win 2k&2003 password reset
TRANSCRIPT
-
8/8/2019 Win 2k&2003 Password Reset
1/8
Windows 2k &2003 Password Reset
This is my first howto/tutorial, so if there are any suggestions of any kind or questions, please let me know.my email is: mvogels [at] white-scorpion [dot] nlI thought this info might interest lot of other people so here it is:
Ok now for the passwords,
The windows 2000 and XP passwords are stored in the SAM file.
SAM stands for Security Account Manager.This is the service which stores the passwords in the registry and in the SAM file. This is done by using a LM-hash (for compatiblity with olderversions of windows) and a MD5-hash.This file can not be accessed when the OS is running.if that's not all, Windows also uses syskey to encrypt the file, so that offline viewing ( with a dos bootdisk) doesn't work. But there still are waysget them....
Let's start with getting administrator rights on a local machine.
If you have complete access to the system, then there are several tools to use to change the admin password or any other for that matter. here arethe tools:
Offline NT password & registry editor:
this is a linux based tool ( the program for making a bootable disk is for windows ) and allows you to change any password on a windows systemalthough it is advised not to use it on NTFS partitions for it can crash the system. But you can even disable syskey with this proggie so that all
passwords are reset to blank.And best of it, it's free! (with source)
CIA commander:
This tool only works on NTFS partitions, but it works great! You can even use it to copy data from one place to another. But it is not for free.
Passware password recovery kit:
This is a complete kit which allows you to get almost every password for anything you want (zip-files, msoffice documents, saved passwords inIE, etc) and ofcourse a tool in it to set the administrator password to '12345', and this can also be undone if you like, so no one will ever know yowere there..Also not for free but very very good!
These are the tools i mostly use, and i haven't seen a system yet where i didn't got in (with local access that is )
And now the registry, here the passwords are stored in HKEY_LOCAL_MACHINE\SAM.this can only be accessed by administrators, but even then you don't have the possibilities of seeing them without using some kind of tool (unlessyou can make yourself 'system' but that isn't neccessary here.)Here the tool 'pwdump2' comes in handy, this will give you a complete dump of all the local passwords on the system.
Another tool is 'lsadump2', you know the screen where you have to put in your name and password if you want to connect to internet using amodem?
-
8/8/2019 Win 2k&2003 Password Reset
2/8
Even if you don't save the password, it will be saved for you in the registry by windows and can be viewed with this tool. Also the defaultpassword (if there is any) will be shown.
there is another version of this tool 'pwdump3' which allows you to do the same on a remote machine, you'll need the admin password for thatmachine too for this tool.
And last but not least the tool i mentioned before:
The passware IE key, which allows you to get all the stored passwords (including sites) on the system.This tool can be found too in the Passware password recovery kit.
Now, i hope that this is of any use to anyone, i did my best writing it, that's for sureif you like this tutorial (or if you don't) please let me know with voting for it..
here are the links i promised:
Offline NT password & registry editor:http://home.eunet.no/~pnordahl/ntpasswd/
CIA commander:http://www.datapol-technologies.com/en/Products/Business/CIACommander/main.htm
Passware password recovery kit:http://www.lostpassword.com/
pwdump2:http://razor.bindview.com/tools/files/pwdump2.zip
pwdump3:http://packetstormsecurity.org/Crackers/NT/pwdump3.zip (this link should work, but the site is down at the moment)
lsadump2:http://razor.bindview.com/tools/files/lsadump2.zip
btw, pwdump 2 & 3 and lsadump2 are free tools...
hope this helps
grtz
lepricaun_________________Errors, Vulnerabilities & Exploits explainedThe Syringe- My Latest Project.
I'm not a complete idiot, some parts are missing.
Last edited by White Scorpion on Sat Mar 17, 2007 11:20 pm; edited 1 time in total
Back to top
http://home.eunet.no/~pnordahl/ntpasswd/http://home.eunet.no/~pnordahl/ntpasswd/http://www.datapol-technologies.com/en/Products/Business/CIACommander/main.htmhttp://www.datapol-technologies.com/en/Products/Business/CIACommander/main.htmhttp://www.lostpassword.com/http://www.lostpassword.com/http://razor.bindview.com/tools/files/pwdump2.ziphttp://packetstormsecurity.org/Crackers/NT/pwdump3.ziphttp://razor.bindview.com/tools/files/lsadump2.ziphttp://www.security-forums.com/viewtopic.php?p=252020http://www.security-forums.com/viewtopic.php?t=51309http://www.security-forums.com/viewtopic.php?t=51309http://security-forums.com/viewtopic.php?t=16252#top%23tophttp://home.eunet.no/~pnordahl/ntpasswd/http://www.datapol-technologies.com/en/Products/Business/CIACommander/main.htmhttp://www.lostpassword.com/http://razor.bindview.com/tools/files/pwdump2.ziphttp://packetstormsecurity.org/Crackers/NT/pwdump3.ziphttp://razor.bindview.com/tools/files/lsadump2.ziphttp://www.security-forums.com/viewtopic.php?p=252020http://www.security-forums.com/viewtopic.php?t=51309http://security-forums.com/viewtopic.php?t=16252#top%23top -
8/8/2019 Win 2k&2003 Password Reset
3/8
Location: indiaPosted: Fri Jun 25, 2004 1:15 pm Post subject:
is ther any simple prosedure like renaming SAM to recover lost password on Win 2k domain controller??
