Announcement

Collapse
No announcement yet.

How To Hack Computer Administrator Password

Collapse
X
 
  • Filter
  • Time
  • Show
Clear All
new posts

  • ada31
    replied
    A lack of security with windows.
    It seems so easy

    Leave a comment:


  • Lobotomy
    replied
    If you have physical access to a computer you can use a live cd called ophcrack which get's you the account passwords without changing them. It does this by using rainbow tables to crack the hashed passwords.
    It wont work with very complex passwords, but with most ones it will.

    Other than that, there's a program which can be used to gain the hashed password without physical access to the machine, which can be used remotely, through injecting a dll into the lsass.exe process. I know for a fact it works for xp, but don't know regarding other OSs.

    Leave a comment:


  • blsl
    replied
    Better off using something like Kon-Boot to get in via non-destructive methods (i.e., permanently changing a password). When I have computers on my bench that the owner has forgotten their password, I use Kon-Boot to log in as an Administrator account, create a new admin user named Temp, reboot without Kon-Boot, use the Temp account to reset the password of the admin account, log out and log in as the intended user and delete Temp. No worrying about SAM tables getting corrupted and the whole thing becoming unusable, and this method works on PCs in a corporate domain provided that you have unplugged the network connection. It does not work on Windows Server when the server is running as a DC.

    Also, in many environments Administrator is disabled by default.

    Leave a comment:


  • Hyoksang
    replied
    Just inherited 2 computers from a dead lady & will try this b4 i reformat and start from ground zero. Just interested in the actual specs of the machines b4 installing the os, so this trick could be useful.

    Leave a comment:


  • FAZ007
    replied
    Its a decent trick but will work only on Home PC's

    Leave a comment:


  • diamondhunt80
    replied
    It requires physical access to the machine, but still will definitely give it a try.....

    Leave a comment:


  • crawl3r
    replied
    A very old trick but works still

    Leave a comment:


  • boot
    replied
    thanks will check this out!

    Leave a comment:


  • uri92
    replied
    Thanks mate, works perfectly!!!

    Leave a comment:


  • coldfeet
    replied
    This is very out of date and I have added a simple password reset article to the bottom for Windows 7. Enjoy.

    Leave a comment:


  • P2P_seeder
    replied
    Re: How To Hack Computer Administrator Password

    Originally posted by AnteL0pe View Post
    I guess it may be slightly interesting, but if you have physical access to the machine it isn't tough to get any access you want.
    This^

    Just to reiterate, this tut infers that you have physical access to a terminal. Physical access to my linux box would mean like, I came home from work, opened my front door, and found some stranger on my PC with a live cd trying to root my box, lol. In that case I'd probably castle law his ass and that'd be the end of it.

    Leave a comment:


  • DEminem
    replied
    Re: How To Hack Computer Administrator Password

    its very old trick mate.

    Leave a comment:


  • hybridx3
    replied
    Re: How To Hack Computer Administrator Password

    I thought this was "how to hack computer administrator password", not "how to use windows"

    Could be good for some though! you did explain it well so i will give you props!

    Leave a comment:


  • AnteL0pe
    replied
    Re: How To Hack Computer Administrator Password

    I guess it may be slightly interesting, but if you have physical access to the machine it isn't tough to get any access you want.

    Leave a comment:


  • Phlegm
    replied
    Re: How To Hack Computer Administrator Password

    Let me take a shot at explaining the Windows security model so you have a better idea of what's going on. First of all, by default there is a user account which is usually named "Administrator" (the name can be changed). The thing most people don't realize is that Windows also has a security group named, "Administrators". Note the 's' on the end of the group name. Now we get to the fun part:
    • Any user account that belongs to the Administrators group has full power to do anything on that computer - set up a new user, change somebody else's password, add new software, download and install a virus, you name it, they can do it.

    • Many user accounts can belong to the Administrators group.

    • The user account named "Administrator" is normally a member of the "Administrators" group (but it doesn't have to be that way). In fact, for security purposes, some sites rename the Administrator user account to something else (maybe, for example, "Kahuna"). The Kahuna account would be added to the Administrators group, so it would have all the powers of an Administrator on that machine. But, it would be hard for a hacker to guess the user name and password of the Administrator account if it had been renamed to something else. Then, these sneaky sites will set up a new user account named, "Administrator", but that account will not be a member of the Administrators group. So even if someone managed to figure out the password for the "Administrator" account, they wouldn't have any more privileges on the system than a normal user.

    • The second thing I think you're missing is that most of you are home users, and when you first install Windows, it lowers its security model to make it easier for people to have full control over their PC. When you add a new user at home, by default that user is added to the Administrators group. This was an intentional "feature" Microsoft included so home users could install new programs, add new devices like printers, scanners, etc. This is not the way things are done in a corporate environment - normal users are members of the Users group and would never be members of the Administrators group.

    From Windows 2000 on, only accounts that are members of the Administrators group can change another account's password.

    If Bob and Mary install XP on their PC at home, BY DEFAULT their user accounts will be members of the Administrators group, so they can change any password they want to, including the password of the "Administrator" account.

    The recommended practice for home users is to remove the Administrator privileges from a normal user's account. That way, if they go to the wrong place on the internet, and some nasty web site tries to automatically download malware, whoever is logged in won't have install privileges on their system. But, this is a subject for another discussion.

    The point is: yes, Bob & Mary might be able to reset the password on the "Administrator" account by using the methods other people previously posted in this thread. But that can only happen if Bob or Mary is a member of the Administrators group. As we've seen, this is the norm at home. But that trick ain't gonna play at work.

    There ARE tools that will let a non-Administrator change another account's password. These tools all work by re-booting the target PC with a different OS - could be 'nix, DOS, or BartPE. Then, while running on the new OS, the tools allow you to change settings on the target machine. You have to be running the second operating system because Windows locks down critical system files while it's running, so you don't normally have any way to access someone else's account. But if you're running a different operating system, it locks down its own critical files but doesn't bother trying to protect anything on the target system.
    Last edited by Phlegm; June 26, 2011, 11:04 PM.

    Leave a comment:

Working...
X