Windows Administrator “Lost Password” / “Password Reset”

KB ID 0000159

Problem

You have forgotten your password, or the administrators password fo your Windows machine.

Note: You can also ‘Blank’ or reset the DSRM (Directory Services Restore Mode) password on a Domain Controller (Tested on 2012 R2, by blanking the password). Using this method.

Lost Password : Fix

Lost Password Software Download Links

Password Reset CD Image (3.5Mb) Note: This is a .iso file – you need to burn it as an image! Simply dropping this file on a CD will NOT work.

WARNINIG – If your drive has been encrypted with Windows Bitlocker this procedure will not work!

Related Articles, References, Credits, or External Links

Windows 8 – Lost / Forgotten Password?

Windows – Lost / Forgotten Password?

KB ID 0000755

Problem

There are many reasons why you might want to do this, someone has managed to change a user password and that person is not available, you might simply have forgotten it. Or you might have been given a machine, or bought one from ebay that has come without a password. Also there have been a few times when a user has looked me in the eye and said “I’m typing my password in, but it’s not working”, I have never seen a password change on it’s own, so I will just put that down to the evil password gremlins.

The procedure will also work on the Windows local administrators password, just bear in mind that his account is disabled by default, (after Windows 8). This procedure will not work if the machine in question has had its hard drive encrypted using BitLocker.

You can use this procedure to blank, (or reset) a Domain Controllers DSRM (Directory Services Restore Mode) password.

You can avoid this procedure if you have access to another account on this machine that has administrative access. If you can log on as an administrator, then you can change the password of other local accounts on the affected machine without the need to do this.

Solution

How to Burn the ISO Disc Image

1. Download the Password Reset CD Image.

2. Download ImgBurn and install, Launch the program, if it does not look like this you need to select View >EX-Mode-Picker. Select the ‘Write image file to disc’ option.

2. The file you downloaded is a zip file that contains the disk image, you will need to extract the image from the zip file (i.e. drag it to your desktop). From within ImgBurn launch the browse option and navigate to the disk image you have just extracted > Open.

3. Select the burn to disc icon (Note: This will be greyed out, until there is a blank CD in the drive). The image is very small, it will not take long to burn.

Carry Out a Windows 8 Password Reset.

This procedure uses the boot CD you have just created, for it to work you need to make sure the machine will attempt to boot to its CD/DVD Drive before it boots to its hard drive. (Or it will simply boot into Windows again). This change in ‘Boot Order’ is carried out in the machines BIOS, how you enter this varies depending on machine vendor, when you first turn on the machine watch for a message that looks like Press {key} to enter Setup. Typically Esc, Del, F1, F2, or F9. When in the BIOS locate the boot order and move the CD/DVD Drive to the top of the list.

1. Boot your machine from your freshly burned CD, when you see this screen simply press {Enter} to boot.

2. Depending on how many disks/partitions you have it will discover them and assign a number to each one, here I only have 1 so I will type ‘1 {Enter}’.

Note: You may see a small 300Mb partition, ignore that. You may also see your machines recovery partition if it has one, if that’s the case you may have to carry out some trial and error to get the right one.

3. The system is set to look for the default registry location C:WindowsSystem32Config so simply press {Enter}. If it fails at this point you selected the wrong drive/partition.

4. We want password reset so select option 1.

5. We will be editing user data and passwords, so again select option 1.

6. You will be presented with a list of the user objects that it can locate, here I want to reset the password for the ‘PeteLong’ user object so simply type in the username you want to edit.

Note: As mentioned you can see here the administrator account is disabled, if you want to work with that account, you will need to unlock and enable it on the next screen before you blank or change the password.

7. You can choose option 2 and type in a new password, but I’m going the blank the password, then change it when I get back into the machine by selecting option 1.

8. To step back you need to enter an exclamation mark.

9. Enter a ‘q’ to quit.

10. To write the changes you have made enter a ‘y’.

11. As long as you are happy, and have no other accounts that need changing, enter ‘n’.

12. Now remove the boot CD, and press Ctrl+Alt+Delete to reboot the machine.

13. As the user object we are dealing with was the last one that has logged on, it will select that account as soon as the computer boots, and now it has a blank password it will automatically log on.

14. To change the password, press Ctrl+I > Change PC settings.

15. Users > Create a password.

16. Type and confirm your new password, and enter a password hint > Next.

17. Log off the account and test the new password.

 

Related Articles, References, Credits, or External Links

NA

Windows – Backing up, Transferring, and Restoring Wireless Network Settings

KB ID 0000626

Problem

If you have a machine setup and working on your wireless network, sometimes it’s easier to set other machines up by simply migrating the settings. Either because you don’t want your child to try and type in a 64 bit WPA key, or you might simply have forgotten the WEP/WPA key,and don’t want to go through all the hassle of setting it up again.

In a small business environment you can give your colleagues their wireless settings in an XML file, or on a USB thumb drive. When using XML files you can even script the deployment of wireless settings to your users.

Solution

Option 1: Export/Import wireless Networks to XML File.

This is quick and easy, and if you are feeling adventurous enough, could be used to script the deployment of wireless networks.

1. On your working wireless machine, open a command window, the following command will list all the wireless profiles that are installed on this machine, )in the example below there is just one).

[box]netsh wlan show profiles[/box]

2. Now we know the name of the profile (Note: Typically it will be the SSID), we can export it to a folder. Be aware if the folder does not exist, the process is liable to fail.

[box]netsh wlan export profile name={profile name} Folder=c:{folder name}[/box]

3. This will produce an XML file, containing the settings.

4. Copy the folder containing your XML file to the destination machine, and issue the following command;

[box]netsh wlan add profile filename=”c:{folder name}{file name}.xml”[/box]

5. Your wireless profile will be restored.

Option 2: Export/Transfer/Import wireless Settings via USB.

