Yeah why waste the time reloading a side by install of the OS, when if you get the .SAM file you can load it in Ophcrack and brute force crack it in about 10 mins.
Z Edward E. Ziots Network Engineer Lifespan Organization MCSE,MCSA,MCP,Security+,Network+,CCA Phone: 401-639-3505 -----Original Message----- From: David W. McSpadden [mailto:[EMAIL PROTECTED] Sent: Tuesday, April 29, 2008 3:51 PM To: NT System Admin Issues Subject: Re: remote reset of local admin password That's almost like just reload the OS to a .001 profile isn't it. I like yours better. ----- Original Message ----- From: Ziots, Edward <mailto:[EMAIL PROTECTED]> To: NT System Admin Issues <mailto:[email protected]> Sent: Tuesday, April 29, 2008 3:49 PM Subject: RE: remote reset of local admin password Shook the XP box you got the CPU account a Virtual Image. Go into Virtual Control center and power it off. Then build a XP box, and add a drive, and point it to the VMDK if the virtual XP box that got wacked. It should boot with that drive as a slave, and then you can pull off the .SAM file load it into OPHCrack and do a brute force. Z Edward E. Ziots Network Engineer Lifespan Organization MCSE,MCSA,MCP,Security+,Network+,CCA Phone: 401-639-3505 -----Original Message----- From: Andy Shook [mailto:[EMAIL PROTECTED] Sent: Tuesday, April 29, 2008 3:19 PM To: NT System Admin Issues Subject: RE: remote reset of local admin password Tried to access XP box in question over the network and get continued access denied b\c it can't authenticate. Shook ________________________________ From: Ziots, Edward [mailto:[EMAIL PROTECTED] Sent: Tuesday, April 29, 2008 3:12 PM To: NT System Admin Issues Subject: RE: remote reset of local admin password Can you attach the Image to another VM as a Disk drive, and Delete the SAM from the XP workstation, and see if it allows you to login when the new SAM is created? (Either that or you might be able to create another VM with a blank password copy its .SAM file over the other one. Either that or get the .SAM file and run that bugger through OPHCRACK with a brute-force to get the password. Throws shovel to you to smash junior Admin in head. Z Edward E. Ziots Network Engineer Lifespan Organization MCSE,MCSA,MCP,Security+,Network+,CCA Phone: 401-639-3505 -----Original Message----- From: Andy Shook [mailto:[EMAIL PROTECTED] Sent: Tuesday, April 29, 2008 1:50 PM To: NT System Admin Issues Subject: remote reset of local admin password Scenario... Virtual XP Pro box on my ESX 3.5 cluster has had computer account deleted by a junior admin, whose arse I have already kicked. No problem, pull it our of the domain and re add, right. Yeah, well the local administrator password is not listed in my documentation. (My fault; did not do it at time of P2V b\c this dude was getting fired and I was in pucker mode trying to lock out a high end developer out of everything rather quickly.../end rant) Soooo..I can't log in. Ok, boot machine to my ultimate boot cd and local admin password reset utility. But, utility can't find the SAM b\c it can't read the vmware virtual scsi drive. OK, mount the floppy image with the VMWare XP Pro driver for the scsi disk. No go; utilty is looking for a specific directory (/floppy/scsi). Tried creating /scsi directory on floppy image and coping driver into same, no go. Been piddling with this for a while and I can't get the driver loaded. Any pointers/ideas before I throw my mouse into the wall? TIA, Shook ______________________________________________________ This e-mail and any files transmitted with it are property of Indiana Members Credit Union, are confidential, and are intended solely for the use of the individual or entity to whom this e-mail is addressed. If you are not one of the named recipient(s) or otherwise have reason to believe that you have received this message in error, please notify the sender and delete this message immediately from your computer. Any other use, retention, dissemination, forwarding, printing, or copying of this email is strictly prohibited. This email has been scanned by the MessageLabs Email Security System. For more information please visit http://www.messagelabs.com/email ______________________________________________________________________ ~ Upgrade to Next Generation Antispam/Antivirus with Ninja! ~ ~ <http://www.sunbelt-software.com/SunbeltMessagingNinja.cfm> ~
