• (cs) in reply to NutDriverLefty
    NutDriverLefty:
    Code Dependent:
    I've forgotten... is a shitload more or less than a crapton?

    Bigger than an Imperial crapton, smaller than a Metric crapton.

    Shouldn't that be a metric craptonne?

  • OldCoder (unregistered) in reply to pitchingchris
    pitchingchris:
    I'm no expert on NT4, but I'm sure he could have got a CD burner working with a lot less trouble. Not as portable as a USB pen drive, but would have easily gotten the data and then they can copy it to the pen drive with a laptop

    Good luck finding a CD burner these days. I don't think DVDs were about when NT4 was in mainstream use, and I don't think an unpatched NT4 would recognise one if you plugged one in. I ran NT4 back in the day, and I had a CD burner on the box... it was a SCSI drive, there weren't many IDE burners available back then. I think I've still got it in a box somewhere.

  • (cs) in reply to Captain Oblivious
    Captain Oblivious:
    The real wtf is that it's spelled NUCLEIDE and none of you dumb shits noticed.
    http://en.wikipedia.org/wiki/Nuclide and I beg to differ.
  • Marvin the Martian (unregistered) in reply to Captain Oblivious
    Captain Oblivious:
    The real wtf is that I think it's spelled NUCLEIDE and none of you dumb shits made the same error .
    FTFY.

    http://en.wikipedia.org/wiki/Nuclide

    Ok, I admit I had the same idea immediately while reading it, and I suspect for the same reason --- it's spelled with the extra E in many non-English languages. But hey, no reason to be a dick like you.

  • Not even an IT guy (unregistered)

    The case probably had a tampering switch, had he opened the case he really would have been in trouble, I don't think that there is a Linux app that will crack a BIOS password, is there?

    Also, the subtitle for this site is "Curious Perversions in Information Technology" NOT "Completely Riveting Story Every Day so I Can Waste an Hour of My Employers Time Reading the Story and all of the Comments."

  • petere963 (unregistered) in reply to bigbird

    I worked on an application where I was told "the administrator password" is secret.

    "Yes, I would expect it to be - but can you tell me what it is, or type it in for me?"

    "Just type s-e-c-r-e-t" - yes, the password really was 'secret' !

  • simpler way (unregistered) in reply to petere963

    ummmm... instead of messign around like that, couldnt he have just pulled the hard disk out and inserted into another PC to get at the files?

  • (cs)

    He never explained the real WTF... why these people apparently expected a detector to open files.

  • y0da (unregistered) in reply to petere963
    petere963:
    I worked on an application where I was told "the administrator password" is secret.

    "Yes, I would expect it to be - but can you tell me what it is, or type it in for me?"

    "Just type s-e-c-r-e-t" - yes, the password really was 'secret' !

    root pw on my schools main firewall was also "geheim" (which means "secret" in german)

  • anon (unregistered) in reply to Anon
    Anon:
    Consider, just for a moment, only the broken contaminated sign. If that sign were in an industry setting, all work would stop in the area, the sign would have to be fixed/replaced immediately, and no-one would be allowed in the area until it was.

    That's a good thing. The business world has a lot of dumb practices that impact productivity, but ensuring that an alarm system like that is WORKING is pretty important.

  • Paasword (unregistered)

    Machines here the users have passwords ad the admin accounts are blank...

  • Kind Responder (unregistered) in reply to simpler way
    simpler way:
    ummmm... instead of messign around like that, couldnt he have just pulled the hard disk out and inserted into another PC to get at the files?
    From the article... "Well then," Michael countered, "would you mind if I 'cracked the case' and take the hard drive back to the office and..."

    You may want to read the full article.

  • No U (unregistered) in reply to You what?

    Umm, by the sound of the story those are computers in a company/school office. And in many places the information you enter, be it a document, a password, or an email are property of the company/school office in question.

    Now settle down and stop using the same password for your bank account as you do for your work and you will be fine.

  • No U (unregistered) in reply to You what?
    You what?:
    tin:
    ATimson:
    Windows 95 had USB support added in OSR2.1--that is, OEM Service Release 2.1, meaning that you had to buy a new machine to get that support.

