[ulater6000]

I recently read somewhere that you could get bootable software that overides a computers password and resets it to what you want.

So naturaly I and wanted to download try this. (I was at school while reading this) So I download it and put it on a floppy.

Boot up one of my school pc's, and now I have full administrative rights to install anything with that pc.

I love this type of software because of its skeleton key ability.

However I dont know if its a good thing that all I do in class now is play Halo and CS.

[Alex81388]

Sooo... what kind of response do you want?


You know, the only password reset CD's that do that are linux based. And if you cleared it with one of these through command prompts (I'm sure you did), you probably screwed up a bunch of network rights. It's only a matter of time they figure that the rights for that specific computer have been altered. Then, they match the time of the deletion with who sits at that computer during that period... And guess what?

[ulater6000]

Well, I guess I can not change the password back to what it was, because I dont know what it was.

Oh, well. Ill probably just get told thats bad and dont do that again. Or at worst be given an interaction.

So far, I dont think it has messed with the networking functions. Everyone else can log into the server and use the computer like they always have.

[DJ-CHRIS]

Quote:

Originally posted by ulater6000
Well, I guess I can not change the password back to what it was, because I dont know what it was.

Oh, well. Ill probably just get told thats bad and dont do that again. Or at worst be given an interaction.

So far, I dont think it has messed with the networking functions. Everyone else can log into the server and use the computer like they always have.

From your penalty you could get a slap on your wrist to a possible expulsion.

If you read what I have done and what penalties I got, you should think twice about doing this stuff. And by think twice, i mean be smart about it.

And resetting admin passwords WILL NOT mess up network stuff, these are local accounts and dont really matter at all.

It's easy as **** to reset passwords on windows based machinnes. I do it with Emergency Boot CD all the time *I do NOT use it for illegal purposes*

[ulater6000]

Quote:

From your penalty you could get a slap on your wrist to a possible expulsion.

Wow! I dont know where you go to school, but its obviously stricter than my school.

The worst they would do to me is take a way my ability to log onto my school computer account. (Which if they do, I just make another or share with a friend) But most likely just write me up.


I feel sorry for you.

[Law]

The administrators are noobs at your school, they can prevent this from happening if they configured the BIOS to boot the Harddrive first before the CD-ROM and floppy then password protect the BIOS. Even though that won't stop people from trying to clear the BIOS, they can put a lock on the computer making it harder for people to open up the case. Even though that won't stop people from breaking or picking the lock, it kind of slow them down. A security flaw was found in XP Pro and 2000 Pro, a user can use XP computer manangement over the network to change 2000 pro administrator password. Bring in a laptop with XP Pro, join the workgroup or domain, you can executes this. Not really a flaw but a default setting that Microsoft never wanted to fix it.

[DJ-CHRIS]

Quote:

Originally posted by Law
The administrators are noobs at your school, they can prevent this from happening if they configured the BIOS to boot the Harddrive first before the CD-ROM and floppy then password protect the BIOS. Even though that won't stop people from trying to clear the BIOS, they can put a lock on the computer making it harder for people to open up the case. Even though that won't stop people from breaking or picking the lock, it kind of slow them down. A security flaw was found in XP Pro and 2000 Pro, a user can use XP computer manangement over the network to change 2000 pro administrator password. Bring in a laptop with XP Pro, join the workgroup or domain, you can executes this. Not really a flaw but a default setting that Microsoft never wanted to fix it.

Heh if you could elaborate, as we run 95% windows 2000 and I would like to correct this.

Anyways to get around the BIOS lock you just have to use a BIOS password reset program that you can run from windows.

EDIT: Don't you need a password to join the domain in windows enviroments? This makes this exploit kinda pointless.

[HAVOC]

Do you guys really think the school administration gives a crap what you "think" you can do with those computers? Technically they are "your" computers, since your mom & dad "taxpayers" are paying for them. Or if it's private school... your tution probably more then paid for them... do whatever you want with them... keep the IT guy busy so he's not hittin' on the nurse or the librarian.

[Law]

Yea you need the administrative account that is part of the enterprise group. But you can still use computer management to browse computers as long as the workgroup name matches the domain name. Like for example if the domain was school.edu the workgroup would be school. I have verify this at home, I run Win2003 server and I can log into the win2003 computer management with XP and 2000 that are on a workgroup while the 2003 is a domain controller. But that flaw was fix in server 2003 and XP. However only 2000 pro remains, so if you can see any computer in computer managment that might be running 2000 pro, you can definitely do things to it. At school I have done this to 2000 server and it worked.

[Law]

Give me a few minute and I post screen shots of what I am talking about.