Back to top
Back to top
Deep ViewerNew Member
Joined: 30 Nov 2003Posts: 35Location: Europe
Posted: Fri Jun 25, 2004 4:17 pm Post subject:
Locksmith Utility -->>http://www.winternals.com/products/repairandrecovery/locksmith.asp
_________________Imagination is more important than knowledge.Albert Einstein
Back to top
MattATrusted SF Member
Joined: 13 Jun 2003Posts: 1794Location: Eastbourne + London
Posted: Fri Jun 25, 2004 4:36 pm Post subject:
Amazingly Mel I wrote documentation earlier today on how to reset the administrative password on a DCherehttp://www.security-forums.com/forum/viewtopic.php?t=16217
_________________All across the Internet, routers whisper paths they learn to their peers,directing ideas,business transactionsholding my breath for fear of killing it with a twitch.
Back to top
http://security-forums.com/viewtopic.php?t=16252#top%23tophttp://security-forums.com/privmsg.php?mode=post&u=2009&sid=9e566493472db037c0aa51eb41672761http://security-forums.com/viewtopic.php?t=16252#top%23tophttp://www.winternals.com/products/repairandrecovery/locksmith.asphttp://www.winternals.com/products/repairandrecovery/locksmith.asphttp://www.winternals.com/products/repairandrecovery/locksmith.asphttp://security-forums.com/viewtopic.php?t=16252#top%23tophttp://security-forums.com/privmsg.php?mode=post&u=8073&sid=9e566493472db037c0aa51eb41672761http://www.security-forums.com/forum/viewtopic.php?t=16217http://www.security-forums.com/forum/viewtopic.php?t=16217http://www.security-forums.com/forum/viewtopic.php?t=16217http://security-forums.com/viewtopic.php?t=16252#top%23tophttp://security-forums.com/privmsg.php?mode=post&u=3231&sid=9e566493472db037c0aa51eb41672761http://security-forums.com/privmsg.php?mode=post&u=3231&sid=9e566493472db037c0aa51eb41672761http://security-forums.com/profile.php?mode=viewprofile&u=3231&sid=9e566493472db037c0aa51eb41672761http://security-forums.com/viewtopic.php?p=102523&sid=9e566493472db037c0aa51eb41672761#102523http://security-forums.com/privmsg.php?mode=post&u=8073&sid=9e566493472db037c0aa51eb41672761http://security-forums.com/profile.php?mode=viewprofile&u=8073&sid=9e566493472db037c0aa51eb41672761http://security-forums.com/viewtopic.php?p=102509&sid=9e566493472db037c0aa51eb41672761#102509http://wwp.icq.com/scripts/search.dll?to=179208821http://wwp.icq.com/179208821#pagerhttp://wwp.icq.com/scripts/search.dll?to=179208821http://security-forums.com/profile.php?mode=viewprofile&u=446&sid=9e566493472db037c0aa51eb41672761http://edit.yahoo.com/config/send_webmesg?.target=raghu_den&.src=pghttp://www.securitywonks.com/http://security-forums.com/privmsg.php?mode=post&u=446&sid=9e566493472db037c0aa51eb41672761http://security-forums.com/profile.php?mode=viewprofile&u=446&sid=9e566493472db037c0aa51eb41672761http://security-forums.com/privmsg.php?mode=post&u=2009&sid=9e566493472db037c0aa51eb41672761http://security-forums.com/profile.php?mode=viewprofile&u=2009&sid=9e566493472db037c0aa51eb41672761http://security-forums.com/viewtopic.php?p=102421&sid=9e566493472db037c0aa51eb41672761#102421http://security-forums.com/viewtopic.php?t=16252#top%23tophttp://security-forums.com/viewtopic.php?t=16252#top%23tophttp://www.winternals.com/products/repairandrecovery/locksmith.asphttp://security-forums.com/viewtopic.php?t=16252#top%23tophttp://www.security-forums.com/forum/viewtopic.php?t=16217http://security-forums.com/viewtopic.php?t=16252#top%23top -
8/8/2019 Win 2k&2003 Password Reset
4/8
ThePsykoSF Mod
Joined: 17 Oct 2002Posts: 1427Location: California
Posted: Fri Jun 25, 2004 5:29 pm Post subject:
Renaming the SAM won't allow you to recover any passwords, but it is possible to create an administrative account and
Here's the tutorial I wrote a while back:
Creating an Administrative Account without being an Administrator
Next time you're faced with an NT or 2k system that you need to logon towith an administrative account and nobody knows the passwords, do thefollowing 12 steps to create a new account while preserving the existingaccount profiles.
