Cracking Windows 2000 Passwords

How can the assertively most secured operating system in the world be cracked for passwords? How can you crack windows passwords? If you have read my second article also available in this issue - Security Issues and Solutions, I stated that no system in this world can be fully secured. There are always loop holes and conflicting situations in which by securing one part would reveal some other parts vulnerabilities. So you are guessing it right, in a step or two we'll be able to crack passwords.
 
Before further discussion let me clarify that Windows 2000 is available in two broad categories:

1. Windows Server
2. Windows Workstation (Win2K Professional)

Windows Professional passwords are easy to break as compared to Server because Servers mostly have Active Directory Enabled which means there are separate databases for stand-alone environment users and ADS users, and normally you will need to crack in to ADS users not normal users. I will be writing about this in the next articles.

The idea of this article is not to show off the number of ways I know to crack Win2K passwords, but rather rather just give you an idea How it could be done. Recover windows passwords that is. Being a network administrator for a long time, time has taught me many ways which work under specific situations. I would like to discuss one very effective way to perform such task which is effective in almost all situations, even if you have got most updated version of Windows 2000 Professional, a version which is completely (assertively) protected by the patches from Microsoft Windows Update site.

The following technique will help you disable and change passwords for Server (without ADS) and Professionals Local Users Password.

This solution is not recommended for EFS File Systems, so be careful, you won't be able to access your files unless you remember your original password with which you encrypted your files. Also, Windows 2000 Server with ADS installed arent eligible for this solution. You will need to have an empty floppy with nothing on it, please ensure that its error-free, otherwise it will cause you a lot of havoc should it you get stuck during the process. Download this utility which comes with a floppy image writing program from: http://home.eunet.no/~pnordahl/ntpasswd/bd040116.zip Obviously you need to have WinZip as well so you can unzip this file. You can download it from http://winzip.com if you dont have it. Unzip the file to any folder, now you will see three unzipped files. Insert a blank floppy in your floppy drive and double-click or Run install.bat. Now the file is extracted from the zip. Follow the onscreen instructions to create a bootable floppy Once the process completes, it is recommended that you collect the following information about the target hard drive: - Number of Partitions and logical drives it has The name of folder in which windows is installed The exact path to the systemconfig folder The name of the security databases: sam, security etc. After you have noted down all these things you should reboot computer and boot it using the newly created bootable floppy. Follow the onscreen instructions It is recommended that you blank your administrator password rather than change it as sometimes changing the password to some new one doesnt work properly. This was the simple procedure using which you can change your local administrator and other users passwords.

The above will work even if you have got syskey installed with highest possible encryption.

But what to do if your file system is encrypted? Well, a simple solution would be to somehow ger sam.dat hive from the config folder (get it from your backups or however possible) and then use the utility called L0phtcrack by @stake from their web site. The use of this utility is pretty simple, you can retrieve the LANMAN Hash, Syskey HASH and System MD5 Hash by using the previous procedure, i.e. using the bootable floppy thing. While working, this procedure will show you the hashes named above. You can note those hashes down and then use any password cracking utility like L0phtcrack or John the password ripper etc. to crack the password.

One of the most effective but relatively slow (not that slow, very-very fast as compared to other brute force techniques) is that you boot your computer using the target hard drive ensuring that you are connected to the LAN. You will need to have two Network computers to perform this. One will be the target computer and the other you can use to crack the password to any specific user.

Download the and install the utility named NAT nat10bin.zip from the internet (I cannot provide you specific links, use any good search engine like google.com to search for that filename) on the source computer. It would be very good if you could download a text with all possible combinations of alphanumeric characters. You can also find those types of files in the internet pretty easily. And use those files as your passwords dictionary, though only if you really dont have a clue of what the password could be. Otherwise you can create a password file of your own and write down all the possible passwords which you could have set and use the same utility to crack into that system.

NAT comes with a fair amount of documentation so I won't need to explain it any further.

