One of the many reasons Linux is tha shit. Windows won't even recognize ext file systems. And yet Linux has no problem reading NTFS.Quote:
Originally Posted by Indeed
Printable View
One of the many reasons Linux is tha shit. Windows won't even recognize ext file systems. And yet Linux has no problem reading NTFS.Quote:
Originally Posted by Indeed
You don't need to edit anything?
Just get the encrypted password.
Anyway I'm pretty sure it can..
So far, Hiren's boot disk seems like it'll help. I'll try that.
While it is possible to change a Linux password by editing a simple file, this is not true for Windows installations. There really is no good way to recover a lost password, as far as I know.
Correct me if I'm wrong, but i think you can create/modify an entry in the registry. It will be encrypted, and anything you type won't work, but at least it'll create the password file so it can be wiped.Quote:
Originally Posted by Marvo
I know nothing about this. Where did you read it?Quote:
Originally Posted by OldSparta
I didn't read it, its just common sense that the password would be in the registry. .... this calls for some Virtual box testing!
I'm not seeing how that's common sense, but if you figure out how to crack a Vista password, then you could probably become pretty popular.Quote:
Originally Posted by OldSparta
Here's a video on how to use a BackTrack Linux Live CD to login to windows vista without a password:
0wning Vista - Offensive Security
You can download backtrack linux from this site: BackTrack Linux - Penetration Testing Distribution
EDIT: TESTED AND WORKING IN LATEST VISTA UPDATES.
I was able to change the administrator account password using this. Once you have done the swap so you can access cmd.exe with Windows+U, type "NET USER <username> <new password>" and it will change <username>'s password to <new password>. You don't need to know the current password because you have administrator privileges.
Very nice find Vertebrate. Would you even need backtrack, looks like it should work with any linux distro.
EDIT: Works on Win7 and I used Ubuntu. Had to get to the Windows files through /media rather than /mnt but still works just fine. I'm posting this on my win7 without having logged in. I wish I could thank you twice Vertebrate, this is a very nice find!
Yeah it's quite fascinating. I might try it out in my school one day, just to mess with them.
I miss being at school for that very reason.
No problem. I actually found this using stumbleupon a couple weeks ago. I assumed it would probably also work with Win7 but I haven't tested it on my laptop yet. And yeah other linux distro live CDs work too. Backtrack is just a nice live CD with even more tools on it. You can even do this as an unprivileged user, the only thing that stops you from renaming Utilman.exe is explorer. I was able to rename it from a regular user account using a tiny C program I wrote.Quote:
Originally Posted by LikesToTrip
Were the commands in Ubuntu identical to the video? I tried it with an Ubuntu LiveUSB on my Win7 x64 machine, and "ls" turned up no results for /mnt or /media, with sda1 kicking out "no such file or directory."Quote:
Originally Posted by LikesToTrip
I'd like to try this on my sister's Vista PC--she's been locked out of the admin account for months. I'll be out there this weekend, but I know squat about Linux and she doesn't have internet, so if it doesn't work as-is, I'm SOL.
The drive has to be mounted to be viewed, and the drive might not be sda1. If you go to System>Administration>Disk Utility you can find the drive with Windows on it and mount it from there. Then it should show up in /media as a random number/letter combination. After that it's the same as the video.Quote:
Originally Posted by Taosaur
Sweet, that did it. Oddly, I get I/O errors when I try "Run Ubuntu from this USB," and have to "Install Ubuntu on a Hard Disk" then quit the installation process to get the OS to load, after which it works fine.
