Lost Admin password - how do I get in as admin?

[farleybarnstorm]

I have an NT machine which is not currently networked. The person who setup the machine is now gone and I have no idea what password he made for the administrator! No other user on the machine has admin rights, so how can I get the PC to join a domain?

Do I have to find someway to reset the admin password? Is there a way to add the domain admin users to a local admin group and thus get admin permissions?


Thanks,

Eric

 

[techierick]

lostpassword.com has a utility which works like a charm, but it's costly. also:


if your C:\ drive is FAT. Boot up with a DOS disk and type:
--------------------------------------------------------------------------------
C:
--------------------------------------------------------------------------------
CD \WINNT\SYSTEM32\CONFIG
--------------------------------------------------------------------------------
DEL SAM.*
--------------------------------------------------------------------------------
Now the Administrator password is blank. If your C:\ drive is NTFS, you have a lot of work to do. Go to

http://www.sysinternals.com/

and download NTFSDOS. Then copy the unzipped NTFSDOS.EXE to your DOS boot disk. Boot up the machine and type:
--------------------------------------------------------------------------------
C:
--------------------------------------------------------------------------------
CD \WINNT\SYSTEM32\CONFIG
--------------------------------------------------------------------------------
COPY SAM.* A:--------------------------------------------------------------------------------
This will copy the SAM file to your floppy disk. Now you need to get on another NT machine, go to

http://www.l0pht.com/

and download L0phtCrack. Run the program and when it asks you for the SAM file, point it to the file on your floppy disk. Now this is going to be a very long process of finding the password depending on the speed of your computer, but eventually you will find it.

 

[Smoothas]

You can also do a search on yahoo for a file called getadmin.exe. Log in as a normal use, run the file. This gives you admin rights, which you then use to change the admin password.

 

[soonerland]

Getadmin.exe only works on NT 4 with service packs 3 and below. It will not work if SP4-6 have been loaded.

 

[ahallwor]

There is also a linux password hack disk that works on winnt. You can use it to reset any password on any account in the sam that is on the machine, it is pretty fail safe with default selections.

 

[soonerland]

Being diligent to not plagerize, the following info came from

http://is-it-true.org/nt/atips/atips262.shtml

In regards to ahallwor's suggestion of using the Linux hack...

There are Linux boot disks that have NT filesystem drivers and software that will read the registry and rewrite the password hashes for any account including the Administrators. It is as simply as:


1.shutdown or turnoff the PC
2.put the book disk in the PC and reboot
3.respond to the Linux prompts
the highest barrier is understanding unix media descriptors
4.select the account whose password hash needs to be rewritten & enter a new password
5.reboot & access using the new password

This process requires physical access to the console and an available floppy drive.

The following site provides the downloadable boot disk image, image to disk utility, source code, and supporting documentation: Offline NT password utility (

http://home.eunet.no/~pnordahl/ntpasswd/).

This version can disable syskey protect. They do note that turning off syskey under Windows 2000 damages the SAM and is not to be attempted except as a last resort to reinstallation.