What is Digg?128 Comments
- schestowitz, on 11/02/2007, -10/+95Dugg for "The best thing to do would be to throw in a Linux CD, format the drive, and install the Distro. But, what if you want to boot to the system and see what's on there, and get data off?"
- chris9902, on 11/02/2007, -2/+45"Disclaimer: Do not try this on unauthorized systems."
What's the other uses for it? - inactive, on 11/02/2007, -2/+42Bios passwords are easily reset but temporarily removing the motherboard battery. Then just set it to boot from cd and you're good to go.
- thechr0nic, on 11/01/2007, -2/+31http://ophcrack.sourceforge.net/
This is one of the best ones that I have found sofar. I have used it numerous times and it has worked with amazing success. - matbranyon, on 11/09/2007, -0/+27Maybe this guy should read up on how rainbow tables work?
He didn't have the dictionary to crack the last two passwords.
Second. Blanking a password is completely different from cracking. Cracking allows undetected access.
Last, if you want to just grab data off of a computer (any computer really), knoppix works fine. You can even use ddrescue (or straight dd) to copy the filesystem over ssh to a machine of your own, so you can crack away at it all you want (or just to make nice images of your computer). - weeeezzll, on 10/31/2007, -0/+22Oh yea!? Well I would...oh wait...everyone else already covered the 4 million different ways to install Linux and rescue the existing files. Buried comments for being redundant, and obvious...
- Kitsun, on 10/31/2007, -3/+22In this case the OS would probably not be Windows, because anyone going to that length will prefer Linux.
- bubbles19518, on 11/01/2007, -1/+20I thought Ophcrack only worked on XP. Didn't they delete the LM hash in vista or something?
- inactive, on 11/01/2007, -0/+14Vista still supports LM Hash, but not by default it must be explicityl turned on. It uses the NTLM system for it's passwords now. Much more difficult to crack even with the rainbow tables.
- rockrapdude, on 11/02/2007, -1/+13To get your account back when some script-kiddie has changed your password.
- TheLoneWolf071, on 10/31/2007, -0/+12Easy. LanMan Is a DES varient, which is tough to crack, but windows made the fatal mistake. They break your password into 7-character segments... so even if your password is 21 characters, it put it in three segments, and come on, how hard is it, even if it's alpha-numberic-symbolic, to crack a 7 character password?
- Xtracti0n, on 11/10/2007, -4/+14wow, this linux one timers for windows SAM cracking came about 10 years ago...gg for bringing up old crap.
- azAZ09, on 10/31/2007, -0/+10Shhhhhh
- inactive, on 11/01/2007, -1/+101. Remove hard drive.
2. Transfer the data to another hard drive.
3. ???
4. Profit! - Philluminati, on 11/01/2007, -0/+8Yep. Blanking a password is pointless. You can do it with any live cd that can mount windows partitions by putting a batch file on C: called "program.bat" and putting the command "net user admin password" (or some such) on the disk. then when the machine boots, Windows accidentally runs the command about 50 times as System and Administrator. Then you can log into it using that given password. This batch file technique is awesome. You can put absolutely ANY command in that batch file, including change file permissions etc and you can make it delete itself upon completion. Admin rights for any windows machine at the touch of a key. The way to do it without being detected is to use the batch file to create a new user account, with admin priv and then you can delete it when your done.
- LemmingJesus, on 11/01/2007, -1/+9Or just reset the BIOS password with the jumpers, it's usually labeled right on the board.
- canthraxp, on 11/01/2007, -1/+9Nobody noticed the Bill Gates image on the bottom of the page?
http://www.flickr.com/photos/najib/281946162/ - JAVandiver, on 11/01/2007, -6/+14Actually, the best thing to do is to throw in a USB key with a Linux distro already installed. Then it is happy fun time!
- angito, on 11/02/2007, -2/+9If thats the case you are probably trying to break the law...
- PRlME, on 11/01/2007, -0/+7why would you want to remove the pass...then the user will know someone has tampered with there machine
- Philluminati, on 11/01/2007, -0/+6pointless. Especially if the salt is the same on each machine. When one person figured out what the salt is, it would of been an entire waste of time.
- psiphre, on 11/01/2007, -0/+6except that the article ended by blanking the password
- FKnight, on 11/01/2007, -0/+5::shrug:: Some people who have to use a computer keyboard for their job know how to type.
- crazylinuxguy, on 10/31/2007, -0/+5you mean the Bill Gates recommmends ubuntu image? Yes, I noticed.
- FKnight, on 11/01/2007, -1/+624 characters averages around 3-4 seconds.
- ayeroxor, on 11/01/2007, -1/+6wvdavis: Every computer professional I know (including myself) types around 90 wpm. ***** please. 40wpm is for secretaries.
- guinnessstout, on 10/31/2007, -0/+5John the Ripper.
