Major Geeks, Password Challenge

Hi to everyone, Particularly the Major Geeks.

I have 48 Hours from now to accomplish the following

My computer instructor says he can password a desk top pc so no one can get in, I accepted the challenge.

What I'm asking for is all procedures including but not limited to CMOS JP1 and battery removal.

Would administrator password in BIOS completely stop me?

Batch file redirect, etc.

can cmos be passworded so jumper and battery removal would not work.

What Would Be The Most Difficult to overcome, I think he was in BIOS.

Your answers would be greatly appreciated.

Thank you,

Chris.
Microcomputer Maintanence & Support.

 

Clearing CMOS via jumper or battery removal are the ways to remove a startup password.
If that's all the challenge is, you're in good shape.

Windows passwords are a little tougher... Think he might mean that at all?

 

Or, use a back door. Almost all, if not all, BIOSes have one and you don't need to reset the CMOS and lose BIOS settings.

Backdoor and default passwords

 

Heh, I would've recommended this, but didn't for two reasons:

1. I've only ever got this to work ONCE, even when (I thought) I had all my ducks in a row - have you had any more luck than I?
2. You need to know the BIOS revision for the correct password. In most cases the user needs to access BIOS to get this information. Also, most BIOSes give only a few attempts to guess the password before locking.

 

Thought this was easier, but now it seems pulling the battery is . The back door method is more challenging though, and that's what candive was looking for.

 

Try this.

 

Hi
Thanks to everyone,

He will password everything , BIOS, Safe mode and Windows XP Hard Drive.
He might even flash the CMOS
I found this program, ERD Commander.
I think that about covers Windows password work arounds.

NOW (not yelling) how do I bypass Linux???
I hear it can not be done.
Lets find options to bypass a Linux Hard Drive password!!
We cannot let him stump us!
When I beat him at this game I will be telling him where I got the help.

Thank you in advance,

Chris.

 

You can bypass Linux passwords. Instructions on how to do this can be found at http://aplawrence.com/Linux/lostlinuxpassword.html

 

Hi erikske,
Great, Thank you.
Chris.

 

I have to say this stuff interests me. I look forward to hearing the results...

Good luck

Oh, and if there's a tip I could give - there's always "social engineering". It doesn't sound like it will be much use to you in this case, but if you can maybe get a quick look over his shoulder, get him to slip up and say something he shouldn't it might get your foot in the door.
I'm not much of one for this kind of thing, but I have used a bit of social engineering in the past - nothing malicious, but it is interesting to play the game sometimes.

Oh, and for the record...
http://en.wikipedia.org/wiki/Social_engineering_(security)
Kevin Mitnick claims that social engineering is "the single most effective method in his arsenal."
Might be what one could call a seal of approval. That is if all methods are open to you and not just hacking your way in.

Have fun.

 

BigShot,

He would not fall for it.
I was told to stay on my side of the room.

But It is Very useful information thanks.

The idea is the company is big on security, for what ever reason the passwords have been lost or forgotten.
The company is losing millions per hr or day.
My job is to get the network up and running "now"

Thank you,

Chris.

 

You can reset the Administrator Password on a Windows NT based system using this tool, Offline NT Password & Registry Editor. Once you have access to the administrator account, you can reset the passwords on the user accounts and do what you want.

 

Shadow_Puter_Dude,

Thank you,

Chris.

 

Is the hard drive encrypted? If not remove the hard drive and scan or copy whatever files you want from the removed hard drive by using on a machine that you do have access to.

Are there numerous passwords? If so, are they likely to be the same or written down anywhere? Are there clues to the password strategy used here?

Have a read of http://en.wikipedia.org/wiki/Computer_insecurity

Usually in a company system there is a backup strategy and you can recovery all the information you need from that and re-image your PC.

 

TimW, Maxwell,
Thank you.

I will start compiling the information I received from everyone, for monday morning.
If anyone knows of another method not mentioned in this thread, please add it.

Thank you to all who participated, I will add the results to this post hopefully before next weekend.

Chris.

 

Hello & thank you to all who participated !

I am a little embarrased to tell you all the results of the password challenge.
I was very prepared, thanks to all of you.

Hopefully the next challenge will be a little more difficult, here goes.

1. The Windows Operating System on the Hard Drive was passworded.
2. Reboot into BIOS to set CD to run first. The BIOS was passworded.

I was about to jump the cmos and then remove the battery when the password for bios was given to me by another student.
There was no need to waste time.

I inserted my ERD Commander disk into the CD rom drive.
I restarted the desktop pc and changed the password.

Restart and log in no problem.

Again, Thank you to all who shared their experience, it was all very helpful and will be saved for future reference.

Chris.

 

Nice work.
I guess your teacher was mistaken then... "My computer instructor says he can password a desk top pc so no one can get in..."

Glad to hear it went well. Wasn't the password given by another student a bit of a shortcut though? I mean I have no doubt you'd have got in anyway from the sounds of it, it just seemed a bit odd that someone would be able to just tell you a password if the idea was to force your way in.

Still - makes for an interesting thread