Getting on administrator account without knowing password?

We fired a guy a couple weeks ago for not doing his job on our website and he also worked on our computers. Which means he had access to administrator while the rest of us had access to a limited account.

My question is... is there anyway to get access to the administrator panel from limited account since no one knows the admin password? That way, he can't come back and mess with the computers.

I don't want to format anything. I want to see if I can get access any other way before asking boss to format.


Hopefully that makes sense

 

What Operating System is being used?

 

XP

 

I'm the only guy there who actually knows what to do on a computer. Basically everyone else (except one or two) is horrible on computers.

 

http://home.eunet.no/~pnordahl/ntpasswd/bootdisk.html

Probably the easiet way to do it.

 

I smell fish.

 

Sure it isn't chicken...

 

I have used Backtrack 2 to do it before, but that requires at least a decent knowledge of Linux.

 

Quite sure. Here's what you do: call the guy up and ask him for the admin password, as required by the terms of his employment (i.e. debriefing). If he doesn't want to give it to you, tell him he won't get his final paycheck until you're satisfied with his completion of the debriefing.

The problem with just explaining how to hack the admin account is that people can then do it in situations that aren't legit, either.

 

http://www.securityfocus.com/tools/1005

Find the DL link in the messages section, insert the disk, receive password.

 

Final paycheck after asking for more work? I wouldn't be surprised if he didn't ask for his paycheck when he was told not to come back... You can't have it both ways.

 

this app is money. i had the same issue getting a job where the previous IT guy disappeared. luckily some googling helped me find this. i always remove instead of reveal or replace password since the proggie says that is a less tested/surefire method.

 

Nothing to it if you have access to notepad.

 

The problem is we were actually paying him for his son to go to school. No paycheck really

 

?

 

You're not asking for more work. You're reclaiming company property from him -- intellectual property, in this case.

 

PCLoginNow is free and easy to use. Look on download.com

 

Has it ever occurred to you people that there's a reason some answers are hard to find? Maybe it would be better if they had paid some freelancer $500 to come in and spend all of 5 minutes unlocking the admin accounts on those machines, just to make sure that every two-bit cracker on the web wouldn't be able to find the answer on Google by searching for the title of this thread.

Next time, send info like this in a PM.

 

I assume he means writing some sort of script

 

are you kidding?

 

Security by obscurity is not security at all! If people are in ignorant bliss that a solution is 'harder' to find it will keep their information secure then they deserve to find out the hard way!

 

Security is security; it doesn't matter how you get there. Either that, or you should give the NSA a good talking to, those silly bastards and their "secrets".

The problem with this is that it's an inherently insecure operation. Boot up a computer with a special boot disk and the administrator password gets wiped? There's no way to defend against that, short of posting an armed guard next to your computer at all times. Keeping something like that a secret is the only way to make sure everybody and their second cousin doesn't try it -- especially if they're in college.

Also, can someone explain to me why this thread never got locked for discussing how to bypass security?

 

i'm all for the thread being locked, but i pretty much disagree with everything else. if a system is important, then it should be protected in every way. that means it should be protected across a network, from a local console and from physical intrusion. the reason for providing a way to hack an administrative password is because they sometimes get lost, sometimes a person gets fired and you can't get it back, sometimes someone forgets it, people die, get hit by cars, etc.... so, by physically securing your system, you should be certain that anyone who does have access to break into the system is doing so with full permission.

oh, and security through obscurity is not security at all. it is ignorance because there is someone else who certainly knows more than you that will figure out anything that you do to simply hide your security flaws.

 

I don't know the first thing about hacking. I'm just trying to help my boss and the other employees. :|