Re: Cracking admin password on Win 2000; then putting it back?

From: IPGrunt (
Date: 10/07/04

Date: 6 Oct 2004 22:55:26 GMT

Mark3324 <user@domain.invalid> confessed in

> The issue of motive, intent, ethics, and so on have worked their way into
> this thread, so in response, I thought I'd explain. You can choose to
> it or not. (This post is posted to same three groups as the initial post,
> most messages ended up only in
> I'm a free-lance consultant who is called into corporate environments to do
> tasks such as write training, user manuals, produce multimedia, and rework
> the overall production process (redesign flow, suggest tools, write best
> practices, etc.).
> My customers usually provide a cube and a computer, and said computer is
> usually locked down. In most cases it doesn't matter, since I'd rather work
> on my own PowerBook laptop. When it does matter, my boss will fill out a
> form to give me admin rights, and within 24 hours, I'm off and running.
> This present situation is a customer I've had for about seven years; they
> call me in for maybe three months at a time. Most of the time the PC and
> software they give me are sufficient. This time, however, things are
> different.
> It wasn't until the 19th day there -- last Friday, actually -- that I could
> log on to the network. Until then, employees had to give me files on CD and
> USB thumb drives, or send e-mail. The dept. director was furious it took so
> long, so he gave me his password so that I could log in using my Mac.
> in with your personal computer is an offense punishable by being escorted
> of the building, but he and several bosses way up the ladder said they'd
> sure I was left alone (I have it in writing).
> So now I can log in, but I have no e-mail. I can't get my mail via the Web,
> because when IT detects you're navigating to such sites, you're blocked,
> they block POP3 and IMAP as well. So when I know an e-mail is coming that
> need, I pack up the laptop and head to a shopping center down the street
> where I've found WiFi. According to IT, it may take another 15 days to get
> mailbox.
> Then there are the applications. The PC has nothing I need, so I wanted to
> load up my own stuff then erase it when I was done with the project.
> software is harder and takes longer than getting a mailbox.
> When you get down to it, the reason I *really* want to start working on
> PC is because I want to ship my laptop off for service. I'm at a point in
> time where this project is my only one, and I can afford to be without my
> system for a few days. If this drags on and the project finishes and I've
> sent off my machine, I'll have to live with it until some other situation
> presents itself.
> That said, if readers think my trying to break the password is unethical,
> well, so be it. As far as I'm concerned, I am *more* than ethical, since
> charging them hourly for my screwing around and heading to the shopping
> center.


Hacking your client's system is NOT a good idea, no matter how you look at

You have to consider why your client hired you. I'm sure that your scope of
work did not include hacking into that computer. Focus!

Simply give them a list of your requirements. If they can't meet them in a
reasonable time, then take more breaks and bill them for the time you are
running down to the shopping center. Jees, that sounds awful.

Finally, I'll bet their Win2K machines are secured with LANMAN2. In that
case, the security hive is inaccessible and the hash too difficult to crack
with brute force anyway. Don't get yourself in hot water trying to do the
impossible. Your reputation is your most valuable asset.

I used to have a client with the worst computer room setup. Working there for
over 15 minutes made my neckache as the monitor was on the top shelf of the
server rack, and over one's head when they sat at a keyboard. I told their IT
manager I couldn't work there anymore because of the setup. The next time
they called me in, they had an area set aside for me with a desk, chair, and
everything, just like a real person.

Sometimes you just have to communicate your needs effectively.

-- ipgrunt