    I'm fairly sure the update was also available on the interwebs... Of course back then it was probably cheaper and easier to just buy the new computer anyway.

    Anonymous Hacker:
    From what I remember, NT4 only used LM hashes, so passwords are case insensitive and are hashed in two 7 character blocks. Brute force cracking is quite fast :)

    Sure is fast. Some passwords come up in a matter of seconds. I remember trying it with our school's staff accounts way back... Of the 30 or so accounts, I think I had about 10 in seconds, another 10 within about half an hour, and all but 2 by the end of the day. The 2 remaining were easy to get though - one was mine, and the other was the principal's, who I simply asked what it was. And yes, I worked for the school doing IT and I had a reason to do it. I needed to recreate all the accounts in LDAP on a new server with as little interruption as possible.

    There is no reason to hack passwords so as to have '..as little interruption as possible.' AFAIK Hacking a password (at least an account password - not sure on whether hacking a password-protected document is quite the same) without someone's knowledge is illegal in most parts of the world (certainly these days it's a breach of Data Privacy law).

    It doesn't matter that you did it to simplify something, or with good intention. If I found that admins at my work had done (or even tried to do) similar, there would be some lawyers asking questions quick smart.

    oops: Umm, by the sound of the story those are computers in a company/school office. And in many places the information you enter, be it a document, a password, or an email are property of the company/school office in question.

    Now settle down and stop using the same password for your bank account as you do for your work and you will be fine.

  • . (unregistered)

    There is no WTF here. We did not come to read random IT stories; we came to read random IT failures.

  • a nonny mouse (unregistered) in reply to cjmac

    Hey guys! I'm so fucking l337 and experienced that is physically impossible for me to enjoy an amusing tech support story! Because I deal with laser dragons every day and am far far superior, I must apprise everyone of how banal this story is, rather than just leave!

  • (cs) in reply to Gary Olson
    Gary Olson:
    Felix:
    RS232.

    Easy, primitive, robust.

    I like it.

    Absolutely. If this is a data collector for a piece of equipment, you can bet the serial and parallel ports are configured and working. Some kermit or the native Zmodem serial transfer on NT would have been my first choice. But, if the tech had only a "netbook" and not a notebook, serial is not an option. Unless you are truly prepared with an expensive USB to DB9 serial cable.

    http://www.geeks.com/details.asp?invtid=HCOMB&cpc=SCH $8.50 and includes "everything except the kitchen sink". No idea if it supports Linux, but at that price... who cares? buy two and reverse engineer one.

  • NutDriverLefty (unregistered) in reply to Strawberry Blonde
    Strawberry Blonde:
    NutDriverLefty:
    Code Dependent:
    I've forgotten... is a shitload more or less than a crapton?

    Bigger than an Imperial crapton, smaller than a Metric crapton.

    Shouldn't that be a metric craptonne?

    Depends on which side of the Atlantic you're on (onne?). :-)

  • cj (unregistered) in reply to Tzafrir Cohen
    Tzafrir Cohen:
    cracking the password takes time.

    Resetting it is dead-simple.

    http://search.yahoo.com/search?p=reset+NT+admin+password

    i came in to say this. this wasn't a case of needing to preserve the current admin password, so a reset should have been the goto less than 5 minute solution.

  • Layzorz PewPew (unregistered) in reply to valerion

    Well, I enjoyed the WTF.

    Just finished something similar - an old 2000 box hooked up to a special UV imaging somethingorother. The device hooked up to a 4MB PCI video card that had a VGA and parallel (yes, like for printers) on it. The VGA port went to a CRT monitor, the parallel port went to the UV camera.

    It also had a PCI card that hooked up to the PSU to deliver a bunch of voltage out a COM port that wasn't really a COM port but a "fry anything you plug into it" port. This was obviously the best way to provide power to the UV camera.

    To ensure this garbage worked, the box was custom built by the manufacturer of the camera - computer and UV imager sold together. But, the motherboard and hard disk were dying, the driver floppies were lost, and the company wouldn't answer their tech support line.

    I ended up transplanting all of the hardware into a "new" PC. I lifted an image from the Windows 2000 box using ImageX on a PE disc and applied it to the new computer. Since the new box was ACPI and the old box wasn't, I did a repair install of Windows 2000 and it magically worked.

