Get password of a user
Normally, it should not be possible – user passwords are stored in hashed form, using a one-way hash that was designed to be irreversible. Not even the administrator is allowed access the stored hashes, too, so they never get to see the actual passwords.
However, if I remember correctly, by default Server 2003 still stores the old "LM hashes" in addition to "NT hashes". The former are so insecure that they can be bruteforced in very little time, using tools like Ophcrack. Even the latter – NT hashes, which are based on MD4 – have become relatively easy to break using rainbow tables and all sorts of other attacks.
Related videos on Youtube
09 : 34
09 : 45
03 : 09
07 : 28
09 : 00
Icemanind
I am a .NET developer. I am proficient in C# and I use ASP.Net Core, Winforms and WPF. I also dabble in React and Xamarin.
Updated on September 18, 2022Comments
-
Icemanind over 1 year
Is it possible to get the password of a user in Windows Server 2003? I am an administrator and have full access rights to the machine. I just need to get the passwords of a couple regular users on the machine.
Thanks in advance
-
grvpanchal over 10 yearsI guess administrator can change password but i dont think Security Account Manager (SAM) shows actual password
-
Frank Thomas over 10 yearsLook at l0phtcrack (windows)/ 0phtcrack (cross-platform) l0phtcrack.com ophcrack.sourceforge.net Note: this tool may allow you to do illegal things, so its use is often questioned. do not misuse it.
-
ganesh over 10 yearsThere is an easy way to get the password. You explain to the user why you absolutely need his or her password; ask them to tell it to you and let them change their password immediately after you used it.
-
Icemanind over 10 years@Hennes - This isn't a real user. Whats happening is one of our servers is being decommissioned and moved to another server. We have in house apps though that run under a different account. When the app runs, its trying to log into that account. But since I don't know the password to the account, the app is failing.
-
Keltari over 10 yearsWhy not just change the password for the user and in the app? Thats far easier and quicker
-
Icemanind over 10 years@Keltari - That would be far easier. The problem is, we stupidly lost the source code to the application and unfortunately the username and password is hard coded in the app.
-
ganesh over 10 yearsIn that case read the applications documentation or your organisation's emergency recovery document? (If you do not have one: Hint... make one. With all the HW stuff, OS and software settings, password etc etc. Then lock it in a local safe and in an off-site safe (e.g. in a second office).
-
-
Frank Thomas over 10 yearsophcrack now uses rainbow tables, and can now break NTML hashing.
