tags:

views:

62

answers:

1
+1  Q: 

XP accounts - why does this happen?

Hi all,

Quick question regarding my computer accounts. Recently revisted one of my old comps and forgot the admin password :)

When I boot up I get screen showing John Doe account - no one else, no admin account. Couldn't remember this password.

After a bit of stuffing around, I was able to find out that I have 2 admin rated accounts - one called administrator, one called john doe. (I was using a couple of programs - this was one http://home.eunet.no/pnordahl/ntpasswd/ )

Before I bothered to reset the password I decided to see if I could somehow access the administrator account (funnily, I didn't know this was there, had a VERY weak password on it, and got that using ophcrack - and is the main admin account!) After realizing this - i'm definetly going to rebuild. But I digress.

Booting up normally again, I just get the JOhn doe account option and nothing else. I played around using ctrl alt del and yep the prompt comes up so I can change account name and password. Bingo, in with the old administrator password.

Now at this stage, I don't really care about the accounts since im rebuilding anyway and can get in as admin to easily copy data I want. But the whole exercise has beefed my curiosity of what that forgotten password was - and why the accounts have become skewed (if you will).

1) why did i not have admin option and had to ctrl alt del to get to change accnts ? 2) using pwdump i'm told admin has password but john doe acct does not. IT definetly did have a password on it (More still - it was definetly not the same as the admin account pw). Of course it doesn't matter because I can change it now anyway, but i would like to understand. 3) say I can get pwdump of the accounts, and the password inside is quite strong, do I have any hope of cracking that with free programs available? Previously, i could only get the nt hash of this pw and as I understand that is quite hard to crack. im not sure but i think does the pwdump give both, LM and NT hash?

Feel free to answer any part of this or not (if its not kosher). In 40 or so mins the hdd will be formatted anyway.

Cheers!

A: 

there are lots of tools to decrypt NTLM hashes. Search for NTLM and rainbow tables- I'm sure you'll find an online service that given a hash will respond with your password in seconds.

Dee  2010-09-02 03:12:22

related questions

What are some good security questions?
What's a good alternative to security questions?
Protect embedded password
How do you generate passwords?
Should I impose a maximum length on passwords?
How best to generate a random string in Ruby
What is the best way to check the strength of a password?
In a client-server application: How to send to the DB the user's application password?
How does your company manage credentials?
Replacing plain text password for app
How to implement password protection for individual files?
Password generation, best practice
Unique key generation
Generating Random Passwords
Oracle lost sysdba password
How does one decrypt a PDF with an owner password, but no user password?
Storing Windows passwords.
How do I avoid having the database password stored in plaintext in sourcecode?
How do I write Firefox add-on that automatically enters proxy passwords?
How to store passwords in Winforms application?
Two-way password encryption without ssl
Disable browser 'Save Password' functionality
Simple password encryption
Best way to store a database password in a startup script / config file?
Encrypting Passwords