I recently tried to change my password, administrator, on my NT 4.0 machine and messed up. I have no idea what the password is and I have also been logged out. I need to log in and there is no password. Help needed desperately.

Reinstall NT or obtain NT Locksmith.

03-2. How do I crack NT passwords? First off, it should be explained that the passwords are technically not located on the server, or in the password database. What IS located there is a one-way hash of the password. Let me explain... Two one-way hashes are stored on the server -- a Lan Manager password, and a Windows NT password. Lan Manager uses a 14 byte password. If the password is less than 14 bytes, it is concantenated with 0's. It is converted to upper case, and split into 7 byte halves. An 8 byte odd parity DES key is constructed from each 7 byte half. Each 8 byte DES key is encrypted with a "magic number" (0x4B47532140232425 encrypted with a key of all 1's). The results of the magic number encryption are concantenated into a 16 byte one way hash value. This value is the Lan Manager "password". A regular Windows NT password is derived by converting the user's password to Unicode, and using MD4 to get a 16 byte value. This hash value is the NT "password". So to crack NT passwords, the username and the corresponding one way hashes (Lan Man and NT) need to be extracted from the password database. Instead of going out and writing some code to do this, simply get a copy of Jeremy Allison's PWDUMP, which goes through SAM and gets the information for you. PWDUMP does require that you are an Administrator to get stuff out of the registry, but if you can get ahold of copies of the security database from another location (see Section 03-1) you can use those. Obviously from this point you can use one of several cracking utilities to perform either a brute force or dictionary attack on either the Lan Man or NT password. Several freeware products are available on the Internet. They include: Cracker Author(s) Compiles on... Notes ---------------- ------------------- --------------- ---------------------- c50a-nt-0.20.tgz Bob Tinsley Unix Dictionary cracker, a port of Alec Muffett's Crack 5.0 for Unix. lc15exe.zip Mudge and Weld Pond Unix, includes Best of the bunch, can from the L0pht GUI NT version do brute force very and DOS version quickly, also can use a dictionary. NTCrack.tar.gz Jonathan Wilkins Unix, includes Dictionary cracker, on NT version it's second revision. --------------------------------------------------------------------------------

if you can boot from a dos disk and access the hard drive delete the sam.log file

If only it were that easy Microsoft would be bankrupt from lawsuits now! That will not work. Re-install NT

Hello Dan.. To you have the full text of that NT security file on disk? Could you send it to me? I am a network technician and very interested in as much info as I can get.. I may have something interesting to trade as well. Lets chat.

http://www.jsiinc.com/reghack is a place you will find your answer. you can change the administrator password an any or all workstations easily and remotely without needing to know the original password, but you do need to be an administrator of the network to do it. check it out and search for your answer. alternatively why not log on as any user already assigned local admins and give yourself local admins. or create a new local admin account. if you cannot achieve any of these solutions then trying to hack such a password looks a bit ambitious.