reset XP password hash, and reload it!

xatar · 07-16-2007, 04:00 PM

Hi all,

I have a question...

Does anyone know of a linux (or any other open source/free tool) tool that will perform a hash insertion attack (overwrite the password hash for an account), but have an option to load the original hash back to the SAM database so that the original user can still log on?

I was watching a video on youtube (although most of the videos are noobs showing how to hack when you are an admin!!!) where someone used CIA Commander (licensed tool) to:
reboot
overwrite the password hash for the admin account
reboot
log on with new password
create a new admin level windows account
reboot
copy original hash back to the SAM for admin account
reboot
log back on as newly created account

Now, this guy was doing it to crack the account passwords with rainbow tables, which is stupid as he could just copy the SAM and system files when he reboots anyway!! I want to be able to cover tracks by copying back the original password instead of resetting it permenantly.

any ideas?

Could just copy the SAM/system files after booting off of BT, then reset the admin password, log on with new password and copy back the original SAM and system files.

Any other ideas?

cheers,
xatar

**zeruelx** · 07-16-2007, 04:24 PM

First, I would prefer just copy the SAM/system files and crack the passwords without changing anything on the disk. It is a risk-free (you don't risk messing up anything) and usually fast process.

Originally Posted by xatar

Could just copy the SAM/system files after booting off of BT, then reset the admin password, log on with new password and copy back the original SAM and system files.

Then if that doesn't work, this could work too; make sure you can write to NTFS (if the windows is on NTFS).

I am not sure if Offline NT Password & Registry Editor has the option to back up the password files; but if they don't, I would suggest to them to add it.

**operatorone** · 07-25-2007, 08:40 PM

Windows Key enterprise will do the same thing (also not free, but effective).

**Funnyman** · 07-31-2007, 09:23 PM

there is tool a like that and its also free but you need Windows iso image and a CD-R/RW.

**purehate** · 07-31-2007, 09:39 PM

Originally Posted by xatar

Hi all,

I have a question...

Does anyone know of a linux (or any other open source/free tool) tool that will perform a hash insertion attack (overwrite the password hash for an account), but have an option to load the original hash back to the SAM database so that the original user can still log on?

I was watching a video on youtube (although most of the videos are noobs showing how to hack when you are an admin!!!) where someone used CIA Commander (licensed tool) to:
reboot
overwrite the password hash for the admin account
reboot
log on with new password
create a new admin level windows account
reboot
copy original hash back to the SAM for admin account
reboot
log back on as newly created account

Now, this guy was doing it to crack the account passwords with rainbow tables, which is stupid as he could just copy the SAM and system files when he reboots anyway!! I want to be able to cover tracks by copying back the original password instead of resetting it permenantly.

any ideas?

Could just copy the SAM/system files after booting off of BT, then reset the admin password, log on with new password and copy back the original SAM and system files.

Any other ideas?

cheers,
xatar

metasploit includes payloads which add you as a user on the victim system

BackTrack Linux - Penetration Testing Distribution

Thread: reset XP password hash, and reload it!

Thread Tools

Search Thread

Display

reset XP password hash, and reload it!

Posting Permissions