Re: Cracking admin password on Win 2000; then putting it back?

• Previous message: Bernd Felsche: "Re: REVIEW: "Biometrics for Network Security", Paul Reid"
• In reply to: IPGrunt: "Re: Cracking admin password on Win 2000; then putting it back?"
• Next in thread: Mark3324: "Re: Cracking admin password on Win 2000; then putting it back?"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

Date: Thu, 07 Oct 2004 10:10:31 +0300

IPGrunt wrote:

> Mark3324 <user@domain.invalid> confessed in
> news:0001HW.BD862ED400095F36F00805B0@newsgroups.bellsouth.net:
>
>
>>The issue of motive, intent, ethics, and so on have worked their way into
>>this thread, so in response, I thought I'd explain. You can choose to
>
> believe
>
>>it or not. (This post is posted to same three groups as the initial post,
>
> but
>
>>most messages ended up only in alt.computer.security.)
>>
>>I'm a free-lance consultant who is called into corporate environments to do
>>tasks such as write training, user manuals, produce multimedia, and rework
>>the overall production process (redesign flow, suggest tools, write best
>>practices, etc.).
>>
>>My customers usually provide a cube and a computer, and said computer is
>>usually locked down. In most cases it doesn't matter, since I'd rather work
>>on my own PowerBook laptop. When it does matter, my boss will fill out a
>>form to give me admin rights, and within 24 hours, I'm off and running.
>>
>>This present situation is a customer I've had for about seven years; they
>>call me in for maybe three months at a time. Most of the time the PC and
>>software they give me are sufficient. This time, however, things are
>>different.
>>
>>It wasn't until the 19th day there -- last Friday, actually -- that I could
>>log on to the network. Until then, employees had to give me files on CD and
>>USB thumb drives, or send e-mail. The dept. director was furious it took so
>>long, so he gave me his password so that I could log in using my Mac.
>
> Logging
>
>>in with your personal computer is an offense punishable by being escorted
>
> out
>
>>of the building, but he and several bosses way up the ladder said they'd
>
> make
>
>>sure I was left alone (I have it in writing).
>>
>>So now I can log in, but I have no e-mail. I can't get my mail via the Web,
>>because when IT detects you're navigating to such sites, you're blocked,
>
> and
>
>>they block POP3 and IMAP as well. So when I know an e-mail is coming that
>
> I
>
>>need, I pack up the laptop and head to a shopping center down the street
>>where I've found WiFi. According to IT, it may take another 15 days to get
>
> a
>
>>mailbox.
>>
>>Then there are the applications. The PC has nothing I need, so I wanted to
>>load up my own stuff then erase it when I was done with the project.
>
> Getting
>
>>software is harder and takes longer than getting a mailbox.
>>
>>When you get down to it, the reason I *really* want to start working on
>
> their
>
>>PC is because I want to ship my laptop off for service. I'm at a point in
>>time where this project is my only one, and I can afford to be without my
>>system for a few days. If this drags on and the project finishes and I've
>
> not
>
>>sent off my machine, I'll have to live with it until some other situation
>>presents itself.
>>
>>That said, if readers think my trying to break the password is unethical,
>>well, so be it. As far as I'm concerned, I am *more* than ethical, since
>
> I'm
>
>>charging them hourly for my screwing around and heading to the shopping
>>center.
>>
>>
>
>
> Mark,
>
> Hacking your client's system is NOT a good idea, no matter how you look at
> it.
>
> You have to consider why your client hired you. I'm sure that your scope of
> work did not include hacking into that computer. Focus!
>
> Simply give them a list of your requirements. If they can't meet them in a
> reasonable time, then take more breaks and bill them for the time you are
> running down to the shopping center. Jees, that sounds awful.
>
> Finally, I'll bet their Win2K machines are secured with LANMAN2. In that
> case, the security hive is inaccessible and the hash too difficult to crack
> with brute force anyway. Don't get yourself in hot water trying to do the
> impossible. Your reputation is your most valuable asset.
>
> I used to have a client with the worst computer room setup. Working there for
> over 15 minutes made my neckache as the monitor was on the top shelf of the
> server rack, and over one's head when they sat at a keyboard. I told their IT
> manager I couldn't work there anymore because of the setup. The next time
> they called me in, they had an area set aside for me with a desk, chair, and
> everything, just like a real person.
>
> Sometimes you just have to communicate your needs effectively.
>
> -- ipgrunt
> if U think that it is impossible to crack the machines that secured with LANMAN2, then U R wrong. Maybe it is impossible for U, but there the other people

• Previous message: Bernd Felsche: "Re: REVIEW: "Biometrics for Network Security", Paul Reid"
• In reply to: IPGrunt: "Re: Cracking admin password on Win 2000; then putting it back?"
• Next in thread: Mark3324: "Re: Cracking admin password on Win 2000; then putting it back?"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]