Important Notice: Our web hosting provider recently started charging us for additional visits, which was unexpected. In response, we're seeking donations. Depending on the situation, we may explore different monetization options for our Community and Expert Contributors. It's crucial to provide more returns for their expertise and offer more Expert Validated Answers or AI Validated Answers. Learn more about our hosting issue here.

Are there tools that allow an attacker to reset the Administrator account password to a known value?

account Administrator attacker known password reset tools value

1 Answer

0

Yes. We’ve examined several tools that do this. In each case, they require that the attacker have physical control over the machine, then boot into a different operating system. The tool then overwrites entries in the local SAM database in order to change the hashed password for the local Administrator account to a known value. The attacker could then reboot the machine normally, and log on as the local Administrator using the new password. Do these tools represent a flaw in Windows 2000? No. Tools like this are simply an example of the second and third Immutable Laws of Security: • If a bad guy can alter the operating system on your computer, it’s not your computer anymore. • If a bad guy has unrestricted physical access to your computer, it’s not your computer anymore. It’s simply a fact of computer science that the access control information created by one operating system to regulate the actions of its users is meaningless to other operating systems. If an attacker can boot into a

0 CommentsAdd a Comment

Related Questions

What is your question?

*Sadly, we had to bring back ads too. Hopefully more targeted.

Experts123