrative account and

Here's the tutorial I wrote a while back:

Creating an Administrative Account without being an Administrator

Next time you're faced with an NT or 2k system that you need to logon towith an administrative account and nobody knows the passwords, do thefollowing 12 steps to create a new account while preserving the existingaccount profiles.

1) boot to a windows boot disk

2) if the C drive is NTFS use ntfsdos to mount it

3) maneuver to c:\winnt\system32\config

4) rename the SAM. file to anything you want

5) reboot and login as 'administrator' and a blank password

At this point you have administrative access, but any changes you make tothe profiles will not be saved to the proper SAM file and will be lost.All other changes (configurations, installations, etc) made at this pointwill be saved.

6) open notepad

7) type '@echo offnet user newuser mypass /ADDnet localgroup /ADD administrators newuser'

save as c:\useradd.bat

9) open a command prompt and typeat "c:\useradd.bat"

10) reboot to your floppy

11) delete the c:\winnt\system32\config\SAM. file and rename the old oneback to SAM.

12) reboot and wait 10-15 minutes for the batch file to execute. The batch file will execute with system privledges and c

You can then logon with your newuser account with local administrative rights and can reset the original administrator

Unfortunately, the only way to defend against something like this in the wild is to ensure you have proper auditing and

Back to top
http://security-forums.com/viewtopic.php?t=16252#top%23topmailto:[email protected]:[email protected]://security-forums.com/privmsg.php?mode=post&u=582&sid=9e566493472db037c0aa51eb41672761http://security-forums.com/profile.php?mode=viewprofile&u=582&sid=9e566493472db037c0aa51eb41672761http://security-forums.com/viewtopic.php?p=102550&sid=9e566493472db037c0aa51eb41672761#102550http://security-forums.com/viewtopic.php?t=16252#top%23top


5/8


6/8

http://trinityhome.org/Home/index.php?wpid=1&front_id=12

Quote:

Here 's a sumup of some of the most important features, new and old:

-easily reset windows passwords

-4 different virusscan products integrated in a single uniform commandline with online upd

-full ntfs write support thanks to ntfs-3g (all other drivers included as well)

-clone NTFS filesystems over the network

-wide range of hardware support (kernel 2.6.19.1 and recent kudzu hwdata)

-easy script to find all local filesystems

http://www.ubcd4win.com/contents.htm

Quote:

(re)set the passwords of any user that has a valid local account, create a new local user w

on your NT system

_________________ASCII stupid question, get a stupid ANSI!

Business Network Solutions

Back to top

BattousaiFrequent Member

Joined: 27 Jul 2004Posts: 227

Location: Doncaster,UK

Posted: Mon Jan 29, 2007 7:14 pm Post subject:

If the world really knew how easy is to break into windows I wonder what would happen?!?!

By the way, anyone know if the same tools will work with Vista?_________________If water is hydrogen and oxygen why doesnt it burn?

Back to top
http://trinityhome.org/Home/index.php?wpid=1&front_id=12http://trinityhome.org/Home/index.php?wpid=1&front_id=12http://www.ubcd4win.com/contents.htmhttp://www.ubcd4win.com/contents.htmhttp://www.bnsmidwest.com/http://security-forums.com/viewtopic.php?t=16252#top%23tophttp://www.bnsmidwest.com/http://security-forums.com/viewtopic.php?t=16252#top%23tophttp://www.tbs-thebutchers.co.uk/http://www.tbs-thebutchers.co.uk/http://security-forums.com/privmsg.php?mode=post&u=15998&sid=9e566493472db037c0aa51eb41672761http://security-forums.com/profile.php?mode=viewprofile&u=15998&sid=9e566493472db037c0aa51eb41672761http://security-forums.com/viewtopic.php?p=257073&sid=9e566493472db037c0aa51eb41672761#257073http://www.bnsmidwest.com/http://security-forums.com/privmsg.php?mode=post&u=3226&sid=9e566493472db037c0aa51eb41672761http://security-forums.com/profile.php?mode=viewprofile&u=3226&sid=9e566493472db037c0aa51eb41672761http://trinityhome.org/Home/index.php?wpid=1&front_id=12http://www.ubcd4win.com/contents.htmhttp://www.bnsmidwest.com/http://security-forums.com/viewtopic.php?t=16252#top%23tophttp://security-forums.com/viewtopic.php?t=16252#top%23top


