Password problem

[Clavin12]

Anybody know how to get onto a win2k computer to which I've forgotten the password? Guest and administrator don't work.

[AHadley]

I managed something similar once by popping out the battery on the motherboard for five minutes, then putting it back in, but I'm not sure if it was to clear out a password.

If all else fails, reinstall your OS or upgrade to a new one (Windows 2000 is less than ideal)

[ScarleTomato]

that clears the bios password, which is usually not set. to clear an NT password you need to be able to boot from a CD and use a clear password CD. I've got one that's pretty strait forward to use but i don't remember where i downloaded it from, it was a couple years ago. I'd just search for NT/XP/2000 password reset CD or something of the sort.

[Arbystrider]

So that's why my mother told me never to use a password for the computer.

Backdoors?

[Blunt Force Trauma]

Hi everyone.  Saw this post and thought I might be able to help.

Here's a dos type app that you make into a bootable floppy or CD.

I've used it several times, and have success with it 90% of the time.

http://home.eunet.no/pnordahl/ntpasswd/

Good Luck!

[Clavin12]

thnx everybody

[squirrelof09]

General Manson?

[AHadley]

So that's why my mother told me never to use a password for the computer.

No, she told you never to put a password on so she would be able to see what you were getting up to. Most likely not knowing she could do it from her user, being less tech-literate than yourself.

[Clavin12]

I was gonna say that but i thought it might offend him.

[Avatar]

Be forewarned, once you CAN get account passwords out of Windows you WILL get account passwords out of windows...  either for good or bad end.  I highly recommend using such powers for good...

Anyway...

There are any number of password cracking bootable CD's available online, I'm looking an an ophcrack one here right now on my desk.  Download the ISO, burn it to CD, then boot the offending machine from that CD.  They usually do their thing and spit out the password without you doing much of anything.

Look for 'ophcrack live cd' online and you'll find it.

You can just reset the password with several utilities, also.  Doing this can cause some files to become inaccessible, so it's not good to do it lightly.  I use the 'Windows Ultimate Boot CD' as it has several Windows Password changers included that work well.

For both of these you'll need access to another computer with a CD burner and fast internet connection.  For the Windows Ultimate Boot CD you'll need a Windows install CD also, the higher the Service Pack the better.  This is my absolute favorite tool, btw...  when dealing with people that can't handle command line utilities the WUBCD is a must...

You say that Guest and Administrator don't work, so I assume you're getting the 'account blocked by local policy' message.  Many Win2K systems I've seen have blank passwords, so if you're just being told the password for Administrator is wrong try not putting in any password for it...  amazing how many times that works.   

I've 'extracted' passwords from over a hundred systems using Win2K and XP, but be advised that Vista finally has decent encryption of the password hashes.  Without using an online lookup or your own Rainbow Tables there's little chance of cracking a Vista machine in your lifetime.  Yet.   

[Sonic]

I've 'extracted' passwords from over a hundred systems using Win2K and XP, but be advised that Vista finally has decent encryption of the password hashes.  Without using an online lookup or your own Rainbow Tables there's little chance of cracking a Vista machine in your lifetime.  Yet.   

This isn't encryption, its policy that was changed. Windows stores passwords in hashes which functionally are one way. An analogy is you put an orange in a blender and you get orange juice, but you cannot make the orange juice an orange again. However, you can put in another orange and get the same results, thus how Windows knows you typed in the right password.

Windows NT4, 2000 XP use the lmhash algorithm for storing passwords by default. This algorithm is old and is weak to computed brute force attacks; in addition it can only store passwords up to 15 chars. 2000 and XP also use NTLM hash storage which is far stronger than LM; if you notice on that Ophcrack site, you'll see that NTLM hash tables are bigger and tend to cost more for passwords of less length than their LM counter part. LM hashes were kept for backwards computability all the way into Windows 2003 to allow NT4 and older systems to continue to authenticate with Windows. Vista and higher started the policy of not allow LM hashes which is why it is much more difficult to break the password from a Vista machine. Also note wise, you can set a policy/registry entry that tells Windows 2000 and XP to not store the LM hash, making their password database much harder to break.

NTLM is still susceptible to rainbow table attacks though (I've heard of tables over a TB big). Until Microsoft learns from Linux and actually SALT the SAM database, rainbow tables will always pose a security risk.

Force changing a password will most likely not cause any files to be loss so long as EFS encryption is not involved. The only content that is lost is any item stored in that user's certificate store (used by EFS to encrypt files) or their saved password database. These items are encrypted using the users password which if you brute change, does not change the encryption on these items.