Page 1 of 7 123 ... LastLast
Results 1 to 10 of 68

Thread: Windows Xp Admin Password Recovery

  1. #1
    Senior Member
    Join Date
    Mar 2008
    Posts
    153

    Default Windows Xp Admin Password Recovery

    Hello,
    Well , i have one colleague in my company.I caught him last day using my account on my computer which is having windows xp.Now ,i want to know ,how'd he access my account without RESETTING the password,i mean when he reboot the computer.It was working on my password again.Because i noticed him last time too,he use only his USB to access anyone's account.My XP dont have guest account.Administrator account is PASSWORD PROTECTED and my account too.So how could he ?.I mean i've learnt from BT but still you need internet connection and upload the hashes but here he use only his USB. Any Idea.

  2. #2
    Senior Member
    Join Date
    Apr 2008
    Posts
    2,008

    Default

    This is not a question directly related to Backtrack in any way. However the main reason that he was able to access your password was because you have not disabled booting from CD/USB on your computer. Answers to your other questions can easily be found using google or the search function on this forum.
    -Monkeys are like nature's humans.

  3. #3
    Member
    Join Date
    Aug 2007
    Posts
    468

    Default

    The "Offline NT Password & Registry Editor, Bootdisk / CD", has an option to backup the SAM files before changing then.

    So s/he could of backup the old, changed the password, copied your p0rn and krieg and then restored the old setting ;)

  4. #4
    Senior Member
    Join Date
    Mar 2008
    Posts
    153

    Default

    Nop,even if he is trying to restore it takes time.Because last time when i caught him he simply restarted my pc,thats it.I tried google but whateva i am getting is about hashes and upload to internet or it should connected with the internet?

  5. #5
    Senior Member
    Join Date
    Apr 2008
    Posts
    2,008

    Default

    And why couldn't he just have retrieved the password hashes and cracked them later using the tool of his choice. Also it seems like you need to read up on the purpose of rainbow tables, if you have implemented a weak password it can easily be cracked in minutes using a wordlist attack, or a downloaded rainbow table.
    -Monkeys are like nature's humans.

  6. #6
    Member
    Join Date
    Aug 2007
    Posts
    468

    Default

    Have a search on the forum and Google for: SwitchBlade & Winlockpwn.

    http://forums.remote-exploit.org/sho...ht=switchblade

    http://forums.remote-exploit.org/showthread.php?t=13922


    Quote Originally Posted by ibrahim52 View Post
    Nop,even if he is trying to restore it takes time.Because last time when i caught him he simply restarted my pc,thats it.I tried google but whateva i am getting is about hashes and upload to internet or it should connected with the internet?

  7. #7
    Developer
    Join Date
    Mar 2007
    Posts
    6,126

    Default

    Sounds like he has your password. With the right tool it takes all of a few mins to grab a hash file from a machine and take it home to crack. Maybe hes been working on it for months.

  8. #8
    Senior Member Thorn's Avatar
    Join Date
    Jan 2010
    Location
    The Green Dome
    Posts
    1,509

    Default

    There's a whole host of ways to get your password, and it sure sounds like he has it.

    A few examples:
    • He used a modified USB as BOFH139 suggested. Did he ever tell you something like "that file you need is on my USB key. Let me get it for you..." Switchblade is a favored tool for this type of password grab. One variation on this is the "my iPod/MP3 player has that song you like, let me copy it over for you." (Yes, I have an iPod variant of the switchblade idea. 2600 Magazine published another about 2 years ago. NO ONE ever suspects an MP3 player as a malicious device.) Another variation was done by a security company doing a pen test on what I recall was a bank. They SE'd their way in to the receptionist as a salesman, who left USB keys as promotional giveaways from a fictional company. The USB key had a powerpoint on the fictional company. The Switchblade-like program on the USB key ran on insertion, and EMAILED the passwords to the security company via a drop dead email account. Aside from the "salesman" walking in the door for five minutes, they never had to leave the desks to own half the bank.
    • Copying the hashes out -while you were out of the room and logged on to the machine- and breaking them at his leisure is also very likely.
    • The System Rescue CD allows you to break the password without resetting them (although it may take a while). He could have run this one time when you weren't there, say some evening when he as "working late."
    • He may have an executable password breaker which he ran once on your machine when you were out of the room and left the PC logged in. (Back in NT4 days, I used L0pht Crack on a colleague's machine who insisted I'd never get his password. He went out of the office on a bathroom break, didn't lock the PC, and L0phtCrack broke the password in 3 minutes.)


    And don't forget the low tech approaches:

    • He may have looked under your keyboard or other place where it's written on a yellow sticky note.
    • He shoulder surfed you, and merely watched you type it in.
    • He guessed it. It's remarkably easy sometimes, if you know a little about the person as coworkers tend to do. Trying the name of the pet cat the coworker always yammering about, or guessing "f0rd" (Ford) or "must4ng" (Mustang) because his cubical is plastered with pictures of his dream car, is amazingly easy sometimes.


    The bottom line is this: If you can physically get to a machine, you can own the machine. It's as simple as that.
    Thorn
    Stop the TSA now! Boycott the airlines.

  9. #9
    Junior Member BlackRS's Avatar
    Join Date
    May 2008
    Posts
    45

    Default

    He may also have used a copy of 0phcrack. A blind monkey could figure out how to recover a win password with that tool.
    Information is like water...

  10. #10
    Senior Member
    Join Date
    Apr 2008
    Posts
    2,008

    Default

    Another variation was done by a security company doing a pen test on what I recall was a bank. They SE'd their way in to the receptionist as a salesman, who left USB keys as promotional giveaways from a fictional company. The USB key had a powerpoint on the fictional company. The Switchblade-like program on the USB key ran on insertion, and EMAILED the passwords to the security company via a drop dead email account. Aside from the "salesman" walking in the door for five minutes, they never had to leave the desks to own half the bank.
    Sounds like a more elaborated version of the USB-stick found in parking lot approach. Basically you would label a USB-stick with something interesting and drop it outside the target company in the morning. Sooner or later an employee would notice it and as his first task of the day plug it into his computer at work, eager to check what kind of pictures and personal data could be found on the memory stick. From here on the USB stick would work its magic and mail all data it was programmed to retrieve to the attacker.

    But as Thorn states, if you have physical access to the computer it is pretty much game over. Not even a BIOS password will do much more than slow you down a few minutes as it can easily be reset using either a program or a simple screw driver.
    -Monkeys are like nature's humans.

Page 1 of 7 123 ... LastLast

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •