Changing NT/2000 accounts password from the command line

• Nächste im Thread: Russ: "Re: Changing NT/2000 accounts password from the command line"
• Antwort: Russ: "Re: Changing NT/2000 accounts password from the command line"
• Nachrichten sortiert nach: [ Datum ] [ Thread ] [ Subject ] [ Autor ] [ Attachement ]

I though that changing passwords in NT/2000 was a privileged operation only
available for administrators or account operators from trusted computers.

Bring up the change password dialog from the secured screen that appears
pressing CTRL+ALT+DEL in any NT/2000 computer, by default, from this dialog
you can change the password of any account on any pingable domain or
computer that has netbios active. This could allow for guessing accounts
names and brute force attacks, since it will report detailed information on
the error if an invalid request is made, "user not found", "invalid
password" and so on.

A demostration command line utility is also available from
http://www.quimeras.com/free/chpasswd.exe

Alberto Aragones
The Quimeras Company
http://www.quimeras.com

----------------------------------------------------------------------------
Delivery co-sponsored by Trend Micro
============================================================================
TREND MICRO REAL-TIME VIRUS ALERTS
If you would like to know about a virus outbreak before CNN and ZDNet get
Trend Micro Virus Info Feed FREE. Simply copy and paste a small piece of
code to give your visitors a real-time top 10 list and the latest virus
advisories. Setup takes just 10 minutes and requires no server-side code on
your Web site. All content is updated automatically from Trend Micro's Web
site.
http://www.antivirus.com/banners/tracking.asp?si=8&bi=237&ul=/syndication/
vinfo/
----------------------------------------------------------------------------

• Nächste im Thread: Russ: "Re: Changing NT/2000 accounts password from the command line"
• Antwort: Russ: "Re: Changing NT/2000 accounts password from the command line"
• Nachrichten sortiert nach: [ Datum ] [ Thread ] [ Subject ] [ Autor ] [ Attachement ]

Relevant Pages Re: which virus Ive got:Everyone is allowed to change administrators password! ... You don't want to delete the Everyone account, you just want to remove it ... from your Administrators Group. ... > allowed to change password! ... Or am I infected by virus? ... (microsoft.public.win2000.security) Re: Program Errors ... Online Virus Scan. ... then a "repair install". ... Account, creating another Administrator account for backup in case your ... > closing and coming up with the Program Error Message. ... (microsoft.public.win2000.general) Re: WinXP Pro and security against viruses ... I have converted the system to NTFS since I first posted ... He has 2 kids, each with their own account, and password. ... since then says "what's between his 2 ears is my best virus protection" ... (comp.security.misc) Re: jpg attachment hangs OE 6 ... removed all my accounts under Outlook Express. ... address book and account files. ... I sent myself an email with a .jpg attachment and it still hangs the window ... Trend Micro has been on my system for quite some time. ... (microsoft.public.windows.inetexplorer.ie6_outlookexpress) Re: jpg attachment hangs OE 6 ... removed all my accounts under Outlook Express. ... address book and account files. ... I sent myself an email with a .jpg attachment and it still hangs the ... Trend Micro has been on my system for quite some time. ... (microsoft.public.windows.inetexplorer.ie6_outlookexpress)

• Security
• UNIX
• Linux
• Coding
• Usenet

• News
• Mailing-Lists
• Newsgroups
• Service
• About
• Privacy
• Search
• Imprint