Previous posts
Recovering a Lost PasswordEstablishing and Enforcing Password Policies
Generate strong passwords automatically
Windows Creating Strong Passwords
Windows Using Passwords Effectively
saved passwords and form data in Internet Explorer
Advanced Security Options
Create a Backup
Use Your Screen Saver as a Security Device
Review All Network Shares
Friends
mercredi 30 janvier 2008
Using Other Methods for Recovering Lost Passwords
If you don't have a Password Reset Disk and you don't know the password for an administrator account, you can resort to various hacker tricks to try to get back into your computer.
The first one offers an easy method for logging on if your computer's system drive is formatted as FAT or FAT32. It relies on the fact that, after the logon screen has been displayed for a while with no keyboard or mouse activity, Windows starts a screen saver named Logon.scr, running that program in the context of the System account. By substituting a different program for Logon.scr, you can use that program without logging on. Here are the steps to perform this exploit:
Boot from a Windows or MS-DOS boot floppy disk.
Enter the following commands to change to the %SystemRoot%\System32 folder, rename Logon.scr, and then make a copy of Cmd.exe (the command processor that normally appears as a Command Prompt window) named Logon.scr:
cd \windows\system32ren logon.scr logon.savcopy cmd.exe logon.scr
Remove the floppy disk and restart your computer.
Wait until the "screen saver" kicks in; you'll see a Command Prompt window instead.
In the Command Prompt window, type net user administrator password (where password is the password you want to assign to the Administrator account).
Log on as Administrator using your new password.
TIP
--------------------------------------------------------------------------------
Use NTFS-formatted volumes
The little trick described here provides just one example of the relative insecurity of FAT32 vs. NTFS volumes. NTFS is the basis of much of the security and reliability of Windows 2000 and Windows XP. If you're interested in security, all your hard disk partitions should be formatted with NTFS.
If your computer's boot volume is formatted as NTFS, using this trick is considerably more difficult. You'll need to purchase a program such as NTFSDOS Professional (http://www.winternals.com/products/repairandrecovery/ntfsdospro.asp), which lets you read and modify files on NTFS volumes while booted into MS-DOS. Even with this utility, an intruder will be unable to access the contents of encrypted files stored on an NTFS volume.
If you're still in need of a password-recovery solution, the next step is to try a password-cracking program. These programs use a variety of methods to try to crack the Security Accounts Manager (SAM), the database in which password information is stored. The programs are most effective if you log on using a different user account (preferably one with administrator privileges), in which case they'll try everything: dictionary attacks; extracting password hashes from the SAM or, better yet, from memory; and brute-force attacks, where every possible combination of characters is tried. But some can work after booting from a floppy disk, after booting into another operating system (if your computer has multiple operating systems installed), or from another computer on the network.
If you need to recover a lost password (or you want to see firsthand how vulnerable your computer is to attack), put on your black hat and try one or more of the following tools, which give an excellent perspective of how hacking tools work.
Winternals Locksmith (http://www.winternals.com/products/repairandrecovery/locksmith.asp)
ElcomSoft Advanced NT Security Explorer (http://www.elcomsoft.com/antexp.html)
LC3, the latest version of L0phtcrack (http://www.atstake.com/research/lc3/)
Offline NT Password & Registry Editor, by Petter Nordahl-Hagen (http://home.eunet.no/~pnordahl/ntpasswd/)
Windows XP / 2000 / NT Key (http://www.lostpassword.com/windows-xp-2000-nt.htm)
John the Ripper (http://www.openwall.com/john/)
Some password-cracking utilities are used by and were even created by some rather unsavory characters, and they certainly won't be branded with Microsoft's "Designed for Windows XP" logo!
We recommend that you try one or more of these programs, even if you haven't forgotten your password. The experience is a real eye-opener, and it might convince you that strong (very strong!) passwords are essential. (An important secondary lesson here is that physical security of your computer is paramount.) Figure 3-11 shows Advanced Security NT Explorer in action.
Figure 3-11. Programs like this one can use brute-force methods to try millions of combinations in short order.
You'll probably be shocked and amazed at how quickly these programs are able to successfully recover passwords. If you can get physical access to a computer and somehow log on, you can crack almost any password in less than a day. Most passwords take only a few hours, and weaker ones are revealed in minutes. The publisher of L0phtcrack reports that in one large company, where strong-password policies were in place, L0phtcrack recovered 18 percent of the passwords in only 10 minutes and had 90 percent of the passwords in 48 hours—running on a lowly 300 MHz Pentium II.