- ZippyV, on 10/31/2007, -0/+5They have a law that makes hacker tools illegal.
- wvdavis, on 11/01/2007, -0/+5"Windows Vista SAM can also be cracked."
Source - http://ophcrack.sourceforge.net/ - FKnight, on 10/31/2007, -1/+6No MS millionaire made that decision. When you install Windows, it forces you to create an administrator password. I wouldn't expect you to know that though because Windows bashing is typically done by people who haven't used Windows since 1995.
Blame OEM's for blanking the Administrator password when they image a machine. - weeeezzll, on 10/31/2007, -0/+5I $15 drill from Walmart will take care of that case lock. Or a small rotary tool for more flexibility while cutting the case open. Or if you are really cheap you choice of pliers, screw driver, or butter knife to pry open various parts of the ALUMINUM case.
- MikeCerm, on 10/31/2007, -1/+6Offline NT Password & Registry Editor let's you just remove the password all together. It's a tiny download, and takes only seconds because there's no cracking required.
http://home.eunet.no/pnordahl/ntpasswd/ - davidlyness, on 11/01/2007, -0/+5I can see the effectiveness of this, but anything encrypted with EFS will remain locked. Therefore, if you're going to use this to recover your account whenever you've forgotten the password, you'll have to leave things unencrypted.
- wvdavis, on 11/01/2007, -2/+6That's 72-96 WPM... I'm throwing the BS flag. *10 yards!!!*
- thechr0nic, on 11/01/2007, -0/+4if the password is longer than 14 characters it is stored in NTLM v2 and will show as a null hash when you attempt to crack it.
I thought I had a pretty good password that was 9 character long alphanumeric password. I decided to try to crack it with ophcrack and to my dismay it cracked my password in seconds flat. my new password is 24 characters long and is MUCH stronger. I have been unable to crack it with any of the available crackers or brute forcers, sofar. - cocokr1sp, on 11/01/2007, -0/+4time to hide physical access to my machine from script kiddies ^^
- thechr0nic, on 11/01/2007, -1/+5ERD commander simply resets the password. yes that is easy, however the aim of this article was to 'crack' passwords, not reset them
- simonpainter, on 11/01/2007, -1/+5Not strictly true. Whole disk encryption with your encryption keys split between a TPM chip and a removable device (which you have to remove) normally does the trick.
- chrismgtis, on 11/01/2007, -1/+4Whoever dugg you down is an idiot. The NT boot CD is definitely the easiest way and it can't be any easier or faster.
- james.mattson, on 11/01/2007, -0/+3This is exactly why I mount all my 3.5 inch optical drives upside down in my case. Security through obscurity. If you can't get the disk in, you can't OPHcrack me.
- thechr0nic, on 11/01/2007, -0/+3it takes me maybe 2 or 3 seconds to type it out. I type on average of around 80 - 90 wpm, with bursts of 110+ for things I know well, such as my password :)
- antdude, on 11/01/2007, -0/+3How long does it to take to enter your password?
- Clanked, on 11/01/2007, -0/+3You obviously havn't dealt with any sensitive information systems. Yay for home users talking about enterprise level stuff.
- pickypg, on 11/01/2007, -0/+3My friend's registry failed and required Windows to try and boot into the true administrative account on the computer, which actually happened to have a password. It took them forever to remember their password (it was simple), but had they not known it I would have been forced to use this, or lose all of their data.
- cbuddha42, on 11/01/2007, -0/+3Ha, I was tempted to bury for the suggestion that always installing linux was a better idea. In the end I burried because the guy doesn't understand how rainbow tables work and one of his two "cracking" tools doesn't crack, it just resets.
- chicagodj, on 11/01/2007, -0/+3Linky no worky
- dsn0wman, on 11/01/2007, -1/+4It should also be noted that resetting passwords with ERD commander, or good old netBSD breaks active directory. So it's useless in a corporate environment.
- salinemist, on 11/01/2007, -1/+4You don't want someone to know you have access to their system?
- freddo, on 11/01/2007, -0/+2Of course, if it's just the fact that you don't have the key that bother you, you can check: http://en.wikipedia.org/wiki/Lock_picking -- this isn't as hard as one might think... or even: http://en.wikipedia.org/wiki/Lock_bumping
- schotty, on 11/01/2007, -0/+2I unfortunately have to deal with MS's crap product line on a daily basis - that is why I bash them on a daily basis.
I have also dealt with all of their flavors of licensing - Retail, OEM, VLKM. I know this. But since MS prefers not to sell Windows in the retail channel, but rather would love to restrict it to just OEMs, that sounds like an endorsement now doesn't it? If it wasn't, the OEM status could be yanked and they would be forced to use retail copies, both inflicting the damage of less customized installs and an economic hit. But neither has happened. -
Show 51 - 100 of 128 discussions
© Digg Inc. 2009
— Content created and posted by Digg users is