To sum up for fellow Linux-illiterates and make this post semi-useful:
1) boot from pretty much any Linux LiveCD or USB
2) In the System menu, go to Administration>Disk Utility
3) Choose the drive with Windows on it and Mount Volume
4) Note the directory (/mnt or /media) and string of characters assigned to the volume
5) In the Applications menu, go to Accessories>Terminal
6) Enter the commands from the video:
7) Let system boot to Windows log-in screenQuote:
cd /mnt (or /media, see step #4)
ls (will produce a list of drives and partitions in that directory, including the one you mounted)
cd dr1v3n4m3 (string of characters from step 4)
cd Windows
cd System32
mv Utilman.exe Utilman.old
cp cmd.exe Utilman.exe
reboot
8) Press WindowsKey + U to open the Utilities Manager
9) Enter this command:
Correct? I'm guessing the first two commands could be condensed to "cd /media/dr1v3n4m3" which could also be copied to the clipboard in step 4, am I right? Do all or most distros have the same Application and System menus?Quote:
NET USER <current username> <new password>
ETA: Would it be wise to switch the files back when you're done?
Would that do it?Quote:
rm Utilman.exe
mv Utilman.old Utilman.exe
That's weird, I've never used a USB so I have no idea how to troubleshoot that :?. At least you figured out a work around.Quote:
Originally Posted by Taosaur
Yup, those steps are correct. And actually you can condense the first 5 commands. Assuming your drive name is dr1v3n4m3 you could type 'cd /media/d*/Windows/System32' the asterisk is a wildcard for any length of characters so you don't have to type the whole name. Oh and make sure you get the capital letters correct Linux is case sensitive.
And when you get into windows you can use 'net user' to view all the accounts to find the one you need. I'm pretty sure you're correct with the 'net user <username> <password>' but I always do 'net user <username> *' and then it prompts for a new password.
And once you've set the password and are able to get on to the Admin you can go into the System32 folder and rename Utilman.exe to cmd.exe and then rename Utilman.old to Utilman.exe to revert what you changed.
Any distro running GNOME desktop environment should have a similar enough set up to where you could find what you need. Every distro is slightly different though. If it's running KDE or XFCE it will be different and you might have to do some googling to find what you need.Quote:
Do all or most distros have the same Application and System menus?
Good luck, you should be able to figure it out just fine.
If you have access to a non-admin account you should be able to force rename utilman.exe and then copy cmd.exe. from there logout, press windows+u, type "NET USER <admin account name> <new password>" and it will change the password to <new password>Quote:
Originally Posted by Taosaur
If you need help forcing a rename I wrote a program in C++ to do it. Let me know if you couldn't get the drive mounted in ubuntu. The commands should be identical once it's mounted up.
Yeah that would be a good idea (Unless you foresee this happening in the future! You could just leave it there. Be aware that it would be a rather large security hole if somebody had physical access). My C++ program does that to the best of my knowledge. I sort of accidentally deleted my original Utilman.exe while debugging it. It seems to work with a dummy Utilman.exe file.Quote:
Originally Posted by Taosaur
EDIT: As much as I hate sharing EXE files, I don't well see a better way to do it. Here's the program.
Open it, type y for yes or anything else for no. I don't think backspace works so don't mess up! Anyway open it again and it will ask you to restore the utilman file. If it gives you an error it's probably a file ownership or access problem and you will have to boot to linux. (That would mean you have no permissions at all in \windows\system32, which is not the default behavior of non-admin accounts surprisingly)
Update: I was able to use this method to swap the .exes from an Ubuntu liveUSB and change my sister's password to get her back into her PC. The Windows command was indeed "net user <username> *" not "net user <username> <password>"
Both work. * shows a prompt. if you type a password instead of a star it works the same without a prompt.Quote:
Originally Posted by Taosaur
No, net user <username> <password> did not change the password.
Weird, it did for me >_>Quote:
Originally Posted by Taosaur
Did it return an error message?Quote:
Originally Posted by Taosaur
No, it either said "password changed successfully" or just dropped down to a new command prompt (there was some confusion with the admin username in the command window being different from the one on the log-in screen, so I don't remember exactly which combinations produced which outputs). When attempting to log-in after using the <un> <pw> command, though, the old password hint remained and the new password did not work.Quote:
Originally Posted by Marvo
Are you sure you're trying to log in as the right user? There might be multiple users on that computer.