views:

62

answers:

1

Hi all,

Quick question regarding my computer accounts. Recently revisted one of my old comps and forgot the admin password :)

When I boot up I get screen showing John Doe account - no one else, no admin account. Couldn't remember this password.

After a bit of stuffing around, I was able to find out that I have 2 admin rated accounts - one called administrator, one called john doe. (I was using a couple of programs - this was one http://home.eunet.no/pnordahl/ntpasswd/ )

Before I bothered to reset the password I decided to see if I could somehow access the administrator account (funnily, I didn't know this was there, had a VERY weak password on it, and got that using ophcrack - and is the main admin account!) After realizing this - i'm definetly going to rebuild. But I digress.

Booting up normally again, I just get the JOhn doe account option and nothing else. I played around using ctrl alt del and yep the prompt comes up so I can change account name and password. Bingo, in with the old administrator password.

Now at this stage, I don't really care about the accounts since im rebuilding anyway and can get in as admin to easily copy data I want. But the whole exercise has beefed my curiosity of what that forgotten password was - and why the accounts have become skewed (if you will).

1) why did i not have admin option and had to ctrl alt del to get to change accnts ? 2) using pwdump i'm told admin has password but john doe acct does not. IT definetly did have a password on it (More still - it was definetly not the same as the admin account pw). Of course it doesn't matter because I can change it now anyway, but i would like to understand. 3) say I can get pwdump of the accounts, and the password inside is quite strong, do I have any hope of cracking that with free programs available? Previously, i could only get the nt hash of this pw and as I understand that is quite hard to crack. im not sure but i think does the pwdump give both, LM and NT hash?

Feel free to answer any part of this or not (if its not kosher). In 40 or so mins the hdd will be formatted anyway.

Cheers!

A: 

there are lots of tools to decrypt NTLM hashes. Search for NTLM and rainbow tables- I'm sure you'll find an online service that given a hash will respond with your password in seconds.

Dee