Security Basics mailing list archives

RE: Windows 2000 Administrator lockout

From: "Dinis Cruz" <dinis () ddplus net>
Date: Wed, 18 Aug 2004 03:32:05 +0100

Another alternative is to use an exploit to gain a SYSTEM shell in the
server.

If the server is not up-to-date with the latest patches you could use (for
example) the RPC exploits available at SecurityFocus.com.

In fact I once had a similar problem where I made a simple 'mistake' in a
GPO where the administrator lost its login privileges (to solve it I used
the RPC exploit to gain a SYSTEM shell and made another user an
administrator).

Dinis Cruz
.Net Security Consultant
DDPlus

-----Original Message-----
From: adisegna () siscocorp com [mailto:adisegna () siscocorp com]
Sent: 16 August 2004 18:30
To: rritchey () eods com
Cc: security-basics () securityfocus com
Subject: RE: Windows 2000 Administrator lockout

Try this..

http://home.eunet.no/~pnordahl/ntpasswd/

It works great. I have never tried it on a production domain controller
with Active Directory installed. If you have no other choice then go for
it..

Arthur DiSegna
Information Technology Group
Security Identification Systems Corporation

-----Original Message-----
From: Robert Ritchey [mailto:rritchey () eods com]
Sent: Friday, August 13, 2004 2:55 PM
To: security-basics () securityfocus com
Subject: Windows 2000 Administrator lockout

Hello All,

The network that I have is rather small.  1 server, and 4 workstations.
I inherited the systems.  There has been no administrator working there
for a little over a year.  What administrator that was there, was very
much non-technical.

When the network was built whoever built the server installed everything
they possibly could.  This system now how few main functions:
1. File server
2. Internet Gateway
3. Symantec Virus manager

Nobody knows any of the passwords for anything on the system.  Any of
the passwords that are in use are not allowed administrator access.  I
do mean for anything!  I can't even get Symantec to update virus
signatures, as I do not have a password to do the update with.  The
signature is like 2003 date.

It is just very frustrating!

I am looking for options, before I have to go and reformat and rebuild.
This would in some ways make life simpler, there are wrinkles in that
all of there operational data and other services are on the server.  We
are currently moving foreword with a plan to rebuild.  This will happen;
I would rather pick the time to do it.  Rather than have it forced on
me.

Does anyone know of any other way to take control of this machine and
network.

Thanks for your time and any ideas will be appreciated.

Robert Ritchey

------------------------------------------------------------------------
---
Ethical Hacking at the InfoSec Institute. Mention this ad and get $545
off
any course! All of our class sizes are guaranteed to be 10 students or
less
to facilitate one-on-one interaction with one of our expert instructors.

Attend a course taught by an expert instructor with years of
in-the-field
pen testing experience in our state of the art hacking lab. Master the
skills
of an Ethical Hacker to better assess the security of your organization.

Visit us at:
http://www.infosecinstitute.com/courses/ethical_hacking_training.html
------------------------------------------------------------------------
----

--------------------------------------------------------------------------
-
Ethical Hacking at the InfoSec Institute. Mention this ad and get $545 off
any course! All of our class sizes are guaranteed to be 10 students or
less
to facilitate one-on-one interaction with one of our expert instructors.
Attend a course taught by an expert instructor with years of in-the-field
pen testing experience in our state of the art hacking lab. Master the
skills
of an Ethical Hacker to better assess the security of your organization.
Visit us at:
http://www.infosecinstitute.com/courses/ethical_hacking_training.html
--------------------------------------------------------------------------
--




---------------------------------------------------------------------------
Computer Forensics Training at the InfoSec Institute. All of our class sizes
are guaranteed to be 12 students or less to facilitate one-on-one
interaction with one of our expert instructors. Gain the in-demand skills of
a certified computer examiner, learn to recover trace data left behind by
fraud, theft, and cybercrime perpetrators. Discover the source of computer
crime and abuse so that it never happens again.

http://www.securityfocus.com/sponsor/InfoSecInstitute_security-basics_040817
----------------------------------------------------------------------------

Current thread:

Windows 2000 Administrator lockout Robert Ritchey (Aug 16)
- RE: Windows 2000 Administrator lockout Jason Haith (Aug 17)
- Re: Windows 2000 Administrator lockout Bruno Guedes Souto (Aug 17)
  - Re: Windows 2000 Administrator lockout fiber (Aug 23)
- Re: Windows 2000 Administrator lockout some guy (Aug 17)
- Re: Windows 2000 Administrator lockout Ansgar -59cobalt- Wiechers (Aug 17)
- Re: Windows 2000 Administrator lockout Mark Johnson-Barbier (Aug 17)
- RE: Windows 2000 Administrator lockout Rob Morgan (Aug 19)
- Re: Windows 2000 Administrator lockout Alexandre Verriere (Aug 23)
- <Possible follow-ups>
- RE: Windows 2000 Administrator lockout adisegna (Aug 17)
  - RE: Windows 2000 Administrator lockout Dinis Cruz (Aug 20)
- RE: Windows 2000 Administrator lockout Mark Medici (Aug 18)
  - Re: Windows 2000 Administrator lockout jeffry (Aug 23)
  - RE: Windows 2000 Administrator lockout Tarun Bansal (Aug 23)
    - Re: Windows 2000 Administrator lockout Ansgar -59cobalt- Wiechers (Aug 24)
- RE: Windows 2000 Administrator lockout Ferino Mardo (Aug 23)