I'm not sure if this a serverfault or superuser question.
A client of mine shipped me a Windows 7 box that I am supposed to work on. Unfortunately the machine is joined to his domain (which I cannot access - legally or physically) and the local administrator account appears to be disabled.
Is there anyway that I can get into the system and enable/create a local account with administrator level rights given that I have physical access? Or is my only choice to ship it back and get my client to enable a usable account and ship it back to me again?
For what its worth this is Windows 7 professional.
Edit
As prompted by Chunkyb2002's answer about caching of domain credentials I forgot to mention that there is a domain user as being the last login. Presumably this person also set this computer up and potentially has admin rights. So given this new info is it likely that if I get the password that Windows 7 will let me log in?
Edit 2
I'm in with cached credentials!
-
You should ship it back and ask the client to set up a local admin user for you to work with.
Toward your edit:
If you can get the proper credentials then there's no reason that Windows shouldn't let you log in. There is no guarantee, though, that it is an admin account. Your chances might be good, though, if that account was used to set the machine up.Sam Cogan : Exactly, any other way would be bad, even if it works. If I was your client I would not feel happy if you had hacked your way into your machine. It's the clients fault you don't have access, let the, sort it.Rook : @Sam Cogan you have a warped idea of what hacking is. This is a solution to a problem and no one is getting hurt.Bill Weiss : If the client shipped a machine and asked for work to be done on it, I hardly think this is "hacking".Peter M : @SAm - I agree that this is the clients mess, but short time constraints etc force me to at least ask this question. Besides I almost don't even trust them to ship things properly - the machine arrived with the hard drives almost dangling inside the case and the power connector for the boot drive not being attached!Sam Cogan : @Peter I can understand that, hopefully the client will be able to give you some cached credentials. Whilst using a boot disk or other tool may get you round this problem, in the long term it may cause you more problems than it solves.squillman : @Sam well put my friend @Peter you're certainly in a sucky spot.... I do wish you the best of luck in it!Hardryv : +1 for the great advice; -1 to the client who didn't provide you proper credential access to the system you need to work onFrom squillman -
This boot disk will allow you to change the administrative password on a Windows 7 machine. Make sure you call the guy and ask if this is okay! I have used it on older versions of windows and it works like a charm.
Also note that some viruses disabled the admin account on purpose to make it difficult to remove the infection. If this is the case you must reinstall.
squillman : -1 as I never advocate hacking into machines that aren't mine.Peter M : If the account is disabled will this help me? Besides I think my client would not be too happy about running random software from the Internet on their computer.Rook : @squillman who said anything about hacking? He is given permission to access the machine and Microsoft isn't stopping you. Also note that my solution is good for the environment as it saves money and Co2.Rook : @Peter M either you change the password using a well founded (a boot disk) method or you ship it back.squillman : The fact that the local admin account is disabled is proof that the client doesn't want the local admin account messed with. Thus hack. If permission was given to use the account then the account credentials would have been supplied.Rook : @squillman or maybe he is a moron or infected with a virus...Peter M : @rook - While I agree your solution does save money etc I have discounted it as it morally and ethically professionally questionable to even attempt your solution. When I am done the machine will end back inside the clients domain. If I use a boot disk method without being able to implicitly trust it then the trustworthiness of this machine is then brought into question. And rightly so.David Mackintosh : Local administrator account is disabled by default in Windows 7.Rook : @David Mackintosh good call.Rook : @Peter M I write exploit code and release it 0-day, I don't give a fuck. I never break the law. This solution is not against the law if you have permission, he could just call the guy and ask.Peter M : @Rook - and I know my client and they are conservative as hell and given the area they are involved in they would not give that permission.Rook : @Peter M aah yes rules that only keep moral people in line. Kind of like how everyone's doors only have locks that are easy to pick.Peter M : @Rook - btw your reply edit finally answered my question about the administrator account not being enabled. So your solution is kinda moot.Peter M : @Rook .. no rules that keep my reputation intact and allow me to continue working with this clientsquillman : Downvote removed after the edit.Izzy : If a vendor working