Thorsten,
You can use Linux live cd such as BackTrack (
http://remote-exploit.org/backtrack.html) to reset or recover the
administrator password. BackTrack comes with chntpw tool which is
useful in resetting the password.
Here's the procedure for resetting the password
=============================================
1) Reboot the system with backtrack
2) Remount the system drive in write mode
umount /mnt/hda1
mount -o rw /dev/hda1 /mnt/hda1
If your system drive is NTFS then use this method
umount /mnt/hda1
modprobe fuse
ntfsmount /dev/hda1 /mnt/hda1
Note : You need to specify right device instead of hda1.
3) cd /mnt/hda1/windows/system32/config
4) invoke chntpw tool by specifying the SAM file and registry hives as follows
chntpw -i sam system security
5) Choose the user as "administrator"
6) Enter new password or * to set blank password
7) Next reboot the machine.
If you wants to recover the password then follow the below steps
===============================================
1) Reboot the system using backtrack or any other live cd or boot disk
2) Copy the sam and system files from the //windows/system32/config folder
3) Use cain&able or saminside tool to get the LM hashes from these files
4) Next submit the gathered hashes to online rainbow crack sites such as
http://plain-text.info/add/
https://www.astalavista.net/?cmd=rainbowtables
Within one day ( at worst case) you will get back your password
Good luck
PS : Sorry for the SPAM, if you have received the multiple copies. I
was having some problem sending the mail due to rich format.
--
With Regards
Nagareshwar Talekar
http://securityxploded.com
http://nagareshwar.securityxploded.com
On 6/15/07, Thorsten Grund <t.grund@stratec-biomedical.de> wrote:
Hey,
how can i set back the local Administrator passwort on a windows xp
computer ?
thanks
thorsten
STRATEC Biomedical Systems AG / Gewerbestr. 37 / D- 75217 Birkenfeld
Board of Management: Hermann Leistner, Bernd M. Steidle, Marcus
Wolfinger
Chairman of the Supervisory Board: Fred K. BrÃckner
Register Court: Mannheim / HRB 504390 / VAT- ID: DE 812415108
---- DISCLAIMER ----
This e-mail and any attached files are confidential. If you are not the
intended recipient or if this transmission has been addressed to you in
error, any disclosure, reproduction, copying, distribution, or other
dissemination or use of this communication is prohibited. If you have
received this transmission in error please notify the sender immediately
and then delete this e-mail along with any attachments. E-mail
transmission cannot be ensured to be secure or without any error as
information could be intercepted, corrupted, lost, destroyed, arrive
late or incomplete, or contain viruses. The sender therefore does not
accept liability for any errors or omissions in the contents of this
message or any other of such risks which arise as a result of e-mail
transmission. If verification is required, please request a hard copy
version.