1. On the source machine open ‘Control Panel’.

2. Select ‘Network and Sharing Center’.

3. Select ‘Manage wireless networks.

4. Locate the wireless profile you want to migrate, (in the example below there is just one), double click it > select ‘copy this network profile to a USB flash drive’.

5. Assuming you already have a USB drive plugged in, the wizard will detect it > Next.

6. Close.

7. Take the drive to a destination machine, and plug it in, Windows 7 has autorun disabled, with older versions of Windows you can simply choose ‘Connect to wireless network” from the autorun menu. If not open the drive and run the setupSNK.exe file.

8. Yes to confirm.

9. OK to close.

10. Your network is setup and ready to go.

Related Articles, References, Credits, or External Links

NA

Windows – Export / Recover WEP and WPA Wireless Keys

KB ID 0001015 

Problem

If you need to connect to your wireless network with a new machine and have forgotten the key, you can view the WEP or WPA key in cleartext using the following procedure on a machine that has connected before.

Solution

1. First launch PowerShell, ensure you ‘Run as administrator‘.

2. To show all the wireless profiles stored on this machine, issue the following command;

[box]

netsh wlan show profiles

[/box]

3. From the output above, the wireless profile I want the key for, is called SMOGGYNINJA-N. Note: This is the same as the Wireless networks SSID. To view the wireless key in clear text use the following command;

[box]netsh wlan show profiles name=”SMOGGYNINJA-N” key=clear[/box]

You can also export the profile from one PC to another one, (so you don’t have to enter the key on the new PC), with the following two commands.

To Export a Wireless Profile

[box]md c:WiFi
netsh wlan export profile “SMOGGYNINJA-N” folder=c:Wifi [/box]

To Import a Wireless Profile

Copy the WiFi folder you created in the step above, to the new PC/Laptop. Then execute the following command. Note: Change the section in red to match the path to your XML file.

[box]netsh wlan add profile filename=”c:WiFiWi-Fi-SMOGGYNINJA-N.xml” user=current[/box]

Related Articles, References, Credits, or External Links

Hacking Wireless WEP Keys with BackTrack and Aircrack-ng

Cisco Catalyst Password Recovery / Reset

KB ID 0000496 

Problem

The title is a bit of a misnomer, we are not going to recover the password, we are simply going to change the password to one we know.

Solution

Note: This procedure works on models, 2900, 2940, 2950, 2955, 3500XL, and 3550. Before you start connect the the device with a console cable and terminal emulation software, the procedure is the same as the one I’ve outlined here.

1. Power the switch off >press and hold the “Mode” button > Power on the switch.

2. For 2900, 3500XL and 3550 Switches release the mode button when the 1x LED light goes out (all the other port lights will remain lit). For a 2940 and 2950 Switch release the mode button after the “Stat” LED goes out. For a 2955 switch press CTRL+BREAK.

3. On screen you should see the following.

[box]

Base ethernet MAC Address: 00:0b:be:78:a2:00
Xmodem file system is available.
The password-recovery mechanism is enabled.

The system has been interrupted prior to initializing the
flash filesystem. The following commands will initialize
the flash filesystem, and finish loading the operating
system software:

flash_init
boot

[/box]

4. Type “flash_init” then when it has ran type “load_helper”

[box]

switch: flash_init
Initializing Flash...
flashfs[0]: 18 files, 3 directories
flashfs[0]: 0 orphaned files, 0 orphaned directories
flashfs[0]: Total bytes: 15998976
flashfs[0]: Bytes used: 4386304
flashfs[0]: Bytes available: 11612672
flashfs[0]: flashfs fsck took 17 seconds.
...done Initializing Flash.
Boot Sector Filesystem (bs:) installed, fsid: 3
switch: load_helper

[/box]

5. Next we need to make sure that the config.text file is in flash memory type “dir flash:”

Note: don’t forget the colon on the end or it will error and say “Permission Denied”.

[box]

switch: dir flash:
Directory of flash:/

2 drwx 192 <date> c3550-i9q3l2-mz.121-11.EA1a
17 -rwx 255 <date> info
18 -rwx 255 <date> info.ver
19 -rwx 5448 <date> config.text
20 -rwx 5 <date> private-config.text
21 -rwx 2364 <date> vlan.dat

11612672 bytes available (4386304 bytes used)

[/box]

6. We are now going to change the name of the config file so when the switch boots it will start with no configuration, then we can boot the switch.

[box]

switch: rename flash:config.text flash:config.backup
switch: boot

[/box]

7. Eventually when the switch boots it will ask if you want to configure it, say no.

[box]

Model revision number: G0
Motherboard revision number: A0
Model number: WS-C3550-24-SMI
System serial number: CAT0650Y1VR

--- System Configuration Dialog ---

Would you like to enter the initial configuration dialog? [yes/no]: no

[/box]

8. At this point we can go to enable mode, change the name of the config.text file back again, and load it into memory (press Enter to accept the default filenames).

[box]

Switch>enable
Switch#rename flash:config.backup config.text
Destination filename [config.text]?
Switch#copy flash:config.text system:running-config
Destination filename [running-config]?
5448 bytes copied in 0.728 secs

[/box]

9. Finally you can remove the password, and reset it to whatever you want, and save the new config.

[box]

HostName#conf t
Enter configuration commands, one per line. End with CNTL/Z.
HostName(config)#no enable secret
HostName(config)#enable password thisisthenewpassword
HostName#wr mem
Building configuration...
[OK]
HostName#

[/box]  

Related Articles, References, Credits, or External Links

Cisco ASA – Password Recovery / Reset

Cisco PIX (500 Series) Password Recovery / Reset

Cisco Router – Password Recovery /Bypass