So I had installed Windows Server 2003 awhile back, but had forgotten my administrator password. I tried all the random configurations I could think of, but nothing worked. So being distraught, I knew for Windows XP, you could download a boot diskette or CD which could reset your administrator password. However, at that time, it didn’t work for Windows Server 2003. There are claims now that it works, but I haven’t hit that situation again yet and don’t really plan on to.
There were many other suggestions on another site: How can I gain access to a Windows NT/2000/XP/2003 computer if I forgot the administrator’s password? How can I reset the administrator’s password if I forgot it? But at that time, they didn’t have any suggestions for Windows Server 2003. It was pretty hopeless.
But I searched online some more and ended up on this website: Windows XP Login Recovery. They claim: Login Recovery is a service to reveal user names and recover passwords for Windows NT, 2000, XP, 2003 and Longhorn. As long as you have physical access to the computer, your passwords can be recovered. By following three simple steps, over 98.5% of passwords can be recovered within less than ten minutes. This service does not overwrite passwords, it does not write anything to the hard drive, it does not alter the computer in any way. It simply reads the encrypted passwords for processing through our servers. I didn’t really believe them and if they could break it, I didn’t really want them to know my password either, but I had no choice because I didn’t want to reinstall the OS. I followed their directions and gave it a try.
There are 2 levels of service. My password was actually cracked within 5 minutes, but to get it that fast, I would have to pay £10. I opted for the free service which required waiting 48hours. And indeed it was able to crack my password within 5 minutes. I was shocked at how fast it could do it and could Windows Server 2003 security be that easy to break and when no other sites or software at that time were able to do it? Apparently, I had shifted my index finger one key to the left causing a typo on both the password and confirmation. But it’s fixed now and the password has changed, just in case.
So being curious, I sent a email to the Windows Server 2003 team asking them if they knew how this password retrieval worked and why is it so fast when it’s suppose to be secured. They directed me to this site: Project RainbowCrack. RainbowCrack is a general propose implementation of Philippe Oechslin’s faster time-memory trade-off technique. In short, the RainbowCrack tool is a hash cracker. A traditional brute force cracker try all possible plaintexts one by one in cracking time. It is time consuming to break complex password in this way. The idea of time-memory trade-off is to do all cracking time computation in advance and store the result in files so called “rainbow table”. It does take a long time to precompute the tables. But once the one time precomputation is finished, a time-memory trade-off cracker can be hundreds of times faster than a brute force cracker, with the help of precomputed tables. By having precomputed tables, they’re able to crack these passwords super fast just by making some simple comparisions to the user profile data you sent them.
I’m wondering if I should make a really obscure and long password and see if they could crack it.