-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1
greets,
i would like to help a colleague crack a password used on a win 2000 pro system and have pulled from;
http://www.openwall.com/john/ http://www.loginrecovery.com/ http://home.eunet.no/~pnordahl/ntpasswd/
any suggestions for something that may be better.
password is for a user who is now departed, as in died, and need this password to access a remote site. site's policy prohibits their bypassing password to allow colleague's company access.
thanks in advance for any help or recommendations.
- -- tc,hago.
g .
in a free world without fences, who needs gates.
learn linux: 'Rute User's Tutorial and Exposition' http://rute.2038bug.com/index.html.gz 'The Linux Documentation Project' http://www.tldp.org/ 'HowtoForge' http://howtoforge.com/
contact the system administrator, or company CISSO
g wrote:
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1
greets,
i would like to help a colleague crack a password used on a win 2000 pro system and have pulled from;
http://www.openwall.com/john/ http://www.loginrecovery.com/ http://home.eunet.no/~pnordahl/ntpasswd/
any suggestions for something that may be better.
password is for a user who is now departed, as in died, and need this password to access a remote site. site's policy prohibits their bypassing password to allow colleague's company access.
thanks in advance for any help or recommendations.
tc,hago.
g .
in a free world without fences, who needs gates.
learn linux: 'Rute User's Tutorial and Exposition' http://rute.2038bug.com/index.html.gz 'The Linux Documentation Project' http://www.tldp.org/ 'HowtoForge' http://howtoforge.com/
-----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.5 (GNU/Linux) Comment: Using GnuPG with Red Hat - http://enigmail.mozdev.org
iD8DBQFI+rHR+C4Bj9Rkw/wRAubvAKCTsQwxkjwHMf7ZcFe057ae0uG1AQCg1vsD mqOWiHpNG5dhvTyaUwQyEBc= =Lm9I -----END PGP SIGNATURE-----
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1
bob smith wrote:
contact the system administrator, or company CISSO
thanks for your suggestions.
this was my first suggestion, but they were told 'security policy prohibits'.
they are going to follow my second suggestion, after we crack password, new site provider.
- --
tc,hago.
g .
in a free world without fences, who needs gates.
learn linux: 'Rute User's Tutorial and Exposition' http://rute.2038bug.com/index.html.gz 'The Linux Documentation Project' http://www.tldp.org/ 'HowtoForge' http://howtoforge.com/
g wrote:
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1
greets,
i would like to help a colleague crack a password used on a win 2000 pro system and have pulled from;
http://www.openwall.com/john/ http://www.loginrecovery.com/ http://home.eunet.no/~pnordahl/ntpasswd/
any suggestions for something that may be better.
password is for a user who is now departed, as in died, and need this password to access a remote site. site's policy prohibits their bypassing password to allow colleague's company access.
This may be of use. Has been claimed never to fail on xp or vista; don't know about w2k.
http://ophcrack.sourceforge.net/download.php?type=livecd
:m)
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1
Mike Wright wrote:
This may be of use. Has been claimed never to fail on xp or vista; don't know about w2k.
thanks for link. pulling now. will see how it works with win2k0pro.
will pull vista version later. never know when a user will depart from having to fight with vista. [ok. sick joke. but so is msbsos]
with what i already had and what has been suggested 'off list', we should have it cracked with out much trouble. what will be interesting is just which cracker works and which is fastest.
thanks again. - --
tc,hago.
g .
in a free world without fences, who needs gates.
learn linux: 'Rute User's Tutorial and Exposition' http://rute.2038bug.com/index.html.gz 'The Linux Documentation Project' http://www.tldp.org/ 'HowtoForge' http://howtoforge.com/
On Sun, Oct 19, 2008 at 02:45:26PM +0000, g wrote:
bob smith wrote:
contact the system administrator, or company CISSO
thanks for your suggestions.
this was my first suggestion, but they were told 'security policy prohibits'.
they are going to follow my second suggestion, after we crack password, new site provider.
Who's security policy do you violate, If this is a service provider there must be some process to reaccess the resource if it is yours.
In general there are laws governing this stuff and any worthy service provider must act within the law -- as must you.
If someone dies you may be required to deliver a death certificate and more to validate and cover their legal needs. Yes this can take time.
Implied in all of this is a lesson to us in large and small companies that access and pass words and keys need to be well managed. If you have not placed a sealed envelope with pass words and keys in your managers locked resource perhaps you should.
