Bad for security, good for me
So I'm trying to get a computer set up for a new employee coming in on Monday. We're giving her the computer that was used by the person she's replacing, only no one bothered to get the login for the machine before the last girl left. I tried unsuccessfully to access the local admin account that was supposed to have been created on the box, and was about ready to cry. Then I remembered… "Ophcrack Live CD".
I'll have to do an ASK BRIAN about how Windows paswords actually work, but suffice it to say that by default Windows password security isn't all that great. That's normally bad, but in this case it was great for me. The ophcrack Live CD (http://ophcrack.sourceforge.net/) is a CD that boots the machine into a stripped down linux, examines the hard drive, and runs the data against a password cracking table. In short, put the CD in the drive, reboot the machine and in about ten minutes, it spits out any passwords it can find. In my case it spit out exactly the password I was looking for.
If there is good news for XP security, ophcrack wasn't able to decrypt the local admin password, which was made of much stronger stuff.
For a good discussion of password security and how to create a strong one:
RSS