1) boot to a windows boot disk
2) if the C drive is NTFS use ntfsdos to mount it
3) maneuver to c:\winnt\system32\config
4) rename the SAM. file to anything you want
5) reboot and login as 'administrator' and a blank password
At this point you have administrative access, but any changes you make tothe profiles will not be saved to the proper SAM file and will be lost.All other changes (configurations, installations, etc) made at this pointwill be saved.
6) open notepad
7) type '@echo offnet user newuser mypass /ADDnet localgroup /ADD administrators newuser'
save as c:\useradd.bat
9) open a command prompt and typeat "c:\useradd.bat"
10) reboot to your floppy
11) delete the c:\winnt\system32\config\SAM. file and rename the old oneback to SAM.
12) reboot and wait 10-15 minutes for the batch file to execute. The batch file will execute with system privledges and c
You can then logon with your newuser account with local administrative rights and can reset the original administrator
Unfortunately, the only way to defend against something like this in the wild is to ensure you have proper auditing and
Back to top
http://security-forums.com/viewtopic.php?t=16252#top%23topmailto:[email protected]:[email protected]://security-forums.com/privmsg.php?mode=post&u=582&sid=9e566493472db037c0aa51eb41672761http://security-forums.com/profile.php?mode=viewprofile&u=582&sid=9e566493472db037c0aa51eb41672761http://security-forums.com/viewtopic.php?p=102550&sid=9e566493472db037c0aa51eb41672761#102550http://security-forums.com/viewtopic.php?t=16252#top%23top -
8/8/2019 Win 2k&2003 Password Reset
5/8
-
8/8/2019 Win 2k&2003 Password Reset
6/8
http://trinityhome.org/Home/index.php?wpid=1&front_id=12
Quote:
Here 's a sumup of some of the most important features, new and old:
-easily reset windows passwords
-4 different virusscan products integrated in a single uniform commandline with online upd
-full ntfs write support thanks to ntfs-3g (all other drivers included as well)
-clone NTFS filesystems over the network
-wide range of hardware support (kernel 2.6.19.1 and recent kudzu hwdata)
-easy script to find all local filesystems
http://www.ubcd4win.com/contents.htm
Quote:
(re)set the passwords of any user that has a valid local account, create a new local user w
on your NT system
_________________ASCII stupid question, get a stupid ANSI!
Business Network Solutions
Back to top
BattousaiFrequent Member
Joined: 27 Jul 2004Posts: 227
Location: Doncaster,UK
Posted: Mon Jan 29, 2007 7:14 pm Post subject:
If the world really knew how easy is to break into windows I wonder what would happen?!?!
By the way, anyone know if the same tools will work with Vista?_________________If water is hydrogen and oxygen why doesnt it burn?