with us attempted this, the contract would be summarily terminated, and they would be removed from our Approved Vendors list.Rook : @Peter M this is a legit solution its kind of mind boggling that someone would ask for your help and then not let you fix their machines. Its like going to a mechanic and being like, dude i need you to fix my car but you can't use wrenches. I fucking hate wrenches, a wrench killed my mother.Rook : @Izzy look at the comment i just made to peter m.Izzy : @Rook - some of us are professionals, working in professional environments. What you suggest may be perfectly acceptable working out of your parents basement, but for the rest of us it's a no-no.Rook : @Izzy I'm actually a programmer, I'm happy I'm not a sys admin. Mainly because of people that don't understand the first thing about computers are making decisions about how you should do your job. A boot disk is only a tool.Peter M : @Rook - your car analogy is flawed. It is more like the mechanic wanting to shove a screw driver into the key switch in order to start the car.Izzy : Scriptkiddie != programmer.squillman : @Rook - please tone down the foul language. I've absolutely no problem having a frank exchange of ideas with you but kindly do so without the cursing.Rook : @Izzy exploit writer != scriptkiddie. (Also I write code for aerospace. I just write exploits for fun :)Izzy : @Rook - want a medal? Maybe a paper hat? How about a cookie?Rook : @squillman I don't think you should tell people how to use their constitutional rights.Rook : @Izzy Another CVE number would be nice :) Or maybe a bugtraq ID. Another DHS severity metric would be really sweet. Have you ever gotten one of toughs?squillman : @Rook no argument there, but I also have no problem asking someone to act within the acceptable guidelines of the forum in which they are participating. See the site owner's answer to this: http://meta.stackoverflow.com/questions/22232/are-expletives-allowed-in-commentsIzzy : @Rook Unsubstantiated claims make me hard.Rook : @Izzy Your welcome to look at my profile for the severity metric, but I don't have a list of the ~25 CVE numbers I've accumulated. After a while you just kind of loose track.Rook : @squillman Touché, I wonder why they haven't implemented a word filter.l0c0b0x : @Rook (I'm going to say this, and quickly run away, lol). I believe you're referring to the freedom of expression, but unless @squillman is a government entity trying to negate you of that right, it doesn't really come into context here. By the way, aren't you telling him not express his opinion too? He wants a cleaner forum, you don't care. I'm with him, we're all happily expressing ourselves, viva ServerFault!From Rook -
PassWare can enable Administrator accounts but it's not free. Also domain computers will cache previous logins when it was attached to the domain so you could call the client and ask them for the last users login credentials (along with advising them to reset the password in question immediately).
The second option only helps you if the user in question has administrative rights.
Even with these options, I'd still not recommend doing so as the computer and OS doesn't belong to you. Call the client and ask them for guidance, chances are the IT department (or whoever runs their IT) forgot (or wasn't informed) that you'd be off the domain.
Peter M : The credential caching was something that I had forgotten about. Thanks for that. I am exploring that option now.chunkyb2002 : Windows 7 will definitely let you login with the cached credentials. We used to have all of our laptops on the domain and advised users about user caching (and that they should connect to the network occasionally to get the latest credentials). If you can get that login info you'll be sorted :)Peter M : I'm in with cached credentials! woo hoo!!Rook : @Peter M and @chunkyb2002 can someone please explain how this is not an exploit?chunkyb2002 : Depends on your definition of exploit I suppose. It is a feature so that users can still login to the OS when not connected to the Domain network. If the client was happy to supply the password then Peter is a trusted user and authorised to login to the computer.Rook : @chunkyb2002 well peter m didn't want to use a bootdisk, and he accepted your answer which is just a straight up black hat attack that does the exact same thing. Its really baffling. I think that people just don't understand security **at all**.chunkyb2002 : @Rook my first recommendation PassWare could be seen as an attack, it's a boot disk too but that's not the answer he accepted. He accepted my second recommendation which was to contact the owner of the machine and ask for authentication details (it just so happens in this case it was a domain account that had cached credentials. It could have just as easily been a local account on the machine that they chose to supply Peter.) The only way asking for the password is a Black Hat attack is if it was in some kind of Social Engineering scenario and he lied about his intentions.chunkyb2002 : @Rook, I do agree though a lot of people don't understand computer security at all.From chunkyb2002
0 comments:
Post a Comment