Re: can someone get admin password with physical access?

From: Matt Jamieson (matt@uk2.net)
Date: 03/02/02


From: matt@uk2.net (Matt Jamieson)
Date: 2 Mar 2002 11:26:48 -0800


> Is there a way that any person with
> physical access hack the admin or other users password? I heard that you
> can use a linux boot disk to access a file and use l0ptcrack to crack it,
> but I heard that it only works for FAT32 partitions. Is this true? And if
> there is a way to hack the passwords if someone has physical access, how can
> they do it? and is there a way to stop it? (besides physical security)

Hi

Anyone with physical access to a WinNT/2K machine (and also I assume
with XP, although I've not tried it) can change any user's password
using a bootdisk utility from here:
http://home.eunet.no/~pnordahl/ntpasswd/

No only is this faster than copying the SAM database and cracking it,
it's also much easier to do.

In my experience any machine with SYSKEY enabled or 128-bit encryption
will have the SAM corrupted if you use this utility, and you will only
be able to log in as the use whose password you have changed.

Anyway, a tool worth a look whether you want to think about ways of
blocking it or you regularly forget your password!

Your Mileage May Very

Matt