Unoffical empeg BBS

Quick Links: Empeg FAQ | RioCar.Org | Hijack | BigDisk Builder | jEmplode | emphatic
Repairs: Repairs

Topic Options
#362893 - 04/11/2014 14:21 Need to get past a password
Dignan
carpal tunnel

Registered: 08/03/2000
Posts: 12338
Loc: Sterling, VA
If this is a shady thing I'm asking for, admins are welcome to delete my post.

I have a new client who unfortunately fell for "the Microsoft call" enough to let the caller onto her computer. She didn't give them any personal information, but now her computer is locked at the syskey level frown

Is there any way around this? All my searching has led me to some sites that don't engender much trust.
_________________________
Matt

Top
#362894 - 04/11/2014 14:55 Re: Need to get past a password [Re: Dignan]
robricc
carpal tunnel

Registered: 30/10/2000
Posts: 4931
Loc: New Jersey, USA
I have used this bootable CD in the past (Windows 2000 & XP era). It worked to reset the password.
_________________________
-Rob Riccardelli
80GB 16MB MK2 090000736

Top
#362895 - 04/11/2014 15:39 Re: Need to get past a password [Re: robricc]
Dignan
carpal tunnel

Registered: 08/03/2000
Posts: 12338
Loc: Sterling, VA
Originally Posted By: robricc
I have used this bootable CD in the past (Windows 2000 & XP era). It worked to reset the password.

Thanks for the recommendation! Unfortunately I can't get it to work. I downloaded and burned the disc, but when I boot to it I get halted at some point where it says it can't find "TRK." I thought this disc was TRK. I don't know where else it would find it...
_________________________
Matt

Top
#362897 - 04/11/2014 16:08 Re: Need to get past a password [Re: Dignan]
robricc
carpal tunnel

Registered: 30/10/2000
Posts: 4931
Loc: New Jersey, USA
What kind of PC is this? Some Linux distros won't boot unless you're using legacy boot mode (not UEFI) in your BIOS. If the PC is running Windows 8 from the factory, it's probably UEFI. Look around the bios to see if you can temporarily change it to legacy boot mode.
_________________________
-Rob Riccardelli
80GB 16MB MK2 090000736

Top
#362898 - 04/11/2014 16:30 Re: Need to get past a password [Re: Dignan]
Dignan
carpal tunnel

Registered: 08/03/2000
Posts: 12338
Loc: Sterling, VA
No UEFI. It's an Inspiron 620 with Windows 7. From what I've been able to find online, TRK has problems with some optical drives' chipsets or something along those lines. I don't think there's a fix.

I'm currently walking through these instructions, but I got to the point where I'm supposed to select "syskey status & change" but it's not there! Dang. Seemed like that one would work...
_________________________
Matt

Top
#362900 - 04/11/2014 16:47 Re: Need to get past a password [Re: Dignan]
K447
old hand

Registered: 29/05/2002
Posts: 798
Loc: near Toronto, Ontario, Canada
Originally Posted By: Dignan
No UEFI. It's an Inspiron 620 with Windows 7. From what I've been able to find online, TRK has problems with some optical drives' chipsets or something along those lines. I don't think there's a fix...
Take the hard drive out and put it in something that will properly boot from the CD?

Top
#362901 - 04/11/2014 17:09 Re: Need to get past a password [Re: Dignan]
Phoenix42
veteran

Registered: 21/03/2002
Posts: 1424
Loc: MA but Irish born
Skip the optical drives' chipsets and boot from a USB drive?
http://trinityhome.org/Home/index.php?co...n&locale=en

Top
#362902 - 04/11/2014 17:58 Re: Need to get past a password [Re: Dignan]
Dignan
carpal tunnel

Registered: 08/03/2000
Posts: 12338
Loc: Sterling, VA
Thanks guys, I ended up with a combination of the two. The USB stick wouldn't boot (most likely the PC's fault), but when I booted to the TRK CD, this time it was able to find what it needed from the USB stick. Neat. I'll report what happens.
_________________________
Matt

Top
#362903 - 04/11/2014 18:05 Re: Need to get past a password [Re: robricc]
Dignan
carpal tunnel

Registered: 08/03/2000
Posts: 12338
Loc: Sterling, VA
Originally Posted By: robricc
I have used this bootable CD in the past (Windows 2000 & XP era). It worked to reset the password.

