HiveMinds

Richard C. · Senior Royalty Joined: 09 Nov 2002 Posts: 2346

Hi guys

I'm here at my new job trying to sort out a tricky problem: the partner who left the company took the server passwords with him, and Bjørn (who's left) doesn't have admin access. It's a win2k network.

What to do?

ToddK · Posted: Mon Dec 16, 2002 8:45 am Post subject:

I haven't tried this, but it's a possibility....

http://www.darknet.org.uk/content/docs/ntremote2.txt

Cshark · Posted: Mon Dec 16, 2002 11:53 am Post subject:

Had this situation pop up about a year ago at a company I was working for. We ended up re-installing windows and resetting the admin passwords that way. Probably the safest way to go.
_________________
This signature has super cow powers.

single · Posted: Mon Dec 16, 2002 12:39 pm Post subject:

you can't ask the guy who left for it?

Richard C. · Senior Royalty Joined: 09 Nov 2002 Posts: 2346

Brad · Posted: Mon Dec 16, 2002 1:02 pm Post subject:

There are generally three ways of going about this, assuming there are no backdoors or built-in password recovery mechanisms:

1.) Boot into a mini-OS from floppy or stick the drives in another machine, and make whatever changes are needed to gain administrative privileges back. (Hint: Google for LinNT.zip)

2.) Run a brute-force password guesser (l0phtcrack, John The Ripper) against the admin/root account.

3.) Find an unpatched vulnerability and exploit it.
_________________
Grumpy UNIX Guy
"Don't tell my momma I'm a sysadmin, she thinks I play piano in a whorehouse."

SoopahMan · Posted: Mon Dec 16, 2002 1:15 pm Post subject: Wow

Wow, smooth trick. That's smart stuff.

single · Posted: Mon Dec 16, 2002 1:23 pm Post subject:

My suggestion is you stare at the machine for long enough until it gets intimidated and makes a mistake....

Richard C. · Senior Royalty Joined: 09 Nov 2002 Posts: 2346

Thanks Brad, suggestions noted.

l0pht was my first idea, but you need admin privileges to run it in brute-force mode...and if I had admin, I wouldn't need it...???

ToddK · Posted: Mon Dec 16, 2002 1:47 pm Post subject:

You could probably run it over the network from another machine where you are the admin.

Richard C. · Senior Royalty Joined: 09 Nov 2002 Posts: 2346

I did what you suggested, Brad - it worked a treat once I'd got the latest version. This was very cool as the former sysadm was being an @-hole about all that stuff, and now all his passwords have been reset, hehe Laughing

Mike Parent · Posted: Tue Dec 17, 2002 5:14 pm Post subject:

Assuming it is in a windows 2000 domain, you could create a group policy that affects that computer (domain group policy) that adds some other accoutn to the local admins group. Reboot the machine and voila!
_________________
"Some people say that I must be a horrible person, but that's not true. I have the heart of a young boy
-- in a jar on my desk." Steven King, 3/8/90

Richard C. · Senior Royalty Joined: 09 Nov 2002 Posts: 2346

It wasn't on a domain, and you have to be an admin to do that anyway...

martinscott · New Bee Joined: 18 Sep 2009 Posts: 2

I need some help from someone. All of my spyware programs have stopped working. I cannot load Spybot, Malwarebytes, HiJackThis and AVG will not work. Everytime I try to run these they blink back and say something about path and "You do not have appropriate permission" to access this. My AVG did run one time originally and detected a trojan and gave me the name but I didn't write it down and now will not run to show me again. Apparently this little sucker has disabled all of my programs to recognize it. Also when i tried to search through google it redirects me to other sites instead of the one I chose. Anyone got any ideas on how to fix this?