On Thu, May 24, 2001 at 10:53:18PM -0500, Dave Sherohman wrote: > On Thu, May 24, 2001 at 10:21:08PM -0500, Florin Iucha wrote: > > On Thu, May 24, 2001 at 07:01:13PM -0700, Munir Nassar wrote: > > > there is a linux bootdisk that has NTFS support and > > > you can use this floppy to "recover" windows > > > 2000/NT4/NT3.51 Administrator passwords... talk about > > > sloppy security! > > > > Not to nitpick too much here but with a boot/root linux disk I can do that too > > with your Linux box. > > Not to nitpick too much, but it may not be the same thing, depending on what > Munir meant by "recover". With a linux boot floppy, you can _reset_ the root > password, but you still can't find out what the existing password is (which > is what I take "recover the password" to mean). Well, You already started: if you _are_ root on the box you can fetch /etc/passwd, /etc/shadow and feed them through seti at home and get the plain password. The idea of using Seti at Home just spring to my mind - are you sure all your computing time is going to find little green guys? What if somebody at UCB "modified" some clients to do some usefull work? > Discovering the existing password is far, far worse. Not only is it not > obvious to the box's legitimate owner, they may have used the same password > on other systems, which you now have access to also. Fortunately, it's not > too difficult to make this effectively impossible these days. Worse, but doable. florin -- "you have moved your mouse, please reboot to make this change take effect"