Back to top
http://trinityhome.org/Home/index.php?wpid=1&front_id=12http://trinityhome.org/Home/index.php?wpid=1&front_id=12http://www.ubcd4win.com/contents.htmhttp://www.ubcd4win.com/contents.htmhttp://www.bnsmidwest.com/http://security-forums.com/viewtopic.php?t=16252#top%23tophttp://www.bnsmidwest.com/http://security-forums.com/viewtopic.php?t=16252#top%23tophttp://www.tbs-thebutchers.co.uk/http://www.tbs-thebutchers.co.uk/http://security-forums.com/privmsg.php?mode=post&u=15998&sid=9e566493472db037c0aa51eb41672761http://security-forums.com/profile.php?mode=viewprofile&u=15998&sid=9e566493472db037c0aa51eb41672761http://security-forums.com/viewtopic.php?p=257073&sid=9e566493472db037c0aa51eb41672761#257073http://www.bnsmidwest.com/http://security-forums.com/privmsg.php?mode=post&u=3226&sid=9e566493472db037c0aa51eb41672761http://security-forums.com/profile.php?mode=viewprofile&u=3226&sid=9e566493472db037c0aa51eb41672761http://trinityhome.org/Home/index.php?wpid=1&front_id=12http://www.ubcd4win.com/contents.htmhttp://www.bnsmidwest.com/http://security-forums.com/viewtopic.php?t=16252#top%23tophttp://security-forums.com/viewtopic.php?t=16252#top%23top -
8/8/2019 Win 2k&2003 Password Reset
7/8
majo323Lurker
Joined: 30 Jan 2007
Posts: 13Location: Slovakia
Posted: Wed Jan 31, 2007 11:28 pm Post subject:
I use software with name ERD Commander 2003, It works well_________________Ask Google first
Back to top
loraandbushJust Arrived
Joined: 11 Apr 2008Posts: 8
Back to top
capiSF Mod
Joined: 21 Sep 2003Posts: 3501
Posted: Mon May 12, 2008 5:26 pm Post subject:
loraandbush wrote:
Best way to reset the password is format the system
Uh, no._________________main(_){for(_=')';_;_+=~!&_["]["]){char l;write(!_!=_,(l=_["mI}., m0:0,$6/\3,\$6/m/&\"10*\177c,$6\17cm\4c/&\"10\12"]^unix["CC me on *nix"],&l),_==_);}}
Israel G. Lugo
Back to top
ThePsykoSF Mod
Posted: Tue May 13, 2008 12:04 am Post subject:
loraandbush wrote:
Best way to reset the password is format the system
.
http://security-forums.com/viewtopic.php?t=16252#top%23tophttp://mwblog.org/http://security-forums.com/viewtopic.php?t=16252#top%23tophttp://security-forums.com/viewtopic.php?t=16252#top%23tophttp://security-forums.com/privmsg.php?mode=post&u=5832&sid=9e566493472db037c0aa51eb41672761http://security-forums.com/viewtopic.php?p=281915&sid=9e566493472db037c0aa51eb41672761#281915http://security-forums.com/privmsg.php?mode=post&u=5832&sid=9e566493472db037c0aa51eb41672761http://security-forums.com/profile.php?mode=viewprofile&u=5832&sid=9e566493472db037c0aa51eb41672761http://security-forums.com/viewtopic.php?p=281892&sid=9e566493472db037c0aa51eb41672761#281892http://mwblog.org/http://security-forums.com/privmsg.php?mode=post&u=44948&sid=9e566493472db037c0aa51eb41672761http://security-forums.com/profile.php?mode=viewprofile&u=44948&sid=9e566493472db037c0aa51eb41672761http://security-forums.com/viewtopic.php?p=257240&sid=9e566493472db037c0aa51eb41672761#257240http://security-forums.com/viewtopic.php?t=16252#top%23tophttp://security-forums.com/viewtopic.php?t=16252#top%23tophttp://security-forums.com/viewtopic.php?t=16252#top%23top -
8/8/2019 Win 2k&2003 Password Reset
8/8
Joined: 17 Oct 2002Posts: 1427Location: California
??? actually that is the WORST way since you lose everything you were after.
Back to top
moondoggieForum Fanatic
Joined: 27 May 2005Posts: 1220
Posted: Tue May 13, 2008 6:10 am Post subject:
it seems like ever since the invention of winxp that there is a huge class of people who think reformat is the solution to j
"i lost my password"reformat
"my computer is slow"reformat
"my clock is five minutes off"
reformat
Back to top
http://security-forums.com/viewtopic.php?t=16252#top%23topmailto:[email protected]://security-forums.com/viewtopic.php?t=16252#top%23tophttp://security-forums.com/privmsg.php?mode=post&u=28355&sid=9e566493472db037c0aa51eb41672761http://security-forums.com/privmsg.php?mode=post&u=28355&sid=9e566493472db037c0aa51eb41672761http://security-forums.com/profile.php?mode=viewprofile&u=28355&sid=9e566493472db037c0aa51eb41672761http://security-forums.com/viewtopic.php?p=281925&sid=9e566493472db037c0aa51eb41672761#281925mailto:[email protected]://security-forums.com/privmsg.php?mode=post&u=582&sid=9e566493472db037c0aa51eb41672761http://security-forums.com/profile.php?mode=viewprofile&u=582&sid=9e566493472db037c0aa51eb41672761http://security-forums.com/viewtopic.php?t=16252#top%23tophttp://security-forums.com/viewtopic.php?t=16252#top%23top