Xatrix Security

[ManyPopes]

Hello, as you can most probably see I am new here. I thought I should post the most successful things I know about breaking RM Tutor 4.

Resetting an administrator password:
This is relatively easy, providing you have 5 minutes of time and from 1 - 2 usb sticks. Firstly, and most importantly you will need a linux based OS, I personally use Ubuntu for convenience in that I already have it on a usb stick. To intall Ubuntu, or other operating systems to a pen drive easily, you can use UNetBootin. Secondly, you will need a Windows password reset tool, chntpw. The reason to download this to your pen drive is because RM will not allow any internet connection to linux, I advise that you copy chntpw to a seperate pendrive than Ubuntu so that you can access it more easily later.

Now you have all that you need, boot into Ubuntu and double click on the system drive, under places, to mount your system drive. Go into your separate pen drive to chntpw.deb and double click it to install. Once that has installed, open the terminal and type:
cd /media/System/Windows/System32/config
sudo chntpw -u Administrator SAM
Now some information should pop up about the account, at the bottom is a menu with options such as "reset password", "promote user" etc. The reset password is the most straightforward and reliable so push 1 and hit enter. Remember to confirm this by entering "y".

The password should now be reset and the account usable.

Installing Applications Using Java File Manager
Very simply, java applications aren't blocked so java file manager works perfectly for copying items into c:\Program Files, where they will execute via a shortcut. You can use this for anything from running games to using process killers to end RM processes.

UNetBootin - http://unetbootin.sourceforge.net/
chntpw - http://mirrors.kernel.org/ubuntu/pool/universe/c/chntpw/chntpw_0.99.5-0+nmu1_i386.deb
Java File Manager - http://jfm.sourceforge.net/
(no [url] codes???)

[muto]

Booting into Linux will only reset the local account password - it won't touch the domain accounts, which are what you use to actually login. Unless your network is very badly set up, it won't allow local logins, so you will be unable to use this account. Also, if you're only going to be using chntpw, you might as well use a Linux distro that has it pre-installed, any of the security/sysadmin ones will have it, I like sysrecCD (which has a USB version), or TRK (likewise).

As for JFM, it's a useful trick - anything you copy to the C:\ drive can be executed through a shortcut (use a simple path) - but a normal user might not have permissions to write to certain places. Also, your link to JFM is the same as the one you provided to chntpw, the correct link is http://jfm.sourceforge.net/

[ManyPopes]

Ahh thanks. Fixed the link.

Yes it is only the local admin account but it's still quite useful. I'm wondering, if I put something inside %current user%\Appdata\blahblah\Startup would it save to the user's account startup folder? Or just to the local user files under C:\Users?

[muto]

It would only be saved to the local user, and might even get removed when the users logs back in from the domain - depending on the setup.

[Xcellerator]

If you school is stupid enough to have Firefox installed, then the Addon FireFTP allows copy access to the C:\ Drive.
Also, if you have access to the local admin account, you can run a program as administrator from your student account.

Alternative Method:
1. Boot up linux
2. Mount HDD with Windows on
3. Copy the files from: C:\Windows\System32\config
4. Use a program like Cain or another SAM cracker to crack the password

(This way you don't have to reset it)