For more information about tools and techniques for recovering passwords, you'll find some excellent information at http://www.password-crackers.com/.
If you don't have a Password Reset Disk and you don't know the password for an administrator account, you can resort to various hacker tricks to try to get back into your computer.
The first one offers an easy method for logging on if your computer's system drive is formatted as FAT or FAT32. It relies on the fact that, after the logon screen has been displayed for a while with no keyboard or mouse activity, Windows starts a screen saver named Logon.scr, running that program in the context of the System account. By substituting a different program for Logon.scr, you can use that program without logging on. Here are the steps to perform this exploit:
Boot from a Windows or MS-DOS boot floppy disk.
Enter the following commands to change to the %SystemRoot%\System32 folder, rename Logon.scr, and then make a copy of Cmd.exe (the command processor that normally appears as a Command Prompt window) named Logon.scr:
cd \windows\system32ren logon.scr logon.savcopy cmd.exe logon.scr
Remove the floppy disk and restart your computer.
Wait until the "screen saver" kicks in; you'll see a Command Prompt window instead.
In the Command Prompt window, type net user administrator password (where password is the password you want to assign to the Administrator account).
Log on as Administrator using your new password.
TIP
--------------------------------------------------------------------------------
Use NTFS-formatted volumes
The little trick described here provides just one example of the relative insecurity of FAT32 vs. NTFS volumes. NTFS is the basis of much of the security and reliability of Windows 2000 and Windows XP. If you're interested in security, all your hard disk partitions should be formatted with NTFS.
If your computer's boot volume is formatted as NTFS, using this trick is considerably more difficult. You'll need to purchase a program such as NTFSDOS Professional (http://www.winternals.com/products/repairandrecovery/ntfsdospro.asp), which lets you read and modify files on NTFS volumes while booted into MS-DOS. Even with this utility, an intruder will be unable to access the contents of encrypted files stored on an NTFS volume.
If you're still in need of a password-recovery solution, the next step is to try a password-cracking program. These programs use a variety of methods to try to crack the Security Accounts Manager (SAM), the database in which password information is stored. The programs are most effective if you log on using a different user account (preferably one with administrator privileges), in which case they'll try everything: dictionary attacks; extracting password hashes from the SAM or, better yet, from memory; and brute-force attacks, where every possible combination of characters is tried. But some can work after booting from a floppy disk, after booting into another operating system (if your computer has multiple operating systems installed), or from another computer on the network.
If you need to recover a lost password (or you want to see firsthand how vulnerable your computer is to attack), put on your black hat and try one or more of the following tools, which give an excellent perspective of how hacking tools work.
Winternals Locksmith (http://www.winternals.com/products/repairandrecovery/locksmith.asp)
ElcomSoft Advanced NT Security Explorer (http://www.elcomsoft.com/antexp.html)
LC3, the latest version of L0phtcrack (http://www.atstake.com/research/lc3/)
Offline NT Password & Registry Editor, by Petter Nordahl-Hagen (http://home.eunet.no/~pnordahl/ntpasswd/)
Windows XP / 2000 / NT Key (http://www.lostpassword.com/windows-xp-2000-nt.htm)
John the Ripper (http://www.openwall.com/john/)
Some password-cracking utilities are used by and were even created by some rather unsavory characters, and they certainly won't be branded with Microsoft's "Designed for Windows XP" logo!
We recommend that you try one or more of these programs, even if you haven't forgotten your password. The experience is a real eye-opener, and it might convince you that strong (very strong!) passwords are essential. (An important secondary lesson here is that physical security of your computer is paramount.) Figure 3-11 shows Advanced Security NT Explorer in action.
Figure 3-11. Programs like this one can use brute-force methods to try millions of combinations in short order.
You'll probably be shocked and amazed at how quickly these programs are able to successfully recover passwords. If you can get physical access to a computer and somehow log on, you can crack almost any password in less than a day. Most passwords take only a few hours, and weaker ones are revealed in minutes. The publisher of L0phtcrack reports that in one large company, where strong-password policies were in place, L0phtcrack recovered 18 percent of the passwords in only 10 minutes and had 90 percent of the passwords in 48 hours—running on a lowly 300 MHz Pentium II.
For more information about tools and techniques for recovering passwords, you'll find some excellent information at http://www.password-crackers.com/.
Libellés : Lost, Methods, Passwords, Recovering
0 Comments:
Funny Blogs
Blogger Roll
Free Software
