Tilted Forum Project Discussion Community  

Go Back   Tilted Forum Project Discussion Community > Interests > Tilted Technology


 
 
LinkBack Thread Tools
Old 06-10-2004, 02:13 PM   #1 (permalink)
Sultana ruined my evil persona
 
Krycheck's Avatar
 
Location: Los Angeles
Recovering password on XP Home.

Ok, here's the problem. There's this machine here at work running XP Home. I don't know the administrator password. Since I didn't set this up I have no idea what it is.
Is there a way I can recover this password using a Knoppix CD?

I don't want to have to reinstall the OS
__________________

His pants are tight...but his morals are loose!!
Krycheck is offline  
Old 06-10-2004, 02:34 PM   #2 (permalink)
Insane
 
Tech TV showed how to do this once but since they changed to G4 the info is gone.

Here is a cached TechTV page from yahoo that tells one way to recover the password.

http://66.218.71.225/search/cache?p=...yc=14960&icp=1
Bigwahzoo is offline  
Old 06-10-2004, 02:43 PM   #3 (permalink)
"Officer, I was in fear for my life"
 
hrdwareguy's Avatar
 
Location: Oklahoma City
Take a look at this. You should be able to use it to browse and possibly change the password.

http://home.eunet.no/~pnordahl/ntpasswd/bootdisk.html

I used this the other day for browsing the registry when a machine wouldn't boot. I could read the values, but when I tried to change them and boot back into Windows, Windows restored a previous version of the registry.

I was however able to get the value data I needed to make the machine bootable again.
__________________
Gun Control is hitting what you aim at

Aim for the TFP, Donate Today
hrdwareguy is offline  
Old 06-10-2004, 03:06 PM   #4 (permalink)
Huzzah for Welcome Week, Much beer shall I imbibe.
 
Location: UCSB
Yeah, not that I have done this but I have a pretty good idea how to do it.

1. Boot Knoppix SDT and have a thumb USB drive handy.

2. Copy the SAM and System file from winnt/ system32/ config to the thumb drive. I think Knoppix has a program called "NT password" that does this for you.

3. Take the thumb drive to another computer and run "Sam inside" on the SAM.

4. That should give you the password on the windows box.

Sam Inside : http://www.topshareware.com/SAMInside-transfer-5188.htm

Edit: I just cracked my XP box, fun stuff to play with. That version of Saminside only does uppercase letter so I would try to find a full version of Sam inside. If LM hashes were enabled on the machine, saminside should crack the password very quickly.
__________________
I'm leaving for the University of California: Santa Barbara in 5 hours, give me your best college advice - things I need, good ideas, bad ideas, nooky, ect.

Originally Posted by Norseman on another forum:
"Yeah, the problem with the world is the stupid people are all cocksure of themselves and the intellectuals are full of doubt."

Last edited by nanofever; 06-10-2004 at 03:20 PM..
nanofever is offline  
Old 06-10-2004, 04:30 PM   #5 (permalink)
Sultana ruined my evil persona
 
Krycheck's Avatar
 
Location: Los Angeles
Thanks guys, looks like I have a few options. I'll have to get the latest Knoppix tho. Last one I downloaded was 3.2.
__________________

His pants are tight...but his morals are loose!!
Krycheck is offline  
Old 06-10-2004, 07:46 PM   #6 (permalink)
Crazy
 
An easier process that I've done in the past ( I don't know if it still works ) is detailed here.

http://www.tweakxp.com/tweak2019.aspx

Note: This is simply for changing the password, not recovering it.
__________________
"Even if you prove me wrong, I'm not going to believe you." - A. McGill

Last edited by firebirdta; 06-10-2004 at 07:57 PM..
firebirdta is offline  
Old 06-11-2004, 01:36 AM   #7 (permalink)
Insane
 
Location: Bay Area
This is what I use at work:

http://www.petri.co.il/forgot_admini...password.htm#1

Its a very simple tool to use.
westothemax is offline  
Old 06-11-2004, 01:27 PM   #8 (permalink)
Sultana ruined my evil persona
 
Krycheck's Avatar
 
Location: Los Angeles
Well that's the same program hrdwareguy posted.

I used it and it seemed that everything was working fine. I had it set the passwords to blank. But I still can't log on! It says invalid password. On all accounts.

I've redone it many times and everything points to the changes being done.

Next step is to try the Knoppix/thumbdrive idea
__________________

His pants are tight...but his morals are loose!!
Krycheck is offline  
Old 06-11-2004, 03:07 PM   #9 (permalink)
"Officer, I was in fear for my life"
 
hrdwareguy's Avatar
 
Location: Oklahoma City
Instead of resetting the password to blank, view the data and it should tell you what the password is.

Worth a shot.
__________________
Gun Control is hitting what you aim at

Aim for the TFP, Donate Today
hrdwareguy is offline  
Old 06-11-2004, 03:40 PM   #10 (permalink)
Sultana ruined my evil persona
 
Krycheck's Avatar
 
Location: Los Angeles
Well it's already blank. So it says.

Ok, Knoppix/thumbdrive didnt' work. "Can't write to /mnt/sda1"

AARRGGHH!!!
__________________

His pants are tight...but his morals are loose!!
Krycheck is offline  
Old 06-11-2004, 04:36 PM   #11 (permalink)
Devils Cabana Boy
 
Dilbert1234567's Avatar
 
Location: Central Coast CA
i dont know where i got it but there is a disk out ther that boots linux and is able to over write the sam file so you can write a new password to any account on it.

if i find it ill send you a link.
__________________
Donate Blood!

