how can I find/recover the password to log onto a domain?

[jameshanley39]

how can I find/recover the password to log onto a domain?

Suppose I want to make a laptop running win xp / NT join the domain,
but I don't know the user/pass to join the domain.

I understand, that user/pass is stored on the server..

I'd like to know the different ways I can find it
- I have access to the server
- I have access to a computer that is on the domain

Is there any way to see it from the server?
Is there any way to see it from a computer that has joined the domain?

Is there any way to find it from the computer that is trying to join
the domain?

i'm interested in all the ways


TIA

 

[John John]

Nice try! Ask the Domain Administrator.

John

 

[Pegasus]

how can I find/recover the password to log onto a domain?

Suppose I want to make a laptop running win xp / NT join the domain,
but I don't know the user/pass to join the domain.

I understand, that user/pass is stored on the server..

I'd like to know the different ways I can find it
- I have access to the server
- I have access to a computer that is on the domain

Is there any way to see it from the server?
Is there any way to see it from a computer that has joined the domain?

Is there any way to find it from the computer that is trying to join
the domain?

i'm interested in all the ways


TIA

The nature of Windows passwords is such that you cannot
extract them from the security database. If you have forgotten
your password then you need to reset it, using another
administrator account or a password resetting disk such
as this one:
http://home.eunet.no/~pnordahl/ntpasswd/bootdisk.html

 

[Newbie Coder]

James,

There is an application that immediately returns the admin password, which
is called 'lophtCrack' (Symantec now have it) or something close. If you get
version 2.5 it don't need installing & will return all passwords for the
users. You'll have to look for it, but paste the URL when you find it

Other Versions:

http://packetstormsecurity.org/NT/lc3setup.exe
http://packetstormsecurity.org/Crackers/NT/l0phtcrack/lc252install.zip
http://packetstormsecurity.org/Crackers/NT/l0phtcrack/lc202exe.zip



Here are other password reset pages:

http://www.petri.co.il/forgot_administrator_password_alternate_logon_trick.htm
http://www.petri.co.il/forgot_administrator_password.htm#5
http://home.eunet.no/~pnordahl/ntpasswd/bootdisk.html

 

[jameshanley39]

The nature of Windows passwords is such that you cannot
extract them from the security database. If you have forgotten
your password then you need to reset it, using another
administrator account or a password resetting disk such
as this one:http://home.eunet.no/~pnordahl/ntpasswd/bootdisk.html-

thanks..
(btw, regarding the repeated post within this thread.. When I posted
it, my original post hadn't appeared, so I have no idea how it
happened. The time of the post would be before anybody replied, so
it's not that i didn't read the others. But my post hadn't appeared
yet either.. so I don't even know how it happened, certainly google
groups posting went funny, they did update the whole interface around
yesterday, that may have effected their usenet posting mechanism and
archive too. I may switch to the Forte news client for a while if
this problem persists)

Anyhow..

Regarding the Peter Nordahl offline NT password recovery thing, I used
it once to reset (it couldn't view, as you imply), the administrator
password on one of my machines.

Is the 'current'/active user account on the server.. i.e. the one the
server is logged in on. Is that the same user/pass as the one
required to log into the domain?

If yes, then I understand the logic of the answer.

 

[jameshanley39]

James,

There is an application that immediately returns the admin password, which
is called 'lophtCrack' (Symantec now have it) or something close. If you get
version 2.5 it don't need installing & will return all passwords for the
users. You'll have to look for it, but paste the URL when you find it

Other Versions:

http://packetstormsecurity.org/NT/l...urity.org/Crackers/NT/l0phtcrack/lc202exe.zip

Here are other password reset pages:

http://www.petri.co.il/forgot_admin...ome.eunet.no/~pnordahl/ntpasswd/bootdisk.html

thanks..I tested l0phtcrack on my machine.. An interesting program,
works by brute force. It gets simple passwords, but when I tried
creating an account with a really long password it didn't get it
instantly, and I wasn't going to leave it to find out when it would.