Such things need to be covered by policy and process.
On Mon, Oct 20, 2008 at 4:12 PM, Nifty Fedora Mitch niftyfedora@niftyegg.com wrote:
Implied in all of this is a lesson to us in large and small companies that access and pass words and keys need to be well managed. If you have not placed a sealed envelope with pass words and keys in your managers locked resource perhaps you should.
Such things need to be covered by policy and process.
Some companies shoot themselves on the foot when they require that user password be changed very frequently; every 60 or 90 days.
~af
On Mon, Oct 20, 2008 at 04:25:24PM -0700, Aldo Foot wrote:
On Mon, Oct 20, 2008 at 4:12 PM, Nifty Fedora Mitch niftyfedora@niftyegg.com wrote:
Implied in all of this is a lesson to us in large and small companies that access and pass words and keys need to be well managed. If you have not placed a sealed envelope with pass words and keys in your managers locked resource perhaps you should.
Such things need to be covered by policy and process.
Some companies shoot themselves on the foot when they require that user password be changed very frequently; every 60 or 90 days.
Yep... I cannot tell you how often I have had a laptop act like a brick because the policy for refreshing pass words with the master WindoZ controller was shorter than travel schedule accommodates. Then upon returning from vacation to find that the requirement to change a pass word policy had timed me out and manual intervention was required....
Such re-validations are expensive and costly especially so if the last customer on a trip cannot see the presentation because connectivity to the mother ship was 'overdue'. At least with USB keys big enough to hold the presentation and the growing number of hot spots this is less painful than it was but still a pain.
Then there are the *%$^@$^ acro*, word and eXcel based "forms" that are locked by some person gone, unresponsive, transferred or on vacation.
I was on a conference call with the manager of just such an unaware group and one of us commented that this was so Kafkaesque. The director over this manager asked what Kafkaesque meant and no one in the home office knew. We translated it to "Catch 22" and still there was no light in the guano cave.
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1
Nifty Fedora Mitch wrote:
Who's security policy do you violate, If this is a service provider there must be some process to reaccess the resource if it is yours.
i agree. but to clear things up, 'you' is not as in *me*. it is *he* as in 'colleague'.
if it were 'i', as in *me*, 'we', as in 'they' - *company*, would not still be using hosting provider. as there have been several other issues with current provider.
reason that 'they' are with host is that previous admin's head was up bg&c's butt and chose current host. current admin knows little of linux and i do question his knowledge of msbsos. but he has been at it for enough years that he got job over my 'friend/colleague'.
if f/c and i can pull this 'little caper' and gain password, then my f/c will have a very good shot at becoming new admin and moving local servers over to linux and get a new remote host that is a linux system host.
In general there are laws governing this stuff and any worthy service provider must act within the law -- as must you.
of this i am aware, and i already have contract agreements to be signed before i tickle first key on systems. cyoa.
If someone dies you may be required to deliver a death certificate and more to validate and cover their legal needs. Yes this can take time.
time is on 'our side'. contract with current host is up for renewal at end of year and there is no desire to 'make waves'. if we can pull local password, all will be *golden* because f/c noticed indications that departed had an auto login set.
sealed envelope with pass words and keys in your managers locked resource perhaps you should.
Such things need to be covered by policy and process.
this will all be taken care of.
thanks for your input.
- --
tc,hago.
g .
in a free world without fences, who needs gates.
learn linux: 'Rute User's Tutorial and Exposition' http://rute.2038bug.com/index.html.gz 'The Linux Documentation Project' http://www.tldp.org/ 'HowtoForge' http://howtoforge.com/
For recover and solve problems with passwords try-clear pst password [1],it has many features and as far as i know it is free,utiltiy help to retrieve your password for any of these mail services: Microsoft Mail, Microsoft LDAP Directory, POP3 and IMAP mail server as well as Microsoft Exchange Server,supports all Windows versions, from Windows 98 to Windows Vista. Microsoft Office is supported starting from Microsoft Office 97,permits to find Microsoft Outlook online password and clearing password on Outlook .pst file in a second,clear password for .pst Outlook file and find pst password sorts all characters, including multilingual ones and composes another one, that will be accepted by Microsoft Outlook.
Links: ------ [1] http://www.recoverytoolbox.com/clear_get_broke_find_pst_password.html
-
Aldo Foot -
bob smith -
g -
Mike Wright -
Nifty Fedora Mitch -
potat0