Accessing Vista without a password

**MJM** · #1 24th Aug 2008, 13:38

Basically a friend of mine changed her password. Then she went on holidays and forgot what she changed her password to.
Now I know Vista has a Adminstrator account and I know it doesn't have a password since ophcrack tells me so, but I can't figure out how the hell to access the account. Google gives me results of having to enable it first - is that true? If so, that is one of the most stupid security features known to man.
If all else fails I'll have to find software to reset the password to something else... the only problem would be that she'd lose to weeks of work on her thesis.

**Hybr!d** · #2 24th Aug 2008, 13:53

Ophcrack should give you the pw to the personal account anyway?

**Mike0001** · #3 24th Aug 2008, 14:12

or Ophcrack? You may have to leave it running a long time. Overnight will crack 9-10 chars.

Has the 7+7 bug in Windoze security been fixed yet?

(ie, that a 14 char password is just two 7 char passwords that can be attacked independently?)

**MJM** · #4 24th Aug 2008, 14:52

WinXP still has 7+7.

Ophcrack is not giving out the password, says not found. It's from the live cd and that may be why. I know the company behind it sells better rainbow tables, but I'm not spending a hundred on that.

I have the NTHash so I'll try some other sites and possibly Cain as well before resetting the password, but it would all be easier if we could just access the admin account, so anyone know anything about that?

**Hybr!d** · #5 24th Aug 2008, 14:55

http://www.google.co.uk/search?hl=en...e+Search&meta=

At first glance it appears it can only be activated via a working profile, but have a read.

**serverguy** · #6 24th Aug 2008, 15:11

You can't use the Administrator account unless you've previously enabled it so it is pretty pointless having it TBH.

What you need is the Offline NT Admin Password Reset Disk.

It works an absolute treat. Just flipping impossible to find in Google.

Edit: I see you mention she will loose work if your reset the password? Why do you think this will be the case?

**MJM** · #7 24th Aug 2008, 16:06

Taken from the site directly:

DANGER WILL ROBINSON!
If used on users that have EFS encrypted files, and the system is XP or Vista, all encrypted files for that user will be UNREADABLE! and cannot be recovered unless you remember the old password again If you don't know if you have encrypted files or not, you most likely don't have them. (except maybe on corporate systems)

Yeah, she enabled that. Don't ask me why. She has a backup of the thesis, but it's about two weeks old.

P.S.: I found that site via Google... well actually I found a backup server or something (http://ntpass.blaa.net/).

**serverguy** · #8 24th Aug 2008, 16:11

Quote:

Originally Posted by MJM

Taken from the site directly:

DANGER WILL ROBINSON!
If used on users that have EFS encrypted files, and the system is XP or Vista, all encrypted files for that user will be UNREADABLE! and cannot be recovered unless you remember the old password again If you don't know if you have encrypted files or not, you most likely don't have them. (except maybe on corporate systems)

Yeah, she enabled that. Don't ask me why. She has a backup of the thesis, but it's about two weeks old.

P.S.: I found that site via Google... well actually I found a backup server or something (http://ntpass.blaa.net/).

Ahh OK. Stupid question...why one earth did she enable it?

Well, your only option is a brute force attack with one of the programs already mentioned or just resetting the password.

I never seem to be able to find this site easily... maybe I just always use the wrong keywords.