Thank you for reading thecheers.org's Tech articles.

Cracking Windows 2000 Passwords

 article about Crack windows passwords
How can the assertively most secured operating system in the world be cracked for passwords? How can you crack windows passwords?
If you have read my second article also available in this issue -
Security Issues and Solutions, I stated that no system in this world
can be fully secured. There are always loop holes and conflicting
situations in which by securing one part would reveal some other parts
vulnerabilities. So you are guessing it right, in a step or two we'll
be able to crack passwords.
 
Before further discussion let me clarify that Windows 2000 is available in two broad categories:

1. Windows Server
2. Windows Workstation (Win2K Professional)


Windows Professional passwords are easy to break as compared to Server
because Servers mostly have Active Directory Enabled which means there
are separate databases for stand-alone environment users and ADS users,
and normally you will need to crack in to ADS users not normal users. I
will be writing about this in the next articles.

The idea of
this article is not to show off the number of ways I know to crack
Win2K passwords, but rather rather just give you an idea How it could
be done. Recover windows passwords that is. Being a network
administrator for a long time, time has taught me many ways which work
under specific situations. I would like to discuss one very effective
way to perform such task which is effective in almost all situations,
even if you have got most updated version of Windows 2000 Professional,
a version which is completely (assertively) protected by the patches
from Microsoft Windows Update site.

The following technique
will help you disable and change passwords for Server (without ADS) and
Professionals Local Users Password.

This solution is not
recommended for EFS File Systems, so be careful, you won't be able to
access your files unless you remember your original password with which
you encrypted your files. Also, Windows 2000 Server with ADS installed
arent eligible for this solution. You will need to have an empty floppy
with nothing on it, please ensure that its error-free, otherwise it
will cause you a lot of havoc should it you get stuck during the
process. Download this utility which comes with a floppy image writing
program from: http://home.eunet.no/~pnordahl/ntpasswd/bd040116.zip
Obviously you need to have WinZip as well so you can unzip this file.
You can download it from http://winzip.com if you dont have it. Unzip
the file to any folder, now you will see three unzipped files. Insert a
blank floppy in your floppy drive and double-click or Run install.bat.
Now the file is extracted from the zip. Follow the onscreen
instructions to create a bootable floppy Once the process completes, it
is recommended that you collect the following information about the
target hard drive: - Number of Partitions and logical drives it has The
name of folder in which windows is installed The exact path to the
systemconfig folder The name of the security databases: sam, security
etc. After you have noted down all these things you should reboot
computer and boot it using the newly created bootable floppy. Follow
the onscreen instructions It is recommended that you blank your
administrator password rather than change it as sometimes changing the
password to some new one doesnt work properly. This was the simple
procedure using which you can change your local administrator and other
users passwords.

The above will work even if you have got syskey installed with highest possible encryption.


But what to do if your file system is encrypted? Well, a simple
solution would be to somehow ger sam.dat hive from the config folder
(get it from your backups or however possible) and then use the utility
called L0phtcrack by @stake from their web site. The use of this
utility is pretty simple, you can retrieve the LANMAN Hash, Syskey HASH
and System MD5 Hash by using the previous procedure, i.e. using the
bootable floppy thing. While working, this procedure will show you the
hashes named above. You can note those hashes down and then use any
password cracking utility like L0phtcrack or John the password ripper
etc. to crack the password.

One of the most effective but
relatively slow (not that slow, very-very fast as compared to other
brute force techniques) is that you boot your computer using the target
hard drive ensuring that you are connected to the LAN. You will need to
have two Network computers to perform this. One will be the target
computer and the other you can use to crack the password to any
specific user.

Download the and install the utility named NAT
nat10bin.zip from the internet (I cannot provide you specific links,
use any good search engine like google.com to search for that filename)
on the source computer. It would be very good if you could download a
text with all possible combinations of alphanumeric characters. You can
also find those types of files in the internet pretty easily. And use
those files as your passwords dictionary, though only if you really
dont have a clue of what the password could be. Otherwise you can
create a password file of your own and write down all the possible
passwords which you could have set and use the same utility to crack
into that system.

NAT comes with a fair amount of documentation so I won't need to explain it any further.

Now,
I'l give you a bonus tip - If you want to crack passwords to network
shares on windows 95 or 98 clients, use this nifty utility: xIntruder
(http://www.irctoolz.com) just provide the IP address and network share
name to this GUI utility and it will crack the password for you within
20 seconds maximum. Do keep in mind the fact that you provide the
computer name and the share name in the exact same case as original.

Hope
this helps a lot of network administrators like me, who are craving to
have such information to lessen their re-installation work every time
they forget the password.





have your say


more in Tech
Three Myths Along the High Tech Trail ----A Philosophy of Precaution

As a philosopher I often stand aghast at the speed mania culture we live in. My son's Motor Trend touts the Mazda Speed-3 with this eye-catcher: "How to go 150 MPH for under $25k." The Bugatti Veyron will take you from 0 to 100 in 5.7 seconds!

IT - Call centers (BPO) and cultural changes

When the IT boom happened in India it was thanks to the congress government efforts of globalization. MNC's noticing India's English competency came in with full swing mainly from Europe and America.

Apple revenue boost, that's normal!
Crack windows passwords

Best year it is for Apple, but that's normal. Doesn't anyone agree? I didn't used to be much of a Mac fan myself. The first time I used it was in France and it really took 2 weeks from me to get used to Mac...and I still didn't feel it's comparable to Windows.

Giant Google and its new toys - Google Desktop 2

Some time (years) ago Google was big. Just big, nothing else. Then it became the biggest and most used search engine in the world. I won't even talk about the profits. Google used to be a giant, however, it's growing bigger and bigger with every day. Just recently they have come out with a new product called Google Desktop 2.

Get identified under your skin!
Crack windows passwords

There are movies that entertain you, frighten you, and enlighten you. Then there are movies that trigger your brain of a possible invention that might take shape. This happens every time you watch a Science-fiction movie you wonder, THIS is something that can be explored! There have been movies in the past that have shown the possibilities of planting a gadget inside a human to track his/her daily activities. If that idea has already triggered you of a possible invention, and you are on the edge of dismissing that as a distant dream, think again! You could be just on your way to getting yourself identified by surgically implanting yourself with a rice-grain sized chip under your skin thanks to a VeriChip.

thecheers.org

Welcome to TheCheers! We've been around for a long time now, since 2004, publishing articles by people from all over the world. Roughly 300 people from 30 different countries have written for us over the years. Should you want to become a volunteer contributor, be sure to contact us!

Educational resources
Entertainment Blogs
get in touch

You can contact us via The Cheers Facebook page or The Cheers NEW Twitter account.