Ok I go to his house today to do a little work on his PC. Well he installed XP Pro last night and put a password on it, well it isn't his normal password :mad3: so I sit there and try about 50 or so things and I can't get in. :banghead:



The only thing I was able to do for him was install the 256meg of ram that he couldn't get working, ( I think he just didn't push it on the MB hard enough )



now see if I help you any more :P

Well, if Windows XP is anything like VMS (from which NT was copied), the system will go into breakin evasion after three incorrect passwords. During that time you would be denied access even if you did enter the correct password.

for how long???...

Originally posted by Markel
Well, if Windows XP is anything like VMS (from which NT was copied), the system will go into breakin evasion after three incorrect passwords. During that time you would be denied access even if you did enter the correct password. That's only if the password policies are set. I believe that by default they are not.

:cool:

Originally posted by DoPeY5007
for how long???...
Well, if enabled (as topane referred to) in VMS evasion prevention stays active for a random length of time (to keep you from coming back and trying to guess whether you're entering wrong or the system is keeping you out - pretty sneaky, huh?). I think the minimum time was an hour.

bro, are you goin 2 try to hack into my pc?

if I really wanted in I would just take your hard drives out and put them into my PC :P

y would u want to? you hav enough gigs

Or you could just boot up with a NTFS capable floppy and reset or crack his password. I've seen it done in under a minute.

Originally posted by Grimm
Or you could just boot up with a NTFS capable floppy and reset or crack his password. I've seen it done in under a minute.
uh oh:eek:

Originally posted by Grimm
Or you could just boot up with a NTFS capable floppy and reset or crack his password. I've seen it done in under a minute.
Yeah. I think the first law of system security says if someone has physical access to the computer, all bets are off.

Originally posted by Grimm
Or you could just boot up with a NTFS capable floppy and reset or crack his password. I've seen it done in under a minute.


so how do I do this???... :D

Originally posted by Markel

Yeah. I think the first law of system security says if someone has physical access to the computer, all bets are off.
ain't that the truth. peeps were baggin all over about the whole thing with the linux single thing being used to change passwords. there is only so much you can do, so why get all uptight about it. you can keep the honest people honest, but if you really wanna be secure from a hack at the terminal, don't let them get to the damned terminal :|

Originally posted by DoPeY5007



so how do I do this???... :D

Well, the quick and easy way is to get the utility form Microsoft to change the passwords from a command prompt.

The hard way is go online and find an image for a boot disk that supports NTFS. Then you need 2 more programs. One to export the hash file and another to decode it. With a modern system it should take you less than 12 hours. Just a couple if he didn't use a secure password. I have seen this done, but have never done it myself. I would never do such a thing. Cracking a system would be wrong.

Originally posted by DoPeY5007
so how do I do this???... :D
There's another way, but it is certain to get the thread deleted, so we won't talk about it. :D

man, i forget what that program was.....
but working at school, the net admin was just playin around, and had a program, easily dl'able, dl'ed it myself....but at work...
well, he ran it, and pretty much got 90% of passwords in about a minute.... (at a particular school of a college, not the whole college, but still a good 500ish people).
it was pretty crazy....
give it enough time, it would get all of them

Well, a legitimate place to look at some things is at http://www.atstake.com/ . This company was formed when some members of a well-known cracking group decided to go into a legitimate security business (teamed up with a former DEC VP who is now Chairman of the Board with @stake). (The "Mudge" guy on the main page is a key player and quite famous/notorious among cracking circles.) Some of their tools are mentioned at http://www.atstake.com/research/tools/index.html

I don't want anyone hacking into my PC:angry:

should of tried login as guest......some people never or forgets to disable guest and admin login and not include password with it.

Originally posted by chosenfool


unplug it from yer modem?:D



LOL that wouldn't work because I do it from his PC

Are you 2 guys just in 2 separate rooms of a house? This is funny that you are talking to each other by posting. :heh:

Originally posted by nhbilly
should of tried login as guest......some people never or forgets to disable guest and admin login and not include password with it.

Isn't it disabled by default?

Originally posted by Speedfreak
Are you 2 guys just in 2 separate rooms of a house? This is funny that you are talking to each other by posting. :heh:

no we are in the same city...


I went to his house ( my parents ) to do some things on his PC....

no it isn't speedfreak.......

I was at a college I used my friends laptop with a default workgroup and mshome workgroup.........I was able to access all the people that had W2K by using admin rights......no harm was done just that I was able to browse there HD. Oh they must be on the same network of course.

Originally posted by Speedfreak
Are you 2 guys just in 2 separate rooms of a house? This is funny that you are talking to each other by posting. :heh:
i was at school at the time i was post previous in this thread

Originally posted by attgig
man, i forget what that program was.....
but working at school, the net admin was just playin around, and had a program, easily dl'able, dl'ed it myself....but at work...
well, he ran it, and pretty much got 90% of passwords in about a minute.... (at a particular school of a college, not the whole college, but still a good 500ish people).
it was pretty crazy....
give it enough time, it would get all of them That would be L0phtcrack. Excellent utility which has saved my butt more than once.

Originally posted by topane
That would be L0phtcrack. Excellent utility which has saved my butt more than once.
That's what I was referring to in my post about atstake.com . I think some of the older "utilities" can be downloaded from their site.

Originally posted by DarkFury

What about locking the PC from the BIOS... and then locking the BIOS?



I did that before I left, but thought that would be mean... so I took the password off before I left :hehehmm:

Originally posted by DarkFury

What about locking the PC from the BIOS... and then locking the BIOS?

Is there anyway around that... short of stealing the computer, ripping out the hard drive and putting it onto another motherboard?
It would only be secure as long as 1) there is a bios password set, 2) The A: drive is removed from the boot sequence (or after the hard drive), and 3) The case is physically secure (locked). Failing to do the last step would allow a perpetrator to just reset the BIOS in order to clear the password.

Originally posted by DarkFury

Ummm...that's what the "pit bull" is for... Trained to KILL! :hihi:


well considering that it would be the family dog, that wouldn't work because I am always over there... :heh: