RE: Windows XP Pro cracker?

From: Marc-Andre Poupier (mapoupier_at_maximiz.com)
Date: 09/05/03

  • Next message: Kampanellis John: "handling log files"
    Date: Thu, 4 Sep 2003 21:02:27 -0400
    To: <security-basics@securityfocus.com>
    
    

    OK guys this seems to be a pretty active thread

    Just so we know everybody is on the same page

    3 things here reseting password on system with Syskey enabled, AD
    password recovery and Directory service restore mode password.

    First when you have a system with syskey enabled there's a flag in the
    SAM that tell's you the syskey is enabled and when you reset a password
    with any tools it will create a standard plain old HASH so when you
    reboot the Winlogon subsystem will convert the password to a syskey
    encrypted password.

    Second in Active directory there's 2 password on domain controller one
    is used when your AD is up and running (your standard admin password)
    and the second is the Directory service restore mode password this
    password is used when your AD is OFFLINE so it is NOT store at the same
    place that your old password (you are prompted to enter this password
    when you run the dcpromo wizard). So you are in offline mode when you
    are in the recovery console or in directory service restore and other AD
    disabled mode. This password may or may not be the same as your
    standard AD password. So you can use standard tool (such as the boot
    disk dicussed in this thread) to reset the offline password then you can
    get access to the machine a reset the ONLINE password by some trick....

    For win2k Domain password http://www.jms1.net/nt-unlock.html
    For every other admin password on win2k/winxp/winnt and so on
    http://home.eunet.no/~pnordahl/ntpasswd/

    If you are un-sure you understand 100% of the explanation in these 2
    sites I strongly recommend you to not touch any of this stuff... and
    deal with some real professional.

    *NO WARRANTY OF ANY KIND IN THIS MESSAGE* :-D

    Marc-andre Poupier, MCSE, MCT, CCNA

    -----Original Message-----
    From: Ansgar Wiechers [mailto:bugtraq@planetcobalt.net]
    Sent: Thursday, September 04, 2003 6:21 PM
    To: security-basics@securityfocus.com

    On 2003-09-04 Halverson, Chris wrote:
    > I mean for the recovery console. Changing the Administrator password
    > does not affect the recovery console administrator password. There is
    > a difference!

    No, there isn't. You are wrong.

    Regards
    Ansgar Wiechers

    ------------------------------------------------------------------------

    ---
    Attend Black Hat Briefings & Training Federal, September 29-30
    (Training), 
    October 1-2 (Briefings) in Tysons Corner, VA; the world's premier 
    technical IT security event.  Modeled after the famous Black Hat event
    in 
    Las Vegas! 6 tracks, 12 training sessions, top speakers and sponsors.  
    Symantec is the Diamond sponsor.  Early-bird registration ends September
    6.Visit us: www.blackhat.com
    ------------------------------------------------------------------------
    ----
    ---------------------------------------------------------------------------
    Attend Black Hat Briefings & Training Federal, September 29-30 (Training), 
    October 1-2 (Briefings) in Tysons Corner, VA; the world's premier 
    technical IT security event.  Modeled after the famous Black Hat event in 
    Las Vegas! 6 tracks, 12 training sessions, top speakers and sponsors.  
    Symantec is the Diamond sponsor.  Early-bird registration ends September 6.Visit us: www.blackhat.com
    ----------------------------------------------------------------------------
    

  • Next message: Kampanellis John: "handling log files"

    Relevant Pages

    • RE: Windows XP Pro cracker?
      ... Attend Black Hat Briefings & Training Federal, ... Modeled after the famous Black Hat event ... Symantec is the Diamond sponsor. ...
      (Security-Basics)
    • RE: Windows XP Pro cracker?
      ... Attend Black Hat Briefings & Training Federal, ... Modeled after the famous Black Hat event ... Symantec is the Diamond sponsor. ... Attend Black Hat Briefings & Training Federal, September 29-30, ...
      (Security-Basics)
    • RE: A Canada based wardialer/hacker: +16045507000
      ... Attend Black Hat Briefings & Training Federal, September 29-30, ... Modeled after the famous Black Hat event in ... Symantec is the Diamond sponsor. ...
      (Incidents)
    • RE: Security on E-Commerce Websites
      ... Attend Black Hat Briefings & Training Federal, September 29-30, ... Modeled after the famous Black Hat event in ... Symantec is the Diamond sponsor. ...
      (Security-Basics)
    • RE: Network Design
      ... Attend Black Hat Briefings & Training Federal, September 29-30, ... Modeled after the famous Black Hat event in ... Symantec is the Diamond sponsor. ...
      (Security-Basics)