Now, I'l give you a bonus tip - If you want to crack passwords to network shares on windows 95 or 98 clients, use this nifty utility: xIntruder (http://www.irctoolz.com) just provide the IP address and network share name to this GUI utility and it will crack the password for you within 20 seconds maximum. Do keep in mind the fact that you provide the computer name and the share name in the exact same case as original.

Hope this helps a lot of network administrators like me, who are craving to have such information to lessen their re-installation work every time they forget the password.

Politics Factzone: The truth about Kim Jong Il Kim Jong Il, the leader of the free world, has decided to move on to more fertile grounds, leaving with us just the memories of 8-color rainbows, singing Korean women and couple of nuclear weapons. But who was this man whose next ambition would have been to get the next Nobel Peace prize? Here are just a few facts you should know about. more Top 5 Conspiracy Theories Related to John F. Kennedy's Assassination 26.Aug 2011 Since just after the assassination of John F. Kennedy, conspiracy theories abou...read ISRAEL KEEPING GHADDAFI AFLOAT 10.Mar 2011 ...read Glen Beck Is NOT the Anti-Christ! 10.Mar 2011 Hurtful and fiery rhetoric is now media’s default setting! This slippery and m...read Recipe for A REVOLUTION! (10 easy steps - try not to get burned!) 28.Feb 2011 Rebellion is cooking in the air. People are mad as hell, and not going to take...read THE ASSANGE CASE. CIA INTERFERED WITH SWEDISH LEGAL PROCESSES EXTREME RIGHT POLITICS A DANGER TO EUROPEAN UNITY THE AUSTRALIAN LABOR PARTY. OUT OF TOUCH, OUT OF FOCUS, OUT OF CREDIBILITY AND HOPEFULLY, OUT OF THE DOOR Opinion World governments charged with criminal negligence (in response to Megaupload case) EARTH (thecheers.org) - Federal authorities of the universe have charged the governments of all the countries in the world as well as the operators actually in power in these countries with operating a criminal enterprise, the Galaxy warriors announced Today. more The Great OSCARS 2011 – or so it would seem 5.Mar 2011 So, how exciting......a morning off, the Academy Awards. I wish I could say the...read Top 7 Expensive Bordellos. Prostitution: Shakedown, Tier Down, and Priced Out 31.Jan 2011 According to a report of the Washington DC-based US Department of State, The Ph...read The Great Secret and Reason for the JFK Assassination 11.Oct 2010 The great question is why the great secret? On June 4 1963, President Kennedy s...read Don't Do it! The 3 Worst Times to Get Tattoos 4.Oct 2010 As a general rule, tattoos gotten after 2 am are a bad idea. But in a bigger pi...read

Travel Travel Warning 13 September 2010 - DO NOT TRAVEL TO IRAN 13.Sep 2010 TRAVELWISE has been watching the situation in Iran for some months in relation ...read more TRAVELWISE TRAVEL ADVISORY 5th June 2010. DO NOT TRAVEL TO ISRAEL. 5.Jun 2010 Given the recent incident whereby the Israeli intelligence agency, Mossad, used...read TRAVELWISE. 16 APRIL 2010. EUROPEAN TRAVEL ALTERNATIVES 16.Apr 2010 Travelwise issues the following advice in relation to cancelled flights to, fro...read TRAVELWISE 6 APRIL 2010. AUSTRALIAN AIR TRAVEL. THE BEST WAYS TO TRAVEL BY AIR IN AUSTRALIA. 5.Apr 2010 Regular readers might have seen and read the various advisory and no-fly notice...read TRAVELWISE 2 APRIL 2010. QANTAS. 2.Apr 2010 Some concerns have been raised in relation to some of the maintenance practices...read Sport No Payoff From the Playoffs $16.50 will Get Anyone in the Hall Mr McGwire Stupid Athlete Tricks Technology Think Big! Think the World's Largest International Trade Show Top 9 cool laptop accessories for laptop geeks Twittering: I'm not that interesting Cheers Jesus' Answering Machine Brown Couch or twelve midgets in the town square How To Be Happy Drugged Out Saturday Nights Muslim Decapitation: Bad, or Simply Misunderstood?