tarquinlinbin <braantispam@hotmail.com> wrote in
news:pkn1m1t06uf42fatjluaj40bfnbc4461cf@4ax.com:
> Hello,
> i have a laptop on which i am unable to access the administrator
> account becuase i havent got the password. Is there an easy way of
> finding/bypassing this?
> ta
>
> jo
I assume you are talking about the *local* administrator account on the
machine itself.
Yes, there are a number of ways of escalating privilege. The simplest
are the "canned" solutions which are easy to apply if you can boot from
floppy, CD (or USB). The Winternals Admin pack contains such a module
which will allow you to (re)set the Admin password to whatever you wish
(Note that it clobbers the original password so you may wish to back up
the sam first). Elcomsoft and Passware have commercial modules which do
the same thing.
There are some free ones out there too such as:
http://www.grape-info.com/doc/win200.../ntpasswd.html
(I haven't tried this particular one but there are many! others out
there)
Be aware that if you are too aggressive with some of these schemes you
can make some things (e.g., EFS encrypted files) inaccessible. However,
if you don't clobber the SID but just the password all will be well.
Even if you can't boot from CD there are a few tricks to escalate
privilege (so you can run things like Cain & Abel or lsadump to get
passwords). The most elegant are the "shatter" attacks that take
advantage of the insecure and unauthenicated windows message-passing
mechanism. But here's a simple "golden oldie" one that often works:
Go to a command prompt and type in:
at hh:mm /interactive taskmgr
(put in the time a few minutes from now)
At the specified time, task manager will pop up - as a system process!
End task explorer.exe, Click on New Task and type in explorer.exe (the
less greedy will just open a window with cmd). You are now running at
system level! Bingo! (I can almost hear the patter of little sysadmin
feet running to close off this loophole as I type).
Regards,
Getting win2k admin password? 
Linear Mode
