Cold shower for a hot friend
So, we have established that the task of cooling the processor should be solved regardless of how the other elements are cooled. And the ways to solve it have long…

Continue reading →

Baba Poker
Mobility Radeon от ATI
There is nothing surprising in the fact that the new Mobility Radeon is developed on the basis of the latest ATI graphics chip for desktop systems - Radeon VE, which,…

Continue reading →

Hero of our time
The FAST MULTIMEDIA company already known to us was one of the first to offer a rather professional, but affordable solution - FAST DV MASTER based on the SONY DVBK-1…

Continue reading →

Alternative download

So, users have the minimum privileges necessary for work. But if after installing the OS they forgot to disable the ability to boot from removable media: floppy disks or CDs in BIOS Setup, then getting the local administrator name and password by booting from an alternative OS is not a problem.

The source of information for this is the Security Account Manager database file. If on Windows 2000 domain controllers the hash codes of user passwords are stored in an encrypted form in the Active Directory directory service database, then on workstations and servers the location of the hash codes remains, as in previous versions of the OS, in the sam file, which is located in the folder C: Winntsystem32config. Access to this file during operation is blocked by the system, but when booting from an alternative OS, this lock does not work. And to get full access to the system, just delete this file! In this case, the password of the local administrator will be reset, and all user budgets of the local system will be deleted and the access lists of the NTFS file system will be lost.

But if you need to implement a more elegant attack without attracting the attention of IT staff? There are also such opportunities.

Passwords in the Window system are not stored in clear text. Moreover, in Windows NT 4.0 and Windows 2000 passwords are encrypted in a fairly reliable way. However, for compatibility with other network clients (Windows 95, Windows for Workgroup, Lan Manager), along with the hashed Windows NT password value, the hashed password value in the Lan Manager standard is stored in the SAM database. This password is much less resistant to cracking. As a rule, it is he who is exposed by widespread programs.

In Windows 2000, the task of unrecognized geniuses is complicated by the fact that, unlike Windows NT 4.0, the sam file is encrypted by default using the new SYSKEY algorithm. Therefore, an attempt to copy a file, and then obtain password hashes from it and crack them using the well-known utility LOphtcrack (LC4 version is now available), as it easily happened in Windows NT 4.0, will fail. But, as you know, what one person did, the other can always break. And here is the chntpw utility written by Peter Nordal-Hagen, which allows you to change user passwords stored in the sam file. But anyone will ask right there, what about encrypting password hashes with a 128-bit SYSKEY utility key? How can I change my password without knowing the key? Peter Nordal-Hagen found out how to disable this protection. But this is not all – he solved this problem even easier – he did not break the wall, but simply walked around it! It turns out that when you add hash codes generated by the old algorithm to the sam file, they are not considered invalid, but are automatically encrypted when the system is rebooted. The chntpw utility removes the encrypted password hash of the desired user from the sam file, asks for a new password, generates a hash code using the old learned algorithm, and writes it to the file. It only remains to reboot and register in the system with a new password! Moreover, Peter Nordal-Hagen offers not only a utility, but also a bootable floppy disk with Linux OS, which is specially configured to connect Windows NT / 2000 system disks and change the administrator password.

The problem of resetting the local administrator password can be solved using the SYSKEY utility. To do this, just change the default SYSKEY key usage mode. By default, the key used to encrypt the hash functions of the SAM database is stored in the registry in the clear. You need to change this setting so that it is additionally locked with a password or export it to a floppy disk.

The only effective way to deal with the chntpw utility is to provide physical security for workstations by disabling boot mode from removable media in the BIOS, closing the BIOS Setup password and blocking the computer case from unauthorized access to prevent BIOS reset.

Athlon XP: Awaiting 64-bit Architecture
On April 22, AMD announced a server version of its 64-bit Opteron processor. Unfortunately, the server version was announced. In addition, most likely at the beginning the 64-bit platform will…

...

I love the heat at the beginning of the year!
Finally, winter has come. The time has come when it is necessary to seriously think about cooling computers. In magazines, the topic of computer cooling is raised, as a rule,…

...

MAX + plus II: FPGA Integrated Digital Device Development Environment
The general tendency for the development of the element base of digital circuitry, starting with the appearance of the first integrated circuits in the early 60s to the present, is…

...

Comparison of motherboards supporting the new memory standard PC2100 (DDR266)
AMD processors have long gained popularity among computer users due to their high performance at low cost. Therefore, it is understandable that new motherboards for AMD processors will appear on…

...