Rob, did you use TRK to reset a syskey password or just a regular user account password? I don't see an option to do anything to the syskey password...
_________________________
Matt

Top
#362904 - 04/11/2014 18:35 Re: Need to get past a password [Re: Dignan]
robricc
carpal tunnel

Registered: 30/10/2000
Posts: 4931
Loc: New Jersey, USA
I have used this to reset the Admin password when it's been forgotten by the users. It's my understanding there is some function in this utility to disable syskey. This operation may come with consequences.
_________________________
-Rob Riccardelli
80GB 16MB MK2 090000736

Top
#362905 - 04/11/2014 19:50 Re: Need to get past a password [Re: Dignan]
Shonky
pooh-bah

Registered: 12/01/2002
Posts: 2009
Loc: Brisbane, Australia
This looks like a fairly complete solution.
http://computernetworkingnotes.com/xp-tips-and-trick/remove-administrator-password.html

Havent heard of this one before but have reset the odd local password in my time.
_________________________
Christian
#40104192 120Gb (no longer in my E36 M3, won't fit the E46 M3)

Top
#362906 - 04/11/2014 20:40 Re: Need to get past a password [Re: robricc]
Dignan
carpal tunnel

Registered: 08/03/2000
Posts: 12338
Loc: Sterling, VA
Originally Posted By: robricc
It's my understanding there is some function in this utility to disable syskey. This operation may come with consequences.

Indeed. I found the syskey option after my last post, but by that point I'd already tried the operation with Hirens Boot CD. It did not go well. To be fair to Hirens, it warned that the computer may end up in an endless boot loop, and that's exactly what happened. I'm going to check if the system has a registry backup from before the scam, but I'm not optimistic. I tried using a Windows 7 disc to do a system restore, which I assume would have put the system back to a point before the syskey was set up, but every time I tried the restore it ended up giving me some sort of error.

Oh well. Time to grab the data and reformat!
_________________________
Matt

Top
#362907 - 04/11/2014 21:12 Re: Need to get past a password [Re: Dignan]
Dignan
carpal tunnel

Registered: 08/03/2000
Posts: 12338
Loc: Sterling, VA
Huzzah!

I tried one last thing (I might have mentioned it earlier). Using a Windows 7 install disc, I went into repair mode and the command prompt. I then navigated to the config folder and found that the regback folder had files in it from a few days before the incident! I backed up the files, put the regback files in the main config folder, and rebooted. Hooray! The system booted and all is good. I'll be running my full suite of scans on this thing to make sure it's clean.

Thanks for the help. I'm going to hold onto this TRK disc for future use. It's certainly a much easier to use password cracking disc than others I've used like OPHCrack. Most of the time I get users who simply forgot their user account password.
_________________________
Matt

Top
#362908 - 04/11/2014 21:44 Re: Need to get past a password [Re: Dignan]
jmwking
old hand

Registered: 27/02/2003
Posts: 777
Loc: Washington, DC metro
Originally Posted By: Dignan
Huzzah!

...I'll be running my full suite of scans on this thing to make sure it's clean.



You're good now. Save the data, wipe the drive. It's just not worth something lingering that scans don't find.

-jk

Top
#362909 - 05/11/2014 03:06 Re: Need to get past a password [Re: Dignan]
JBjorgen
carpal tunnel

Registered: 19/01/2002
Posts: 3584
Loc: Columbus, OH
For posterity, I've been using this bootdisk for many years with great success:

http://pogostick.net/~pnh/ntpasswd/
_________________________
~ John

Top
#362910 - 06/11/2014 03:31 Re: Need to get past a password [Re: jmwking]
Dignan
carpal tunnel

Registered: 08/03/2000
Posts: 12338
Loc: Sterling, VA
Originally Posted By: JBjorgen
For posterity, I've been using this bootdisk for many years with great success:

http://pogostick.net/~pnh/ntpasswd/

Thanks! Though I don't see any mention of the syskey, which is different from the admin password.

Originally Posted By: jmwking
You're good now. Save the data, wipe the drive. It's just not worth something lingering that scans don't find.

Sometimes this is true, but in this case I can be fairly certain that all they did was create a syskey password as a lame ransom attempt. If the solution was always to back up the data, wipe the computer, and start over, I'd be out of business because nobody would pay for the time it would take to do that.
_________________________
Matt

Top
#363119 - 10/12/2014 16:29 Re: Need to get past a password [Re: Dignan]
Dignan
carpal tunnel

Registered: 08/03/2000
Posts: 12338
Loc: Sterling, VA
Question for those of you who have done password recoveries/resets.

I'm working on a computer that needs to be unlocked (users are always forgetting their passwords). I've tried several password recovery/clearing tools, from Rob's TRK to UBCD to a copy of OPHCrack. I've been able to use all of these in the past to reset a password, but this time I'm having a weird problem.

When I boot up the computer normally, I get to a login prompt with a username of "Shelly." When I load up any of these password recovery applications, that account isn't even listed. I can reset the administrator account's password, but I can't seem to be able to access the administrator account...

Any ideas why the account isn't showing up?

*Edit*
Nevermind! I totally missed the option in TRK to enable the Administrator account. Thanks again, Rob, for mentioning such a great resource. I've used it several times since you linked me to it in this thread.


Edited by Dignan (10/12/2014 17:15)
_________________________
Matt

Top