PDA

View Full Version : Win2k PWL Files??



(TNT)
09-10-2001, 10:23 AM
Yo,

My school has just set up a new network running win2k, i was just wandering if there is any chance of me getting access to passwords at all? or are they all on the server?

Cheers
TNT

no-one
09-10-2001, 11:03 AM
if your talking about finding the file and hacking the passwords or hacking the network(that shouldn't be hard), but the passwords are 256 bit encrypted they have yet to be broken.

you have a better chance of flying with pigs to mars, than hack the passwords.
your best bet on geting the passwords is staring over someones shoulder whilest they type it.haha

BTW: they got pros setting it up?

Unregistered
09-10-2001, 11:14 AM
yo dude, all you gotta do is work your way into dos, use the copy command to copy the *.pwl file on to your floppy disk, i'm assuming they allow you to use a floppy dick.

the command once in dos will probably be somet like:
copy username.pwl a:

thats:
copy [file] [destination]

but i'm not sure if thats right for the copy command, but whatever, you get the procedure. once you have the .pwl file on your comp of the floppy, get a proggy, there are some, try google, you'll just have to some research for getting into dos and other ****.

no-one
09-10-2001, 11:20 AM
win2k just has the command prompt no dos.
AND IF YOU CAN FIND THE PWL FILE YOUR DOING GOOD!!
second. copying is probably not allowed for such a file he'd most likely need to be an admin.

Unregistered
09-10-2001, 11:21 AM
more notes, make sure yer in the right directory, if possible, use the find function in windows and type *.pwl in the search field, that might get you all the *.pwl files, experiment, its all descovery, you should be able to work ya way around it some how, just so long you know your ****...

no-one
09-10-2001, 11:23 AM
is a guarantee that if the .pwl is a password file it will NOT show up in the std search.

Unregistered
09-10-2001, 11:23 AM
more stuff, if you know your programming **** and have access to the net from that place, try writing a neat asp script or whatever, that might help you...

Unregistered
09-10-2001, 11:25 AM
well if not the std search try getting a directory listing from dos, that should tell ya the files, alot depends on these admins are...

ober
09-10-2001, 11:28 AM
work your way into dos?????? Umm... correct me if I'm mistaken, but Win2k is built on the technology of NT... umm... meaning NO DOS. That's one reason it's more stable... Windows is not plastered on top of DOS in 2K or NT.

Govtcheez
09-10-2001, 11:28 AM
Ah, yes, the great cracking tips from someone who doesn't know how to use copy.... I'd listen to no-one on this one TNT... If you could really just yank pwl files by using a DOS dir command, there'd be a lot less companies using 2K.

ober
09-10-2001, 11:28 AM
whoa... where did all that come from all of a sudden?

ober
09-10-2001, 11:30 AM
that's what I get for getting distracting while writing replies.... I get beaten to the punch.

Govtcheez
09-10-2001, 11:31 AM
whoa... where did all that come from all of a sudden???? I wasn't talking about you, if that's what you meant... I was talking about the magnificient Unregistered that can't figure out the syntax of copy.

(TNT)
09-10-2001, 11:37 AM
Hi,

Thanks i think i may be able to find a way, by the way my school aint pros, there is this one old geezer, he asked me to go in in the summer and help him set up his new network!!! get that lol

They do have a bit of security though like floppy locks etc, but i will find a way keyloggers or somthing like that lol...

Thanks
TNT:rolleyes:

ober
09-10-2001, 11:38 AM
no, I was talking about all the replies that occurred during the time I started my reply and actually submitted it. No offense taken from your post.

no-one
09-10-2001, 11:40 AM
>but i will find a way keyloggers or somthing like that lol...

hehe, good idea. but don't leave any time logs and DON'T get caught. that may not be exactly legal if you know what i mean.

and see what they got running on the system before you touch nothin.

