Announcement

Collapse
No announcement yet.

Could not recover password with loginrecovery

Collapse
X
  • Filter
  • Time
  • Show
Clear All
new posts

  • Could not recover password with loginrecovery

    Hello, I am an owner of a laptop and a desktop. Recently my friend changed the administrator password on the laptop and moved away and I cant reach him now. Anyway, heres the problem

    I put the CD in the laptop and I boot it up, but when the password recovery screen comes on, it displays the password for a split second and goes away (I did this 3 times), telling me to follow the instructions on the website and saying that the password had been saved to the disk, yet when I put the disk in my desktop, nothing appears except the readme file. Whats wrong?

  • #2
    Re: Could not recover password with loginrecovery

    Please read the stickys at the top of the page and tell us:
    What Operating System you are running
    Is it a domain or a workgroup
    Which password recovery technique you are actually trying

    Although many members of this forum do have super-human powers, and can leap tall servers in a single bound, mind reading is not actually one of them (Except for Daniel).

    Once we have fuller information, we can probably give more assistance.

    I suggest that (if you can), you remove the drive from the laptop and copy your files onto the desktop. You will probably have to buy a (cheap) cable to connect the laptop drive. That way, if the worst comes to the worst, you can do a clean install on the laptop.

    Oh, and choose your friends better next time

    Tom
    Tom Jones
    MCT, MCSE (2000:Security & 2003), MCSA:Security & Messaging, MCDBA, MCDST, MCITP(EA, EMA, SA, EDA, ES, CS), MCTS, MCP, Sec+
    PhD, MSc, FIAP, MIITT
    IT Trainer / Consultant
    Ossian Ltd
    Scotland

    ** Remember to give credit where credit is due and leave reputation points where appropriate **

    Comment


    • #3
      Re: Could not recover password with loginrecovery

      Windows XP home edition SP2
      Workgroup
      I am trying to use the method on loginrecovery.com using a CD since my laptop does not have a floppy drive

      I hope thats enough information

      Thanks in advance

      Comment


      • #4
        Re: Could not recover password with loginrecovery

        What LoginRecovery is doing on that boot CD is running some flavor of PWDUMP that will display the account and hash info in the following form:
        "UserName:RID:LMhash:NThash:::"

        Each of seven-characters password halves is encrypted independently from the other in LM hash due to DES algorithm (former federal standard of the USA), NT hash is compiled as a result of the whole password encryption due to MD4 algorithm (by RSA Security, Inc.). LM hash contains password information in case-insensitive form (in upper case), NT hash - in case-sensitive form. There is a unique user account identifier - RID (relative identifier) right after a user name, which is not used for hashes computing. Identifier of a built-in administrator account is equal to 500, a guest account - 501. LM hash is used for compatibility with other operating systems (LAN Manager, Windows for Workgroups, Windows 95/98/Me, etc.). Its presence simplifies passwords recovering. If the NT password length exceeds 14 characters, LM hash corresponds to the empty password. In case of LM hash presence, the password recovering is initially performed due to LM hash. When LM password is found, NT hash will be used to determine the NT password.

        You can try BartPE with PWDUMP* or Cain (from Cain and Abel - v4.2 is latest) to get these hash strings since the provided CD ISO isn't working for you.

        Reported success from these forums using BartPE and PWDUMP:

        http://forums.petri.com/showthread.php?t=11724

        Or search Google:

        http://www.google.com/search?hl=en&q=bartpe+pwdump
        http://www.google.com/search?hl=en&q=bartpe+cain

        Also look at Wikipedia for some alternate services and ideas:

        http://en.wikibooks.org/wiki/Reverse...s_XP_Passwords
        http://en.wikipedia.org/wiki/Password_cracking

        I tried running PWDUMP2 on my WXP SP2 patched box (logged on normally as Administrator) and it took out LSASS.EXE = had to reboot.

        Cain from "Cain and Abel" had no issues. Cain's output does not conform to PWDUMP nor Loginrecovery but you can map it as the only things of importance are some kind of UserName and the LM and NT Hash strings. For the LoginRecovery.com entry screen when using a CD, looks like they want commas between each hex byte of each hash and an underscore at the beginning of a new line. Also, the LM Hash must have a leading "0," and the NT Hash must have a trailing ",087CA" -- just follow the format on:

        http://www.loginrecovery.com/instructions.php#cd

        For kicks, I submitted the hash strings for qwerty, abc123, and [email protected]# as follows:

        CrackTest::0,<16 byte hex LM hash separated by commas every 2 char>:
        _<16 byte hex NT hash separated by commas every 2 char>,087CA:::
        to LoginRecovery.com's free service and I received success emails for all 3 within an hour. I won't get the passwords sent for 48 hrs on the first success and 3 months for passwords 2 and 3 unless I pay for priority service.

        So it appears LoginRecovery may have a decent set of RainbowCrack tables. I'd submit for free and then decide if you want to pay to avoid the wait assuming they claim success.
        Cheers,

        Rick

        ** Remember to give credit where credit is due and leave reputation points sigpic where appropriate **

        2006-2099 R Valstar. This post is offered "as is" for discussion purposes only with no express or implied warranty of any kind including, but not limited to, correctness or fitness for use. Nothing herein shall be construed as advice. Attempting any activity based on information in this post is done at your own risk.

        Comment


        • #5
          Re: Could not recover password with loginrecovery

          I would have edited my prev post but this is important enough, IMHO, to warrant a new email so you catch it.

          If you can mount the laptop drive in another PC (if you are unable to find an adapter, let us know and we'll post some), you can install Cain and Abel on that PC and read the SAM off your laptop drive.

          This would get around the whole boot CD issue plus help satisfy the need to get a good image backup.
          Cheers,

          Rick

          ** Remember to give credit where credit is due and leave reputation points sigpic where appropriate **

          2006-2099 R Valstar. This post is offered "as is" for discussion purposes only with no express or implied warranty of any kind including, but not limited to, correctness or fitness for use. Nothing herein shall be construed as advice. Attempting any activity based on information in this post is done at your own risk.

          Comment


          • #6
            Re: Could not recover password with loginrecovery

            Since posting, I have found Cain 4.2 has issues returning the correct hashes from and off-line SAM. It appears to not apply the offline SYSKEY even when pasted correctly.

            Anyway, found a nice tutorial on the entire password recovery topic here:

            http://jinx.com/forum/topic.asp?TOPIC_ID=53294

            That link mentions a tool called SAMinside which handles hashes and the SYSKEY properly for offline SAM, SYSTEM files.
            Cheers,

            Rick

            ** Remember to give credit where credit is due and leave reputation points sigpic where appropriate **

            2006-2099 R Valstar. This post is offered "as is" for discussion purposes only with no express or implied warranty of any kind including, but not limited to, correctness or fitness for use. Nothing herein shall be construed as advice. Attempting any activity based on information in this post is done at your own risk.

            Comment

            Working...
            X