Cracking Windows 2000 And XP Passwords With Only Physical Access

This article will cover how to crack Windows 2000/XP passwords with only physical access to the target box. I won't be covering into the internal structure of LM and NTLM hashes or what makes them so insecure, there are many other articles on the Internet that cover the basics of NT security so I would recommend that you Google for them. I will assume that the reader already knows the basics. There are a lot of articles floating around that tell interested parties how to use programs like PWdump to get NT password hashes. Using PWDump is what most folks recommend when Syskey is enabled on a system since the hashes in the SAM file are encrypted. The problem is PWdump only works if you can run it from an administrator level account, and if the reason an attacker is cracking the hashes in the first place is to get an administrator account then PWdump is of little use.

          Another question I get is why crack the password at all since one can get access to the machine by just deleting the SAM file and using a blank password (Windows 2000 only) or by using a Linux password reset boot disk (get one from http://home.eunet.no/~pnordahl/ntpasswd/bootdisk.html that works on both 2k and XP) and resetting it to whatever we like. The reason an attacker may want to crack the local password instead of changing it is two fold:

          1. An attacker doesn't want to tip off the system administrators. If they notice that the old admin password no longer works they will get a bit suspicious don't you think?
          2. The same account passwords may be used on other systems on the network. If the attacker can crack one machines admin password that same password may allow the attacker to gain access to other boxes on that LAN that they only have remote access to.

          This article assumes that the attacker has only physical access to the machine whose SAM they want to crack and that they also have access to a bootable disk that can read the file system on the target machine. An attacker may have to get into the BIOs to set it to boot from the floppy or CD-ROM so setting up a BIOs password will help but if they can get into the case it's easy to reset. Any old Windows 9x boot disk should work for Fat32 drives, on NTFS drives I've used the Knoppix ( http://www.knoppix.org/ ) and PE Builder ( http://www.nu2.nu/pebuilder/ ) boot CDs with good success.

Comments

  1. Becky SpencerApril 30, 2020 at 11:37 PM

    Windows 2000 is the stage that supplanted Windows NT. It is the Large scope networknig stage that is still being used today. There are 2 renditions of the OS: Windows 2000 Server and Windows 2000. The non-server rendition, SEO Company Dubai should be the workstation OS however XP works similarly well or better. This will soon all be made out of date by Windows Vista.

    ReplyDelete
  2. Kevin SaptelMay 1, 2020 at 9:12 AM

    Broken Windows adaptations, budget web UAE would not require a substantial key; the motivation behind a break is to avoid the approval partition. Windows OS's with a CD Key that is created by a key generator are very little more defenseless than Windows OS's that accompanied a Microsoft-gave key. The key security issue in this circumstance would be simply the CD. Somebody dispersing pilfered adaptations of Windows XP could have altered the CD substance to incorporate malevolent programming or substance.

    ReplyDelete
  3. Hassan FarrukhMay 1, 2020 at 10:34 AM

    cracked Windows variants, Indian Clothes would not require a legitimate key; the motivation behind... pilfered renditions of Windows XP could have altered the CD .

    ReplyDelete

Post a Comment

Popular posts from this blog

How to Invert Colors on Microsoft Office Picture Manager

Microsoft Office Picture Manager manages and edits digital pictures. This program includes "Hue and saturation" settings that allow you to adjust the color on a scale. Click and drag the slider on the "Amount" or "Hue" scale for a custom look. Saving this edited file as a separate copy from the original keeps the original file intact for reference. Step 1 Open the saved picture file in "Microsoft Office Picture Manager." Step 2 Click on "Edit Pictures" on the Formatting toolbar. Step 3 Click on "Color" in the "Edit Pictures" pane to the right of the picture. This pane includes "Hue and saturation settings." Step 4 Click on the "Hue and saturation settings," such as "Amount" or "Hue." Click on the slider to achieve the desired effect. You can also enter a value in the settings text box. Step 5 Save this file as a copy with a file name different from the original
Read more

Performance evaluation for proactive network management

  Local area networks (LAN and Wi-Fi) are decisive factors in the ups and downs of IT performance, alongside the computer center. But running the LAN infrastructure requires considerable staff and financial resources. T-Systems takes over this task on request and guarantees success with its SLA (service level agreement). This arrangement gives companies security and facilitates a high-performing company network IT employees can breathe a sigh of relief. With managed LAN services, T-Systems takes over all tasks around the active components of the company network. T-Systems configures ports and Wi-Fi access points. As well as this, the managed service contractor provides the necessary hard- and software, including IT services. Services like proactive monitoring and technical reporting are of course also included in the agreed all-round and care-free SLA service. Cloud services are also growing in significance. T-Systems has recognized this and offers a network solution controlled complet
Read more