RE: Windows XP Pro cracker?

["Sarbjit Singh Gill" <ssgill () gilltechnologies com>]

Well said Marc!!

Gill

 

-----Original Message-----
From: Marc-Andre Poupier [mailto:mapoupier () maximiz com] 
Sent: Friday, September 05, 2003 9:02 AM
To: security-basics () securityfocus com
Subject: RE: Windows XP Pro cracker?

OK guys this seems to be a pretty active thread

Just so we know everybody is on the same page

3 things here reseting password on system with Syskey enabled, AD password
recovery and Directory service restore mode password.

First when you have a system with syskey enabled there's a flag in the SAM
that tell's you the syskey is enabled and when you reset a password with any
tools it will create a standard plain old HASH so when you reboot the
Winlogon subsystem will convert the password to a syskey encrypted password.


Second in Active directory there's 2 password on domain controller one is
used when your AD is up and running (your standard admin password) and the
second is the Directory service restore mode password this password is used
when your AD is OFFLINE so it is NOT store at the same place that your old
password (you are prompted to enter this password when you run the dcpromo
wizard). So you are in offline mode when you are in the recovery console or
in directory service restore and other AD disabled mode. This  password may
or may not be the same as your standard AD password.  So you can use
standard tool (such as the boot disk dicussed in this thread) to reset the
offline password then you can get access to the machine a reset the ONLINE
password by some trick....

For win2k Domain password http://www.jms1.net/nt-unlock.html
For every other admin password on win2k/winxp/winnt and so on
http://home.eunet.no/~pnordahl/ntpasswd/

If you are un-sure you understand 100% of the explanation in these 2 sites I
strongly recommend you to not touch any of this stuff... and deal with some
real professional.

*NO WARRANTY OF ANY KIND IN THIS MESSAGE* :-D

Marc-andre Poupier, MCSE, MCT, CCNA 

-----Original Message-----
From: Ansgar Wiechers [mailto:bugtraq () planetcobalt net]
Sent: Thursday, September 04, 2003 6:21 PM
To: security-basics () securityfocus com

On 2003-09-04 Halverson, Chris wrote:
> I mean for the recovery console.  Changing the Administrator password 
> does not affect the recovery console administrator password.  There is 
> a difference!

No, there isn't. You are wrong.

Regards
Ansgar Wiechers

------------------------------------------------------------------------
---
Attend Black Hat Briefings & Training Federal, September 29-30 (Training),
October 1-2 (Briefings) in Tysons Corner, VA; the world's premier technical
IT security event.  Modeled after the famous Black Hat event in Las Vegas! 6
tracks, 12 training sessions, top speakers and sponsors.  
Symantec is the Diamond sponsor.  Early-bird registration ends September
6.Visit us: www.blackhat.com
------------------------------------------------------------------------
----




---------------------------------------------------------------------------
Attend Black Hat Briefings & Training Federal, September 29-30 (Training),
October 1-2 (Briefings) in Tysons Corner, VA; the world's premier technical
IT security event.  Modeled after the famous Black Hat event in Las Vegas! 6
tracks, 12 training sessions, top speakers and sponsors.  
Symantec is the Diamond sponsor.  Early-bird registration ends September
6.Visit us: www.blackhat.com
----------------------------------------------------------------------------


---------------------------------------------------------------------------
Captus Networks 
Are you prepared for the next Sobig & Blaster? 
 - Instantly Stop DoS/DDoS Attacks, Worms & Port Scans 
 - Precisely Define and Implement Network Security 
 - Automatically Control P2P, IM and Spam Traffic 
FIND OUT NOW -  FREE Vulnerability Assessment Toolkit 
http://www.captusnetworks.com/ads/42.htm
----------------------------------------------------------------------------