Re: locked out of XP, need file access

• Previous message: Rense Buijen: "Re: locked out of XP, need file access"
• In reply to: Vladimir B. Kropotov: "Re: locked out of XP, need file access"
• Next in thread: Joey Peloquin: "RE: locked out of XP, need file access"
• Reply: Joey Peloquin: "RE: locked out of XP, need file access"
• Reply: Brian Dunbar: "Re: locked out of XP, need file access"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

Date: Mon, 29 Dec 2003 11:05:32 -0600

To preface, I apologize if I am wrong. I also expect to be bashed for
being harsh, but sometimes reality stings.

A question that I have, is that if the box is his, and those files are his
(and are important), how did he suddenly just "forget" the admin password?
 What has he been using to log in on a daily basis? Why isn't the
password for this box the same as the other local admin passwords on the
network? Why is he administrating an XP box and then throwing up
comparisons to Windows 98 PWL files? Why not connect to the network and
log on with domain administrator rights? If he does not have the access,
why not call their helpdesk and have one of the administrators do this?

While I agree that sharing of wisdom is vital to the growth of this
mailing list, the temperance of such wisdom should be considered. I
shared this email with my co-workers, and we all thought a laptop fell out
of the back of a truck into the requestor's lap.

Perhaps it is because I do not trust email's originating from a hotmail
address asking for a hack. Anyone can get a hotmail address with any
information provided. Nigerian officials offering me vast rewards have
emailed me from Hotmail. If this was a legitimate request, why not post
it from his place of business? It looks like to me that someone saw
something he wanted on someone else's computer, and from looking over the
shoulder, caught a few characters of the password. The person has
physical access to the box, and now wants the data but doesn't know how to
get it without a script being handed to him. Perhaps this is paranoid,
but this is SECURITY we are talking about.

Responding in the positive to his request akin to offering a burglar a set
of lockpicks and detailed picking instructions because he "lost" his keys
to his car. I am under the impression that giving a wink, a nod, and
looking the other way... is not the appropriate approach to this sort of
request. You tell the person to find a locksmith to get into their car,
or offer to call the police for him. You aren't supposed to provide
locksmithing instructions when you don't even know the car is his.

This is nothing more then social engineering. How would any of you react
if you received a call from a user in your business asking how to crack
the admin password on their machine? Would you tell that user? You just
did.












.







Hi!
If you does not encrypt files, then the simplest way is to connest your
HDD
to another computer with w2k or XP and copy that files. You must to know
admin password on that Box.

Regards,
Vladimir
----- Original Message -----
From: "J. Yoon" <supercool9000@hotmail.com>
To: <security-basics@securityfocus.com>
Sent: Wednesday, December 24, 2003 6:45 PM
Subject: locked out of XP, need file access


> I'm locked out of my own Windows XP box.
> Being a paranoid,
> I have not provided myself with any password hints
> even for the administrator mode.
>
> I do remember about 2 characters from it though
> but there's just too many combinations.
>
> There are personal files in there that I need to access.
>
> I remember that with the old Win98,
> it was possible to do something with the .pwd file
> (not that we needed it,
> since all the files are accessible anyway)
> but I'm sure things have changed significantly since.
>
> I did infact try using a XP password recovery tool kit
> and global-resetter thing I got from the net...
> but the software asks me to enter root password
> and then tells me to get lost.
> It's strange and ironic,
> because the passwd is precisely what I'm trying to figure out.
>
> I don't wanna read a 1,000 page book just yet
> cuz I need access to my files asap.
>
> What would be some of the necessary simple steps to take at this time?
> Thanks in advance...
>
> _________________________________________________________________
> Expand your wine savvy — and get some great new recipes — at MSN Wine.
> http://wine.msn.com
>
>
>
--------------------------------------------------------------------------
-
>
--------------------------------------------------------------------------
--
>
>


---------------------------------------------------------------------------
----------------------------------------------------------------------------

• Previous message: Rense Buijen: "Re: locked out of XP, need file access"
• In reply to: Vladimir B. Kropotov: "Re: locked out of XP, need file access"
• Next in thread: Joey Peloquin: "RE: locked out of XP, need file access"
• Reply: Joey Peloquin: "RE: locked out of XP, need file access"
• Reply: Brian Dunbar: "Re: locked out of XP, need file access"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]