"Love is not finding the perfect person, but learning to see an imperfect person perfectly." -Sam Keen
Dilbert1234567 is offline  
Old 06-11-2004, 08:37 PM   #12 (permalink)
Banned
 
cthulu23's Avatar
 
Quote:
Originally posted by Krycheck
Well it's already blank. So it says.

Ok, Knoppix/thumbdrive didnt' work. "Can't write to /mnt/sda1"

AARRGGHH!!!
What is the ouput of a "mount" command under Knoppix? If I remember correctly, Knoppix mounts all physical drives as read-only....if so, "mount" will display "(ro)" rather than "(rw)" next to the drive in it's output. If this is the case, issue "mount -o remount,rw /dev/sda1". If you need root to do this, I think that you can "sudo passwd root" or something similar to change the root pw.
cthulu23 is offline  
Old 06-11-2004, 09:19 PM   #13 (permalink)
Sultana ruined my evil persona
 
Krycheck's Avatar
 
Location: Los Angeles
Quote:
Originally posted by cthulu23
What is the ouput of a "mount" command under Knoppix? If I remember correctly, Knoppix mounts all physical drives as read-only....if so, "mount" will display "(ro)" rather than "(rw)" next to the drive in it's output. If this is the case, issue "mount -o remount,rw /dev/sda1". If you need root to do this, I think that you can "sudo passwd root" or something similar to change the root pw.
My linux is really rusty atm. I had thought about that but had no clue at the time.

I'm gonna try working on some of my systems at home. If I can get one of these hacked I know I'm doin it right.
__________________

His pants are tight...but his morals are loose!!
Krycheck is offline  
Old 06-12-2004, 11:58 PM   #14 (permalink)
svt
Addict
 
Location: the stars at night are big and bright!
not sure, but knoppix might not mount the drive with write access because of ntfs. I know in the kernel documentation it still says write access is still expirimental.
svt is offline  
Old 06-17-2004, 03:56 PM   #15 (permalink)
Sultana ruined my evil persona
 
Krycheck's Avatar
 
Location: Los Angeles
IDEA!

What if I create a simalar SAM file with the same accounts and swap them? I'm gonna give it one last shot tomorrow.

I tried blanking out passwords on a machine at home and it worked fine so I know I'M not doing it wrong.
__________________

His pants are tight...but his morals are loose!!
Krycheck is offline  
Old 06-17-2004, 04:44 PM   #16 (permalink)
Huzzah for Welcome Week, Much beer shall I imbibe.
 
Location: UCSB
Quote:
Originally posted by Krycheck
IDEA!

What if I create a simalar SAM file with the same accounts and swap them? I'm gonna give it one last shot tomorrow.

I tried blanking out passwords on a machine at home and it worked fine so I know I'M not doing it wrong.
That should insert a new password but it will be impossible to read files that were encrypted with windows encryption service.
__________________
I'm leaving for the University of California: Santa Barbara in 5 hours, give me your best college advice - things I need, good ideas, bad ideas, nooky, ect.

Originally Posted by Norseman on another forum:
"Yeah, the problem with the world is the stupid people are all cocksure of themselves and the intellectuals are full of doubt."
nanofever is offline  
Old 06-18-2004, 03:26 PM   #17 (permalink)
Upright
 
Use the method as described in the Yahoo cache of TechTV's site. (See Bigwahzoo's post.) But, instead of using knoppix, make a BartPE CD and boot to it. This will cut out all that tricky mounting /copying stuff in Knoppix.

(in other words, BartPE cd allows for read/write NTFS drives and may be easier to use)

http://www.nu2.nu/pebuilder/
opticalparadox is offline  
Old 06-18-2004, 03:42 PM   #18 (permalink)
Sultana ruined my evil persona
 
Krycheck's Avatar
 
Location: Los Angeles
Well I gave up and took it to PC Club and they gave it a shot. They used a program called Windows Locksmith and they had the same results as me. They would change the passwords and they wouldn't work.
A virus perhaps?
__________________

His pants are tight...but his morals are loose!!
Krycheck is offline  
 

Tags
home, password, recovering

Thread Tools

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off
Trackbacks are On
Pingbacks are On
Refbacks are On



All times are GMT -8. The time now is 02:29 AM.

Tilted Forum Project

Powered by vBulletin® Version 3.8.7
Copyright ©2000 - 2024, vBulletin Solutions, Inc.
Search Engine Optimization by vBSEO 3.6.0 PL2
© 2002-2012 Tilted Forum Project

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 91 92 93 94 95 96 97 98 99 100 101 102 103 104 105 106 107 108 109 110 111 112 113 114 115 116 117 118 119 120 121 122 123 124 125 126 127 128 129 130 131 132 133 134 135 136 137 138 139 140 141 142 143 144 145 146 147 148 149 150 151 152 153 154 155 156 157 158 159 160 161 162 163 164 165 166 167 168 169 170 171 172 173 174 175 176 177 178 179 180 181 182 183 184 185 186 187 188 189 190 191 192 193 194 195 196 197 198 199 200 201 202 203 204 205 206 207 208 209 210 211 212 213 214 215 216 217 218 219 220 221 222 223 224 225 226 227 228 229 230 231 232 233 234 235 236 237 238 239 240 241 242 243 244 245 246 247 248 249 250 251 252 253 254 255 256 257 258 259 260 261 262 263 264 265 266 267 268 269 270 271 272 273 274 275 276 277 278 279 280 281 282 283 284 285 286 287 288 289 290 291 292 293 294 295 296 297 298 299 300 301 302 303 304 305 306 307 308 309 310 311 312 313 314 315 316 317 318 319 320 321 322 323 324 325 326 327 328 329 330 331 332 333 334 335 336 337 338 339 340 341 342 343 344 345 346 347 348 349 350 351 352 353 354 355 356 357 358 359 360