Mark Minasi's Tech Forum
Register Calendar Latest Topics
 
 
 


Reply
  Author   Comment  
Pieter

Avatar / Picture

Senior Member
Registered:
Posts: 215
Reply with quote  #1 
Just found this one:

net.exe user Your_Local_User_Name /random     
   => changes the PW with a random string

net.exe user Your_Local_User_Name /random:35
   => changes the PW with a random string of 35 characters

__________________
Pieter Demeulemeester
0
jsclmedave

Administrator
Registered:
Posts: 460
Reply with quote  #2 
Can you actually SEE the PW?

If not why would you do this?

__________________
Tim Bolton @jsclmedave
Email: [string](0..20|%{[char][int](32+('527377347976847978324785847679797514357977').substring(($_*2),2))}) -replace ' '  

New to the forum? Please Read this
0
donoli

Senior Member
Registered:
Posts: 598
Reply with quote  #3 
I tried in on an old XP box. I created a user first since I didn't want to get locked out. It definitely changes the password. I didn't see the new password. It looks malicious if someone where able to get a remote shell using metasploit. They could cause the owner to have clear the password. I'm not sure of the exact permissions that would be needed but I imagine that limited users wouldn't be able to do it. There are plenty of NT password reset boot discs that can be downloaded to clear the password, if you get stuck.
0
Pieter

Avatar / Picture

Senior Member
Registered:
Posts: 215
Reply with quote  #4 
>> Can you actually SEE the PW?
Yes.
minasi.png 

And with some scripting it I've managed to put the password on the clipboard so I can easilly paste in the our password database.

>> There are plenty of NT password reset boot discs that can be downloaded to clear the password, if you get stuck.
I agree. This one is not meant as a recovery.
It is just an easy way to set a password, for instance after installing a new OS. So not every local Administrator on each OS has the same password copied from the image.


__________________
Pieter Demeulemeester
0
donoli

Senior Member
Registered:
Posts: 598
Reply with quote  #5 
It didn't echo the password on the old XP box until I piped it to echo & ran it again.
0
Previous Topic | Next Topic
Print
Reply

Quick Navigation:

Easily create a Forum Website with Website Toolbox.