• Recent Posts

  • A 404 error only for .aspx pages in Microsoft IIS
  • A simple PHP time testing unit
  • Escape a string for xml use in C#
  • Using SharpZipLib to gzip a file
  • Tux Factory: a thousand and one identities for Linux Tux
  • Internet Explorer 7? No! I want them all!
  • How to find, recover or reset Windows passwords
  • Find addresses coordinates with Google Maps
  • HTC MTeoR application unlock

  • SE Backup

    
    Are you looking for a FREEWARE, multilanguage backup program?
    
    Get SE Backup!
    
    

  

Sometimes it happens to remember one thing for years and suddenly forget it. Before writing this article I asked myself what I would do if my mind completely erased my Windows 2003 administrator password and I did not have any rescue disk to get back into my system.

As a first method I would certainly try to use Ophcrack. It comes with a Live CD, contains rainbow tables with the hash of all passwords and allows to find windows system passwords without causing any damage to the server. It doesn’t use brute force algorithms but direct verification of hashes, this means that if you can find passwords through rainbow tables it is just a matter of a few minutes. You just need to download the live CD, burn it, boot it and run the tool.

As a second attempt I would try a service such as Login Recovery. I don’t know exactly how it works, but it probably uses the same techniques as Ophcrack (I don’t think there are too many: brute force, reset or direct comparison of hash). The system provides a Live CD or floppy that extracts the files with passwords from your computer and, as a second step, it uploads them to the Login Recovery website. The free service allows to get results in 48 hours, while using the paid service (a few euros anyway) you can get results instantly. On the web site they say that this system is able to find an administrator password for Windows 2003 computers and ensure to get refunded if the method does not work. No theoretical damage to the server either.

Another attempt I could do is using a tool such as Windows Key. This program lets you create a Live CD or floppy and allows you to reset passwords for all users on your machine. The program should also support Windows Server 2003. In general, however, the tools and services to reset the password for Windows are so many and all theoretically painless. Note that not all of them recover passwords, some of them simply reset (blank) them. One method that I have personally tested some time ago on an XP machine is described here.
It should also work with Windows 2003, reset the password and allows you to change some policies by simply using a CD or floppy.

In all cases, however, you must reboot the machine (and boot from a CD or floppy) and you need to consider the fact that the file you want to read could be encrypted and it could be somewhat more complicated to see SCSI or SATA disks on boot. But this issue can be certainly solved by using appropriate drivers.