EH-Net

I really hope I've come to the right place. I referred a client to ZT Systems to buy a server for tehir practice. It needed to be shipped and in the door by yesterday 9-5-09 so the It guy could set it up as an application sever that has to be completed by Tuesday, the day after labor day so the vendor for the 3rd party application can setup the server for their app. Thiis a 10k sever for 100 users so I'm assuming you know just how important this could be. Anyway, the sever arrived and when we finally opened last night the OS was installed with a admin account setup but no password has been supplied? I know there are plenty of ways to bypass the login screen and setup a new password in most cases but here is where THE GOOD IS SEPERATED FROM THE BEST in terms of security knowledge. The server is running Windows Server 2008 64 bit, Raid controllers Lsi, so most small apps that will allow you to bypass the login screen don't work when your using Raid controllers and 64 bit version.
Can anyone tell me if there's a way to bypass the 2008 login screen to get to our admin password with this type of hardware setup? It's going to end up a lawsuit if we don't find a way to resolve this. Just in case you're wondering. yes we have tried to contact them in every way possible but have had no luck. So now I am hoping someone has the knowledge to help.  Please advise if you can.

Brad

Initial thoughts:

1. Plan better. Saturday delivery on a holiday weekend for a mission critical system due on the first day back from that holiday? Add in the fact that on ZT Systems site, it clearly states, "Call (888) 984-8899 Servers: Call 201-559-1064 Monday through Friday, 9-6PM EST." Also, don't let those doctors dictate what happens on an IT project.
2. If it's a new box and you can't even log on for the first time (and therefore no data is yet on it), then simply re-install the OS and set your own password.
3. Read this thread (http://www.ethicalhacker.net/component/option,com_smf/Itemid,54/topic,4572.0/).

Hope this helps,
Don

PS - How did you find us?

Brad,

Don beat me to it with some better links, but my original post was going to be:

There are several ways to bypass authentication if you've got physical access to the box. Recently KonBoot (http://www.ethicalhacker.net/component/option,com_smf/Itemid,54/topic,4041) is getting a lot of good press, and I've had plenty of success with it in practice.

Hope this helps.

Before you get too crazy, have you tried default passwords, like "password" or the name of the company that sold it to you?  Typically though, Windows 2008 Server is installed so that the minisetup is forced.  At the end of the minisetup, Windows 2008 Server forces to reset the password.   

Thank you all for your help. I understand the logistical issues but the events that were set in place and then handed off to me is something that everyone on this forum has experienced at least once in their career.lol. If you've never had a project where everything went wrong and was beyond explanation, after you've got many years of experience under your belt, you've been lucky. So I'll spare you the drama.

Thanks for the KonBoot link. We've tried a few apps like this but the server being 64 bit and Raid has made all our attempts fruitless. And yes we've tried just about every default or logistical password you can think of. The password convention really does a good job in complicating simple default guesses.

I'm going to pass on Kon-Boot to him and report back. Thanks a lot everyone.

Brad

Let us know how you get on with Kon-Boot. In my experience it works fine with hardware Raid controllers, but fails with software Raid implementations. I'd be interested to know if this is true beyond the limited amount of hardware I have been able to test.

Sounds good and I will.  Here's what we had them build. So that's what it will be tested against.

INTEL Quad Core Server                                   

XEON E5440(QuadCore) 2.83G 12M 1333 BX80574E5440P

SM X7DVL-E 5000V 24GFB-D 6xSATA V/R5/2GbL RTL  MBD-X7DVL-E-O

12GB 667MHZ ECC REG                                                                   

Seagate 146GB SAS 15K ST3146356SS

Seagate 600GB 15K 3.5" 6G/SAS ST3600057SS

SuperMicro 650W X7/PD 8SAS/SATA BLK 4U/TOWER

SuperMicro 4 U RACK MOUNT KITS

SONY 20X DVD+/-RW

LSI 3GB 4PORT SAS/SATA ROC RAID SAS

LSI Logic LSIiBBU06 RAID Controller Battery

Microsoft Windows Server 2008 Standard with 100 user licence

3 YEAR PARTS AND LABOR WARRANTY
 
I'll let you know how it goes ro see how it measures up.

Brad

The It guy  that has the server at home said that Kon-boot sais it's for 32 bit only but he's going to give it a try anyway and hope somehow it works on a 64 bit server. Just in case it doesn't work does anyone know of any other solutions?

Thanks,
Brad

Well....Back to square 1. Kon-Boot didn't work, it just hung up on boot. The issue is that it's 64 bit.  Thanks though.  If anyone else has any other idea I'm open.

Thanks,
Brad

Brad,

According to this:

http://home.eunet.no/pnordahl/ntpasswd/walkthrough.html (http://home.eunet.no/pnordahl/ntpasswd/walkthrough.html)

Peter Nordahl's password reset disc works with Vista x64.  Server 2008 is fairly similar.  I think that it's worth a try.

If that doesn't work, maybe you will have some luck with the Firewire DMA hack.  I have had quite a few issues with this hack on Vista, but I have gotten one or two machines to work.

http://blog.security4all.be/2008/03/unlock-windows-pc-without-password.html (http://blog.security4all.be/2008/03/unlock-windows-pc-without-password.html)

Two things we've done in the past at work (xp and S2003), was use Trinity Rescue Kit (trk), and Knoppix 5.1. TRK might be easier, I've had it work on 64 bit and 32 bit systems.

TRK's user guide says how to use it to reset admin password. There are guides out there (google is good) on how to use a Linux Live CD to reset a window admin password.

Ketchup is the man. Your last tip worked perfect. We were literally thirty minutes from having to wipe the server, reinstall the OS, Find and install all the drivers (yeah we didn't get those either yet,) and then do all the customizations that we paid them to do already. Next would have been a pretty bad phone conference. So you really helped us.
In the future if you get your server with the admin account setup and the password isn't available on a holiday weekend, and you're on a intense dealine, use Ketchup's advice:
"Brad,

According to this:

http://home.eunet.no/pnordahl/ntpasswd/walkthrough.html

Peter Nordahl's password reset disc works with Vista x64.  Server 2008 is fairly similar.  I think that it's worth a try."

That's when you're running Windows server 2008, and a 64 bit system.  Thanks again man.

Brad
T

Brad, I am glad it worked.  I hate reinstalling OS on servers.  It's a complete pain finding all the drivers and retuning all the settings.

Now might be a good time to check for any additional user accounts or 'value addes' software installed by the vendor.  :)

Jimbob