Client fell out with Supplier

[TheCake]

Funny yet serious.

A client of mine has fallen out with another IT supplier/support company and are refusing to pay their extortionate bills.

I go to logon this morning and nothing works.. hmm administrator account doesn't work... so I eventually logon as one of my hidden users and view all users in the domain. Every administrator has been demoted to power user.

I've managed to logon as a power user on a 2000 TS server and am slowly trying to break the admin password.

Grrrrrrrrrrrrrrrrrr.

 

[Hotshot]

*hijack* u bought the striker

 

[al]

Funny, but sounds a pain in the arse!

 

[Pete]

l0phtcrack will be your only friend right now. Don't think a linux boot disk will help with a domain.

 

[TheCake]

Pete i'm running a Windows Password Cracker which is doing an LM hash brute force.

I only have access to this machine by TS and I'm about 400miles from it. Will it run in Windows?

Hotshot - Ohhhhhhhhhhhhhhhhhhhh yes

 

[Ad]

sounds like fun......

wish my day was as interesting... bored out of my tree at work...

 

[Pete]

Pete i'm running a Windows Password Cracker which is doing an LM hash brute force.

I only have access to this machine by TS and I'm about 400miles from it. Will it run in Windows?

Hotshot - Ohhhhhhhhhhhhhhhhhhhh yes

L0phtcrack will run in windows yes, but to do a linux boot disk password recover you'll need to be at the console.

 

[TheCake]

Annoyingly I can't use L0phtcrack mate as I don't have admin rights to lift the details from the registry... ideas?

 

[TheCake]

Not having much luck.

 

[Daz]

So how does this affect you?

If it's another company, and you should still have access, why don't you have the new password etc? :S

 

[TheCake]

So how does this affect you?

If it's another company, and you should still have access, why don't you have the new password etc? :S

They've fallen out over money. My client refuses to pay this other firms bills. They have logged on and changed the admin password, therefore being held to ransom.

Make sense?

 

[Lee]

Sounds a bit low, but your client obviously knew what they were going to charge before hand surely?

 

[TheCake]

Its all very complicated and not really for board discussion. However - anyone got any ideas on how to get them out of this hole?

 

[Daz]

Pay the invoice? :rasp:

 

[TheCake]

Its not really that simple. lol.

 

[TheCake]

Update -

Now have full access to the machine. It didn't like booting from the l0phtcrack live CDrom so does anyone have access to an l0pht edition on Floppy?

My other option is to boot using a windows 98 boot disk, and copy the SAM onto it? How does that sound?? Realistic?

 

[TheCake]

No I don't think that'll work either - NTFS hard drive on the 2003 box..

come one technical guru's!

Help!

 

[MikeDX]

boot from a usb hard disk with another O/S on it, then mount the original drive and start cracking.

 

[Lee]

No I don't think that'll work either - NTFS hard drive on the 2003 box..

come one technical guru's!

Help!

I was going to mention that.

You can boot from CD/DVD with a version of XP running. I've got one here I sometimes use to get at stuff on NTFS partitions.

Built it useing PE Builder. Standalone XP. I can't see you getting past Security on the drives if it's configured correctly. Worth a go though if you want to try and copy the SAM off.

 

[TheCake]

If I can get the SAM I crack the passwords. Thats all thats important at the mo tbh bud. Do you reckon BartPE would do the job?

 

[Lee]

I've only ever used it to access data on an XP Pro machine, but at the very least you should be able to view the contents of the hard drives.

It's fairly easy to build the CD/DVD too.

I think I'll do myself a new one now. Mine is a few years old!

 

[MikeDX]

i think bartpe will do the job nicely

 

[Lee]

I've only ever used it to access data on an XP Pro machine, but at the very least you should be able to view the contents of the hard drives.

It's fairly easy to build the CD/DVD too.

I think I'll do myself a new one now. Mine is a few years old!

Christ, it used to be fairly easy, now even my mom could do it it's so simple.

 

[TheCake]

Guys I can't boot from a CD - can we do somthing from a floppy disk??

 

[BenWall]

you still interested in my laptop?

 

[TheCake]

you still interested in my laptop?

I only asked how much you wanted for it. It wasn't a certificate of marriage!

Anyway - back on topic.

 

[MikeDX]

Guys I can't boot from a CD - can we do somthing from a floppy disk??

Can you boot from any other device?? Most computers nowadays will boot off anything, usb keys, usb/firewire devices, etc.

you could boot from a floppy and then boot a cd from that I guess, why cant you boot from a cd?

 

[TheCake]

I don't know Mike. For some reason there was complication there, it has 2 CD-ROM/DVD-ROM drives but only one shows as being bootable and when you try and boot from it, it doesn't work and it throws a wobbly.

not ideal.

 

[Lee]

No chance of that fitting on a floppy. You can put it on a USB key by the looks of things.

 

[MikeDX]

DC, can you physically open the machine and swap the drives over?

 

[TheCake]

Sadly Lee USB isn't on the boot list.
MIke - no i'm 350miles away. lol. I don't fancy the drive in all honesty.

 

[Lee]

Sadly Lee USB isn't on the boot list.
MIke - no i'm 350miles away. lol. I don't fancy the drive in all honesty.

I guessed as much. Often the case for servers.

You do realise if you had driven up yesterday you would probably have access to it by now. lol

 

[MikeDX]

Ugh, what kinda crap is this setup. where is the server?

Just tell them to courier you the hard drive and then read it in another machine.

 

[TheCake]

Exactly Lee. I feel tempted to drive up but I know its just a pain in the arse I'd rather avoid.

Its a RAID hard disk so thats unlikely Mike. As I'd need all the disks. This machine is also the DC and Exchange 2003 server - so again "ain't gonna happen".

This 'CRAP' setup, is a very tasty server in a rack in the middle of wales.

 

[MikeDX]

Exactly Lee. I feel tempted to drive up but I know its just a pain in the arse I'd rather avoid.

Its a RAID hard disk so thats unlikely Mike. As I'd need all the disks. This machine is also the DC and Exchange 2003 server - so again "ain't gonna happen".

This 'CRAP' setup, is a very tasty server in a rack in the middle of wales.

I didnt mean the machine was crap, i meant its crap its so far away

pack a bag... unless you know a techie in wales

 

[TheCake]

Ahhh with you now bud. If only my kit car was here I'd made a few days of it!!!

 

[MikeDX]

What about if you make a LOAF (linux on a floppy) with the NTFS module enabled, would that be enough to email the SAM file to yourself?

*update* this may be enough to get you going

http://jnocook.net/geek/tiny.htm

http://trinux.sourceforge.net/

 

[TheCake]

Maybe so. If I could boot from a linux floppy and then copy the sam onto the floppy - i might be able to get in....

 

[Mells]

^ the sam would be much to big to dump on a floppy

 

[drac182]

lol, i wish i could understand this post! ;p

Good luck sortin it!