Infact, i'm not sure about this, but I think it didn't even attempt
some user accounts I created for testing it, where I made the
passwords really long, but later it did attempt it(though didn't get
it). I created another one with a 32 char password, it didn't attempt
it.. While a user account I created with a small password, it
attempted immediately. (And got it immediately).

It's a useful tool but it's not perfect.. (I expect lots of little
imperfect tools from linux not windows!!)

I see it's a useful program, and even has the option to try a remote
server. Though what I was considering was less dodgy! I was just
considering was less dodgy - merely finding the password from a
computer that already logged on , or that does log on when windows
starts!! Perhaps either by checking the registry, or by seeing it sent
down the wire. (I guess the registry option would require brute force)


thanks

 

[Pegasus]

thanks..I tested l0phtcrack on my machine.. An interesting program,
works by brute force. It gets simple passwords, but when I tried
creating an account with a really long password it didn't get it
instantly, and I wasn't going to leave it to find out when it would.

Infact, i'm not sure about this, but I think it didn't even attempt
some user accounts I created for testing it, where I made the
passwords really long, but later it did attempt it(though didn't get
it). I created another one with a 32 char password, it didn't attempt
it.. While a user account I created with a small password, it
attempted immediately. (And got it immediately).

It's a useful tool but it's not perfect.. (I expect lots of little
imperfect tools from linux not windows!!)

I see it's a useful program, and even has the option to try a remote
server. Though what I was considering was less dodgy! I was just
considering was less dodgy - merely finding the password from a
computer that already logged on , or that does log on when windows
starts!! Perhaps either by checking the registry, or by seeing it sent
down the wire. (I guess the registry option would require brute force)


thanks

I think Newbie Coder is a little optimistic. lophtCrack will
crack passwords by brute force but not "immediately" as
he suggests. It can take anything between hours, weeks or
even months, depending on the speed of your PC and the
complexitity of your password. Resetting it is in most cases
much faster.

 

[jameshanley39]

I think Newbie Coder is a little optimistic. lophtCrack will
crack passwords by brute force but not "immediately" as
he suggests. It can take anything between hours, weeks or
even months, depending on the speed of your PC and the
complexitity of your password. Resetting it is in most cases
much faster.-

It can be immediately too e.g. if the password is one letter! Perhaps
it gets it immediately for 3 or 4 letters too, which is common.

A practical example of a one letter password, would be that something
requires that one has a password. I have seen it happen. I can't
remember if it was Windows XP "Remote Desktop" or the built in windows
(NT i guess) "Telnet" server.

But you may not be bothered for it!! Because you feel secure enough
with your server behind your router's built in firewall, and behind
your windows/software firewall. And if those windows servers were to
have their own firewalls built into them. You may feel adequately
secure merely behind your router's firewall.

Or it may be, that you don't even want your server open to the public.
And your "Home Router" , as they all seem to, uses NAT. And Port
Forwarding. SO you don't forward anything.. You may feel that's
adequately secure.

If they're skilled enough to get past any of those layers, then they'd
probably not have much trouble with the windows aspect. Perhaps
finding some exploit for it. Or maybe even just let them in if they
get that far - out of respect!!

Seriously though.. that is a good case / those are good cases, where a
one letter password is safe. Or, safe enough.

I don't think anybody has yet cracked the windows xp firewall -
incoming.

Though maybe if they knew the ip that the firewall allowed, they could
do something. But not establish a connection. And anyhow, that's not
cracking the windows firewall. Since it makes no claim of dealing with
spoofed ips.

My point here- besides trying to make interesting discussion - is that
a one letter password is not unexpected, to say the least.

Another example may be a home computer, with no servers run at all.
Not even the standard ones. (there is actually a security program by a
guy called Volker that closes all windows servers). People in the
house are not criminals, and they won't attack their own computer. One
person in the house is a techie , another is a computer dumbo. A one
letter password is far more than is necessary, to protect the/any
Administrative account.