Cracking Windows Passwords

ddrueding

Fixture
Joined
Feb 4, 2002
Messages
19,315
Location
Monterey, CA
A client has a server and doesn't know the password. I believe it is Server 2008 R2. It is currently running fine, but it would be nice to be able to log in. I have full access to the machine, so booting to a CD or other is possible. What is the current state of this sort of thing?
 

timwhit

Hairy Aussie
Joined
Jan 23, 2002
Messages
5,278
Location
Chicago, IL
I was just trying to figure out why a rainbow table attack would work on NTLM, because no one in their right mind would design a system that doesn't use salts. But, apparently NTLM doesn't use salts.
 

CougTek

Serial computer killer
Joined
Jan 21, 2002
Messages
8,692
Location
Québec, Québec
Active Password Changer. Available on older versions of Hiren's Boot CD. I don't remember if I've used it on a Server 2008 (because generally, people who operate a Server 2008 machine don't lose their passwords). It works like a charm on all Windows 2000-to-7 though. I have yet to use it on a Windows 8 system (because they are so rare).
 

Stereodude

Not really a
Joined
Jan 22, 2002
Messages
10,865
Location
Michigan
I was just trying to figure out why a rainbow table attack would work on NTLM, because no one in their right mind would design a system that doesn't use salts. But, apparently NTLM doesn't use salts.
As always your system is only as secure as you're physical control of the system.
 

timwhit

Hairy Aussie
Joined
Jan 23, 2002
Messages
5,278
Location
Chicago, IL
I don't know if that's true for encryption or hashes. Imagine two scenarios with a user table/DB from a large internet company being released to the public:

1. Passwords in the table are standard SHA-256 hashes.
2. Passwords in the table are SHA-256, but there's another column in the table called SALT.

In scenario one, I can use a rainbow table to look up a large portion of the passwords in a small amount of time. In scenario two, I am stuck using a dictionary attack against each and every password assuming I know how the SALT is added to the password.
 

Howell

Storage? I am Storage!
Joined
Feb 24, 2003
Messages
4,740
Location
Chattanooga, TN
Ntpasswd still works just fine for resetting the password up through 2008 64 if that meets your requirements.
 

Mercutio

Fatwah on Western Digital
Joined
Jan 17, 2002
Messages
20,329
Location
I am omnipresent
Website
s-laker.org
Top