Barjor
09-10-2001, 01:04 PM
If they are runing a Domain network all the passwords for loggin on to that domain is stored on the server. There usally is one Admin password for loggin into the computer if the server goes down and can't verify the Domain loggin. That pssword will not let you out on the network. If everything is correct setup and configed I wouldn't waste my time on hacking in. And forget the "copy PWL to a floppy" There is alot more security built in behind the screen then you see when you log in... SID, etc,,,Despite popular belive win2k is a pretty safe nos.
~Barjor

Barjor
09-10-2001, 01:06 PM
If the network admin let you install any kind of programs or keyloggers he shouldn't be an admin.
~Barjor

(TNT)
09-10-2001, 01:28 PM
Heee, he is a bad admin yer, casue he says you cannot use floppy disks apart from school work on these 2 machines here which arnt locked, also you must virus scan em(with this old thing). + he lets u use the room with his new machines in while hes not there lol!! so i should be able to install some hidden stuff, which i will lol

Thanks
TNT

Barjor
09-10-2001, 02:25 PM
You can set the user rights so that you can't install anything unless your logged in as an admin. If he is there or not doesn't matter If he really did his homework he set it up so you only can run approved programs. But then there is only one way to find out.
~Barjor

-KEN-
09-10-2001, 02:32 PM
Our computers are locked down fairly well, excpet they're win98 *evil grin*...Our programming teacher is the admin for all the computers and he gave his programming classes the passwords to get onto the netwrok, and the one for the internet (Which I filtered to a few friends). Buit then we have "Foolproof" a stupid little program to say the least, but it's effective. Luckily the guy behind me has the password, which I wrote down. So now I own those computers. The funny thing is that if I really wanted into those computers, I could always open up the MS-DOS console and delete it, cuz it only prohibts deleting from explorer. and if that didn't work, I do delete it from notepad...a computer's never actually "secure", remeber that. the only secure computer is a computer that's been blown into 1 million pieces...

Haha, the funny thing about foolproof is that I'm pretty sure I could take it off that easily, but I remember him saying it's on a low-level format, and that ever reformating won't destroy it. they sad last time they forgot the password that they had to use some military reformatting software...

Govtcheez
09-10-2001, 02:39 PM
> use some military reformatting software...

What, like a big magnet? :p:p:p

barjor
09-10-2001, 02:49 PM
Win9X never worked well in a network from a security perspective. There is no secrets behind low level formating. he just want to scare you guys.

gamegod3001
09-10-2001, 05:54 PM
>Our computers are locked down fairly well, excpet they're win98 *evil grin*...Our programming teacher is the admin for all the computers and he gave his programming classes the passwords to get onto the netwrok, and the one for the internet (Which I filtered to a few friends). Buit then we have "Foolproof" a stupid little program to say the least, but it's effective. <

I hate you -ken- :p I've spent 2 days so far tring to open up paint so I have something to do. Last year I had some class that we learned how to use office. So I had a whole much of files that did not open with any thing and when I clicked it I got the open with dialog box. NO wait I have access to note pad I can create a file with a .344 extention or something like that. :D

Nick
09-10-2001, 08:30 PM
I think in windows 98 you can just delete them or more
saftly move them. This is windows 2000 so you *shouldn't*
beable to touch them.

no-one
09-10-2001, 10:51 PM
just remembered,
win2k doesn't even store password in a PWL anymore. heh...

Nick
09-10-2001, 11:51 PM
I guess he won't have to remove them then :)

I remember foolproof from school too, there's an autoexec.bat
entry that starts it up. I hated it because it wouldn't allow me to run dos excutables and for some reason I couldn't get a binary with turbo pascal for windows. I never actually disabled it though.

novacain
09-12-2001, 12:06 AM
years ago, at Uni, computer time was very short and once used you did not get more.
Someone wrote a program that looked exactly like the log on screen for the terminals.

He would log on and run this program. He would then sit at the back and wait for a victim to come to what seemed a unused terminal. The progam would catch the victims log on but use the hackers time.

After that though the hacker would use all the victims time before catching another.

NOW you would get ten years for that in Aussie.

If you MUST get the passwords use a security test program, lots around.

In WIN9x try,
At log on write down the USERNAME but cancel the log on ie fail to enter password.
You will be let in and then FIND the USERNAME.pwl file and rename ie USERNAME.pwl to say USERNAME.old
Restart the computer and see what happens.

Another example of M$ security. Hey it don't sell more software so why put it in?