Yeah why waste the time reloading a side by install of the OS, when if
you get the .SAM file you can load it in Ophcrack and brute force crack
it in about 10 mins. 

 

Z

 

Edward E. Ziots

Network Engineer

Lifespan Organization

MCSE,MCSA,MCP,Security+,Network+,CCA

Phone: 401-639-3505

-----Original Message-----
From: David W. McSpadden [mailto:[EMAIL PROTECTED] 
Sent: Tuesday, April 29, 2008 3:51 PM
To: NT System Admin Issues
Subject: Re: remote reset of local admin password

 

That's almost like just reload the OS to a .001 profile isn't it.  I
like yours better.

        ----- Original Message ----- 

        From: Ziots, Edward <mailto:[EMAIL PROTECTED]>  

        To: NT System Admin Issues
<mailto:[email protected]>  

        Sent: Tuesday, April 29, 2008 3:49 PM

        Subject: RE: remote reset of local admin password

         

        Shook the XP box you got the CPU account a Virtual Image. Go
into Virtual Control center and power it off. 

         

        Then build a XP box, and add a drive, and point it to the VMDK
if the virtual XP box that got wacked. It should boot with that drive as
a slave, and then you can pull off the .SAM file load it into OPHCrack
and do a brute force. 

         

        Z

         

        Edward E. Ziots

        Network Engineer

        Lifespan Organization

        MCSE,MCSA,MCP,Security+,Network+,CCA

        Phone: 401-639-3505

        -----Original Message-----
        From: Andy Shook [mailto:[EMAIL PROTECTED] 
        Sent: Tuesday, April 29, 2008 3:19 PM
        To: NT System Admin Issues
        Subject: RE: remote reset of local admin password

         

        Tried to access XP box in question over the network and get
continued access denied b\c it can't authenticate.  

         

        Shook

        
________________________________


        From: Ziots, Edward [mailto:[EMAIL PROTECTED] 
        Sent: Tuesday, April 29, 2008 3:12 PM
        To: NT System Admin Issues
        Subject: RE: remote reset of local admin password

         

        Can you attach the Image to another VM as a Disk drive, and
Delete the SAM from the XP workstation, and see if it allows you to
login when the new SAM is created?

         

        (Either that or you might be able to create another VM with a
blank password copy its .SAM file over the other one. Either that or get
the .SAM file and run that bugger through OPHCRACK with a brute-force to
get the password. 

         

        Throws shovel to you to smash junior Admin in head. 

         

        Z

         

        Edward E. Ziots

        Network Engineer

        Lifespan Organization

        MCSE,MCSA,MCP,Security+,Network+,CCA

        Phone: 401-639-3505

        -----Original Message-----
        From: Andy Shook [mailto:[EMAIL PROTECTED] 
        Sent: Tuesday, April 29, 2008 1:50 PM
        To: NT System Admin Issues
        Subject: remote reset of local admin password

         

         

         

        Scenario...

         

        Virtual XP Pro box on my ESX 3.5 cluster has had computer
account deleted by a junior admin, whose arse I have already kicked.  No
problem, pull it our of the domain and re add, right.  Yeah, well the
local administrator password is not listed in my documentation.  (My
fault; did not do it at time of P2V b\c this dude was getting fired and
I was in pucker mode trying to lock out a high end developer out of
everything rather quickly.../end rant)

         

        Soooo..I can't log in.  Ok, boot machine to my ultimate boot cd
and local admin password reset utility.  But, utility can't find the SAM
b\c it can't read the vmware virtual scsi drive.  OK, mount the floppy
image with the VMWare XP Pro driver for the scsi disk.  No go; utilty is
looking for a specific directory (/floppy/scsi). Tried creating /scsi
directory on floppy image and coping driver into same, no go.

         

        Been piddling with this for a while and I can't get the driver
loaded.  Any pointers/ideas before I throw my mouse into the wall?

         

        TIA,   

         

         

        Shook

         

         

         

         

         

         

         

         

         
        
        
        
        
        
        ______________________________________________________
        
        
        
        
        
        
        
        
        
        This e-mail and any files transmitted with it are property of
Indiana Members Credit Union, are confidential, and are intended solely
for the use of the individual or entity to whom this e-mail is
addressed. If you are not one of the named recipient(s) or otherwise
have reason to believe that you have received this message in error,
please notify the sender and delete this message immediately from your
computer. Any other use, retention, dissemination, forwarding, printing,
or copying of this email is strictly prohibited.
        
        
        
        
        
        
        
        
        
        This email has been scanned by the MessageLabs Email Security
System.
        
        
        
        
        For more information please visit
http://www.messagelabs.com/email 
        
        
        
        
        
______________________________________________________________________
        
        
        
        
         
         
         

 

 

~ Upgrade to Next Generation Antispam/Antivirus with Ninja!    ~
~ <http://www.sunbelt-software.com/SunbeltMessagingNinja.cfm>  ~

Reply via email to