Re: locked out of XP, need file access

From: . . (miklohnews_at_hotmail.com)
Date: 12/30/03

  • Next message: Jason Balicki: "RE: Best practices for a small business's security"
    To: security-basics@securityfocus.com
    Date: Tue, 30 Dec 2003 09:08:36 +1000
    
    

    I agree, all valid points. However

    - i went overseas for a few months and came back only to find myself having
    forgotten the admin password to both my w2k machines at home. I thought i
    remembered it, and was surprised when my machines didnt wanna accept what i
    typed in at all! hmmm... must've changed them right before i left. ;)
    - as u can see by the replies to this question, the information is
    defenitely out there anyway, whether u find it urself (google) or ask like
    this in a formum, so no point in trying to hide it.
    - to hide information like this may lead to a false sense of security.
    someone not knowing how easy it is to crack a system may feel that they're
    all secure since they have a password setup. security by obscurity is the
    term i think.

    i think it's more up to the local administrators to try to keep a close eye
    on people in his/her area. on a forum like this, hey, what can i do anyway
    if someone on the other side of the world wants to break into some system
    (maybe mine!! oops...)? i look after my things and hope that someone wont be
    able to break into my machines. hopefully, if this guy doesnt have
    legitimate reasons to reset the password, his local admin doesn't allow him
    physical access to this machine. but on the other hand, as u or someone else
    said, he may have physical access if it's the neighbour machine in his
    office. ah well. my point is that the info is out there, u can always find
    out, so no real point in trying to hide things.

    >From: JGrimshaw@ASAP.com
    >CC: security-basics@securityfocus.com
    >Subject: Re: locked out of XP, need file access
    >Date: Mon, 29 Dec 2003 11:05:32 -0600
    >
    >To preface, I apologize if I am wrong. I also expect to be bashed for
    >being harsh, but sometimes reality stings.
    >
    >A question that I have, is that if the box is his, and those files are his
    >(and are important), how did he suddenly just "forget" the admin password?
    > What has he been using to log in on a daily basis? Why isn't the
    >password for this box the same as the other local admin passwords on the
    >network? Why is he administrating an XP box and then throwing up
    >comparisons to Windows 98 PWL files? Why not connect to the network and
    >log on with domain administrator rights? If he does not have the access,
    >why not call their helpdesk and have one of the administrators do this?
    >
    >While I agree that sharing of wisdom is vital to the growth of this
    >mailing list, the temperance of such wisdom should be considered. I
    >shared this email with my co-workers, and we all thought a laptop fell out
    >of the back of a truck into the requestor's lap.
    >
    >Perhaps it is because I do not trust email's originating from a hotmail
    >address asking for a hack. Anyone can get a hotmail address with any
    >information provided. Nigerian officials offering me vast rewards have
    >emailed me from Hotmail. If this was a legitimate request, why not post
    >it from his place of business? It looks like to me that someone saw
    >something he wanted on someone else's computer, and from looking over the
    >shoulder, caught a few characters of the password. The person has
    >physical access to the box, and now wants the data but doesn't know how to
    >get it without a script being handed to him. Perhaps this is paranoid,
    >but this is SECURITY we are talking about.
    >
    >Responding in the positive to his request akin to offering a burglar a set
    >of lockpicks and detailed picking instructions because he "lost" his keys
    >to his car. I am under the impression that giving a wink, a nod, and
    >looking the other way... is not the appropriate approach to this sort of
    >request. You tell the person to find a locksmith to get into their car,
    >or offer to call the police for him. You aren't supposed to provide
    >locksmithing instructions when you don't even know the car is his.
    >
    >This is nothing more then social engineering. How would any of you react
    >if you received a call from a user in your business asking how to crack
    >the admin password on their machine? Would you tell that user? You just
    >did.
    >
    >
    >
    >
    >
    >
    >
    >
    >
    >
    >
    >
    >.
    >
    >
    >
    >
    >
    >
    >
    >Hi!
    >If you does not encrypt files, then the simplest way is to connest your
    >HDD
    >to another computer with w2k or XP and copy that files. You must to know
    >admin password on that Box.
    >
    >Regards,
    >Vladimir
    >----- Original Message -----
    >From: "J. Yoon" <supercool9000@hotmail.com>
    >To: <security-basics@securityfocus.com>
    >Sent: Wednesday, December 24, 2003 6:45 PM
    >Subject: locked out of XP, need file access
    >
    >
    > > I'm locked out of my own Windows XP box.
    > > Being a paranoid,
    > > I have not provided myself with any password hints
    > > even for the administrator mode.
    > >
    > > I do remember about 2 characters from it though
    > > but there's just too many combinations.
    > >
    > > There are personal files in there that I need to access.
    > >
    > > I remember that with the old Win98,
    > > it was possible to do something with the .pwd file
    > > (not that we needed it,
    > > since all the files are accessible anyway)
    > > but I'm sure things have changed significantly since.
    > >
    > > I did infact try using a XP password recovery tool kit
    > > and global-resetter thing I got from the net...
    > > but the software asks me to enter root password
    > > and then tells me to get lost.
    > > It's strange and ironic,
    > > because the passwd is precisely what I'm trying to figure out.
    > >
    > > I don't wanna read a 1,000 page book just yet
    > > cuz I need access to my files asap.
    > >
    > > What would be some of the necessary simple steps to take at this time?
    > > Thanks in advance...
    > >
    > > _________________________________________________________________
    > > Expand your wine savvy and get some great new recipes at MSN Wine.
    > > http://wine.msn.com
    > >
    > >
    > >
    >--------------------------------------------------------------------------
    >-
    > >
    >--------------------------------------------------------------------------
    >--
    > >
    > >
    >
    >
    >---------------------------------------------------------------------------
    >----------------------------------------------------------------------------
    >
    >
    >

    _________________________________________________________________
    Hot chart ringtones and polyphonics. Go to
    http://ninemsn.com.au/mobilemania/default.asp

    ---------------------------------------------------------------------------
    ----------------------------------------------------------------------------


  • Next message: Jason Balicki: "RE: Best practices for a small business's security"

    Relevant Pages

    • Re: locked out of XP, need file access
      ... the reason i told him he could email me privately was just cause i had ... a car alarm, park your car inside your garage, put an armoured guard next to ... >forgotten the admin password to both my w2k machines at home. ...
      (Security-Basics)
    • RE: locked out of XP, need file access
      ... The example of the car thief was taken out of proportion by some--Yes ... forgotten the admin password to both my w2k machines at home. ... i think it's more up to the local administrators to try to keep a close eye ...
      (Security-Basics)
    • RE: Win 2000 User Manager Pro
      ... Password) that changes automatically the admin password of Win2000 ... machines over the network. ... Le tranchant aigu d'une lame fait une vive ... les mauvaises paroles causent une blessure plus difficile ...
      (Security-Basics)
    • RE: Windows xp machine password
      ... If the Win XP machines are members of an AD domain, ... network logon script automatically ... It is never a good idea to set an Admin password to blank. ... > I have couple of windows xp laptop machines where the userid is ...
      (microsoft.public.windowsxp.security_admin)
    • Win 2000 User Manager Pro
      ... Password) that changes automatically the admin password of Win2000 ... machines over the network. ... Le tranchant aigu d'une lame fait une vive ... les mauvaises paroles causent une blessure plus difficile ...
      (Security-Basics)