RE: Windows XP Pro cracker?

["Marc-Andre Poupier" <mapoupier () maximiz com>]

OK guys this seems to be a pretty active thread

Just so we know everybody is on the same page

3 things here reseting password on system with Syskey enabled, AD
password recovery and Directory service restore mode password.

First when you have a system with syskey enabled there's a flag in the
SAM that tell's you the syskey is enabled and when you reset a password
with any tools it will create a standard plain old HASH so when you
reboot the Winlogon subsystem will convert the password to a syskey
encrypted password. 

Second in Active directory there's 2 password on domain controller one
is used when your AD is up and running (your standard admin password)
and the second is the Directory service restore mode password this
password is used when your AD is OFFLINE so it is NOT store at the same
place that your old password (you are prompted to enter this password
when you run the dcpromo wizard). So you are in offline mode when you
are in the recovery console or in directory service restore and other AD
disabled mode. This  password may or may not be the same as your
standard AD password.  So you can use standard tool (such as the boot
disk dicussed in this thread) to reset the offline password then you can
get access to the machine a reset the ONLINE password by some trick....

For win2k Domain password http://www.jms1.net/nt-unlock.html
For every other admin password on win2k/winxp/winnt and so on
http://home.eunet.no/~pnordahl/ntpasswd/

If you are un-sure you understand 100% of the explanation in these 2
sites I strongly recommend you to not touch any of this stuff... and
deal with some real professional.

*NO WARRANTY OF ANY KIND IN THIS MESSAGE* :-D

Marc-andre Poupier, MCSE, MCT, CCNA 

-----Original Message-----
From: Ansgar Wiechers [mailto:bugtraq () planetcobalt net] 
Sent: Thursday, September 04, 2003 6:21 PM
To: security-basics () securityfocus com

On 2003-09-04 Halverson, Chris wrote:
> I mean for the recovery console.  Changing the Administrator password
> does not affect the recovery console administrator password.  There is
> a difference!

No, there isn't. You are wrong.

Regards
Ansgar Wiechers

------------------------------------------------------------------------
---
Attend Black Hat Briefings & Training Federal, September 29-30
(Training), 
October 1-2 (Briefings) in Tysons Corner, VA; the world's premier 
technical IT security event.  Modeled after the famous Black Hat event
in 
Las Vegas! 6 tracks, 12 training sessions, top speakers and sponsors.  
Symantec is the Diamond sponsor.  Early-bird registration ends September
6.Visit us: www.blackhat.com
------------------------------------------------------------------------
----




---------------------------------------------------------------------------
Attend Black Hat Briefings & Training Federal, September 29-30 (Training),
October 1-2 (Briefings) in Tysons Corner, VA; the world's premier
technical IT security event.  Modeled after the famous Black Hat event in
Las Vegas! 6 tracks, 12 training sessions, top speakers and sponsors.
Symantec is the Diamond sponsor.  Early-bird registration ends September 6.Visit us: www.blackhat.com
----------------------------------------------------------------------------