    Thankfully, no third-party encryption.

    Long story, but, yeah. It's all sorts of entertaining when stuff like that happens.

  • Anone (unregistered) in reply to acid
    acid:
    Oh, and Alex, FFS mate, get some tree based forum software for this site like the rest of the planet has. Surely one of your sponsors has something that would suffice?

    Maybe he doesn't want the no-doubt majority of commenters which are physically repulsed by those horrifically reader-unfriendly things to leave in droves?

  • J K (unregistered)

    ... However, there was a problem with the admin’s suggestion - Michael had attended the professor's funeral two weeks earlier.

    Having neither a Ouija board nor a shovel..

    The most hilarious thing I have read in a couple of weeks.

  • Anonymous (unregistered) in reply to cj
    cj:
    Tzafrir Cohen:
    cracking the password takes time.

    Resetting it is dead-simple.

    http://search.yahoo.com/search?p=reset+NT+admin+password

    i came in to say this. this wasn't a case of needing to preserve the current admin password, so a reset should have been the goto less than 5 minute solution.

    I always encourage resetting passwords when the filesystem is encrypted with the password. Don't you?

  • Reader (unregistered)

    A parallel port external zip drive would probably do the trick, also a parallel or serial crossover cable as has already been mentioned.

    BTW, floppy disks are fairly reliable if reasonably cared for, even if you like to label things as "legacy".

  • (cs)

    He brute forced a 12 character alphanumeric password over night on his personal computer?

    That sounds like outright bullshit.

  • (cs)

    Apparently Michael didn't know about the widely documented (unpatched) NT4 exploit that can make any user local admin without breaking a sweat? :)

  • AndyC (unregistered) in reply to Anonimuos
    Anonimuos:
    At some point basic USB volume support was added to NT 4.

    No, it really, really wasn't. Some manufacturers provided NT4 support for their USB devices, but it basically relied on them providing the entire functionality of the USB stack (or more likely, enough for what they required) in the driver. Windows 95 (kind of) got USB support later, but 95 was a very different beast to NT.

    This meant that if you were really lucky and running the right NT service pack (which wasn't always the latest) you might get a single USB device working with considerable amounts of effort. And given how often NT4 service packs broke things, it'd have taken a brave or, more likely, stupid IT guy to try updating a system like that.

    Personally I remember much celebration the day we finally got rid of the last NT box from our university department. I'm sure we'll have a similar reponse the day we get rid of our last Win2000 machine too....

  • Lazarus Marat (unregistered) in reply to Lupus.Umbrae

    Just for the record here and I know these replies are rather old but I seen this and just had to correct it. Windows NT was out while general consumers were able to get the new Windows 3.0 and Windows for Workgroups 3.11

    NT initially was a project started in cooperation with IBM and Microsoft. It wasn't called NT though. Then there was some kind of falling out between Microsoft and IBM (I don't recall if I ever knew what happened actually) and Microsoft eventually came out with what they called NT and IBM came out with OS2, OS/2, OS 2, whatever.

    Here's a funny, NT supposedly meant New Technology. Later, maybe around NT 4 or maybe it was even during the release of Windows 2000, the CD's were marked as: Built on NT Technology. I always love it when companies forget what their own abbreviations mean!

    This same type of thing (abbreviations) happened with the agency I work for. They are originally called South East North Dakota Information Technology or SENDIT. Years later they started branding themselves as SENDIT Technology Services because everyone at the time had forgotten what SENDIT stood for, it had just become a common name for our organization. :-)

  • xxmagus (unregistered) in reply to savar
    savar:
    He brute forced a 12 character alphanumeric password over night on his personal computer?

    That sounds like outright bullshit.

    Not entirely out of the question, assuming you're ready to download several hundred megabytes' worth of rainbow tables. That may take a few hours. The cracking part? ~30 seconds, if that.

  • Duke Nukem (unregistered) in reply to spike
    spike:
    When i was much younger, I remember trying zip up and span Duke nukem 3d, onto 5 disks. I never had a set unzip properly, there were always problems.

    Really? It came on two or three disks (depending on when/where you got it).

Leave a comment on “The Dead Guy's Password”

Log In or post as a guest

Replying to comment #:

« Return to Article