The other day I had a server that no one could access. It wasn’t actually being used or anything, but the company has been talking about using a server for a while, so it seemed to make sense to see if the one they had could actually be used. Maybe I’m the only one who thinks that way.
So I needed to get into it, but I had no way to do so. Back in the day, I would have used L0phtCrack, but since L0pht was purchased by At Stake, and then by Symantec, the costs have gone up a bit. A minimum of $450 for this? I don’t think so. The idea was to save money. So it’s off to the Internet.
I found this article that offered some options. I also read this article, which talks about recovering the password from a domain controller, which I suspect this was (I have since verified this to be the case). I don’t actually have easy access to a CD burner right at the moment, so I went first for the floppy-based solutions.
The Offline NT Password & Registry Editor seemed promising, even if it did involve writing data from a command prompt. I tried it out. Took me a while to get the SCSI stuff working. I eventually had to load the driver I needed onto a separate disk and load it manually – the auto-load feature didn’t work, and the manual feature didn’t work with too many items in the list. Once I could read the disk, I figured I was in business. Alas, it wasn’t to be.
So I moved on to XP Password Recovery. I didn’t really have high hopes, for one because the site was named XP Password Recovery (and not 2000 Password Recovery), and also because this is a domain controller. I wasn’t sure if it would work for this case. Nonetheless, the process was painless. I downloaded their image, created a disk, booted with it, it pulled the passwords into a text file which I uploaded. It immediately returned one character of the password. So I waited.
A while later, I received an email saying that the password had been cracked. I checked the web page, retrieved the password, and sure enough – it did the trick. Sweet.