|
Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email hr@neohapsis.com |
Subject: Re: NT password recovery
From: Timothy M. Mullen (tmullen
ANCHORSIGN.COM)Date: Tue Aug 01 2000 - 12:38:55 CDT
- Next message: Ryan Yagatich: "Re: NT password recovery"
- Previous message: Forrester, Mike: "Re: Windows 2000 Professional and firewalls"
- Maybe in reply to: mahmut korkmaz: "NT password recovery"
- Next in thread: Ryan Yagatich: "Re: NT password recovery"
- Maybe reply: Timothy M. Mullen: "Re: NT password recovery"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
SP3 introduced the SYSKEY utility that encrypts the SAM with a 128-bit key,
thus rendering both dictionary and brute force decrypts useless unless you
have lots and lots of time on your hands.
If this user, who did not give us enough information, used SYSKEY on his
controllers, then he would not be able to recover his password in this way.
He may, of course, try to use the copy in the Repair directory or on his
original setup disk, but if standard security procedures were followed,
these would not be available. The good (?) thing is that the SMB packet
structure is not affected even when SYSKEY has been applied, so the use
would still have an easy crack if he could capture a SMB packet from a
system that he is still logged in on- but I doubt this would be the case.
There are a number of ways to replace the admin password, but again, the
user did not give us enough info. We don't know if the account he is
talking about is an administrator account, and we don't know if the need is
to actually RECOVER the password as it was, or to simply gain access to the
system under the security context of an administrator.
---------------------------------------------
Timothy M. Mullen, CIO, MCSE
Anchor Sign, Inc.
530.550.1046.truckee, ca
530.550.1467.fax
843.576.9422.charleston, sc
tmullenanchorsign.com
http://www.anchorsign.com/
-----Original Message-----
From: Scott Sanchez [mailto:SSanchezOPUS360.COM]
Sent: Tuesday, August 01, 2000 9:49 AM
To: FOCUS-MSSECURITYFOCUS.COM
Subject: Re: NT password recovery
Years? Unless you have used special characters, even the hardest password
should crack (using brute force) within a day or two on a 400mhz or higher.
Special characters increase the complexity of the attack by many orders of
magnitude.
-Scott
Scott C. Sanchez, CISSP
Information Risk Manager
_____________________________
OPUS360 Corporation <<http://www.opus360.com/>>
39 West 13 Street, 3rd Floor
New York, NY 10011
voice: 1-212-884-6323
cell: 1-917-642-6905
e-mail: ssanchezopus360.com
Solutions For The Way The World Workssm
"It is in your moments of decision that your destiny is shaped." -Anthony
Robbins
-----Original Message-----
From: mahmut korkmaz [mailto:mahmutkorkmazHOTMAIL.COM]
Sent: Monday, July 31, 2000 8:42 PM
To: FOCUS-MSSECURITYFOCUS.COM
Subject: [FOCUS-MS] NT password recovery
hi folks,
i nedd to recover my NT logon password, i managed to get sam._ file but it
seems that it will take years to decrypt it with l0phtcrack. is there
any better way i can recover my password?
immediate help will be appreciated.
regards
________________________________________________________________________
Get Your Private, Free E-mail from MSN Hotmail at http://www.hotmail.com
- Next message: Ryan Yagatich: "Re: NT password recovery"
- Previous message: Forrester, Mike: "Re: Windows 2000 Professional and firewalls"
- Maybe in reply to: mahmut korkmaz: "NT password recovery"
- Next in thread: Ryan Yagatich: "Re: NT password recovery"
- Maybe reply: Timothy M. Mullen: "Re: NT password recovery"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]