7/8

majo323Lurker

Joined: 30 Jan 2007

Posts: 13Location: Slovakia

Posted: Wed Jan 31, 2007 11:28 pm Post subject:

I use software with name ERD Commander 2003, It works well_________________Ask Google first

Back to top

loraandbushJust Arrived

Joined: 11 Apr 2008Posts: 8

Back to top

capiSF Mod

Joined: 21 Sep 2003Posts: 3501

Posted: Mon May 12, 2008 5:26 pm Post subject:

loraandbush wrote:

Best way to reset the password is format the system

Uh, no._________________main(_){for(_=')';_;_+=~!&_["]["]){char l;write(!_!=_,(l=_["mI}., m0:0,$6/\3,\$6/m/&\"10*\177c,$6\17cm\4c/&\"10\12"]^unix["CC me on *nix"],&l),_==_);}}

Israel G. Lugo

Back to top

ThePsykoSF Mod

Posted: Tue May 13, 2008 12:04 am Post subject:

loraandbush wrote:

Best way to reset the password is format the system

.
http://security-forums.com/viewtopic.php?t=16252#top%23tophttp://mwblog.org/http://security-forums.com/viewtopic.php?t=16252#top%23tophttp://security-forums.com/viewtopic.php?t=16252#top%23tophttp://security-forums.com/privmsg.php?mode=post&u=5832&sid=9e566493472db037c0aa51eb41672761http://security-forums.com/viewtopic.php?p=281915&sid=9e566493472db037c0aa51eb41672761#281915http://security-forums.com/privmsg.php?mode=post&u=5832&sid=9e566493472db037c0aa51eb41672761http://security-forums.com/profile.php?mode=viewprofile&u=5832&sid=9e566493472db037c0aa51eb41672761http://security-forums.com/viewtopic.php?p=281892&sid=9e566493472db037c0aa51eb41672761#281892http://mwblog.org/http://security-forums.com/privmsg.php?mode=post&u=44948&sid=9e566493472db037c0aa51eb41672761http://security-forums.com/profile.php?mode=viewprofile&u=44948&sid=9e566493472db037c0aa51eb41672761http://security-forums.com/viewtopic.php?p=257240&sid=9e566493472db037c0aa51eb41672761#257240http://security-forums.com/viewtopic.php?t=16252#top%23tophttp://security-forums.com/viewtopic.php?t=16252#top%23tophttp://security-forums.com/viewtopic.php?t=16252#top%23top


8/8

Joined: 17 Oct 2002Posts: 1427Location: California

??? actually that is the WORST way since you lose everything you were after.

Back to top

moondoggieForum Fanatic

Joined: 27 May 2005Posts: 1220

Posted: Tue May 13, 2008 6:10 am Post subject:

it seems like ever since the invention of winxp that there is a huge class of people who think reformat is the solution to j

"i lost my password"reformat

"my computer is slow"reformat

"my clock is five minutes off"

reformat

Back to top
http://security-forums.com/viewtopic.php?t=16252#top%23topmailto:[email protected]://security-forums.com/viewtopic.php?t=16252#top%23tophttp://security-forums.com/privmsg.php?mode=post&u=28355&sid=9e566493472db037c0aa51eb41672761http://security-forums.com/privmsg.php?mode=post&u=28355&sid=9e566493472db037c0aa51eb41672761http://security-forums.com/profile.php?mode=viewprofile&u=28355&sid=9e566493472db037c0aa51eb41672761http://security-forums.com/viewtopic.php?p=281925&sid=9e566493472db037c0aa51eb41672761#281925mailto:[email protected]://security-forums.com/privmsg.php?mode=post&u=582&sid=9e566493472db037c0aa51eb41672761http://security-forums.com/profile.php?mode=viewprofile&u=582&sid=9e566493472db037c0aa51eb41672761http://security-forums.com/viewtopic.php?t=16252#top%23tophttp://security-forums.com/viewtopic.php?t=16252#top%23top

win 2k&2003 password reset

Documents