WinXP Pro Admin Paswort changed "itself" RRS feed

  • Question

  • I learned yesterday, that my password for the "Admin" account has been changed. Apart from restricted user accounts, I have a second with administrative rights. So there's no problem accessing my machine and asigning a new password.

    However, I would very much like to find out how is such a password change possible.

    I hoped to find a hint to the cause if I cracked the mysterious "new" password. The method I applied (rainbow tables, 'ophcrack' ) would only work on weak passwords or under certain circumtances, but I was lucky: The password was set to a primitive "ad".

    I reason that this password change can't happen accidentally; someone might have spied my old password. Not by 'Ophcrack'; that never worked on any of my passwords, and no one had physical access to my PC.

    However, I implemented a VPN and Remote Desktop. I used both only once from a hotel and used the Admin user name and password for that. This log in has been the last access with my admin login data up to now and since then the password has been invalid, i.e. changed.

    I used a Windows Vista Home Basic for the VPN access. On the Windows XP machine as the server, except from the user 'Admin', two more users were allowed to make a connection by VPN: A user with restricted rights, 'joe', and a user, 'VPN-Benjamin', that was only created to login via VPN, but has no user account in the XP OS.

    That evening, I used the user 'Admin' and the user 'VPN-Benjamin'. These two had their passwords changed, to 'ad' and to 'ben', which I found by Ophcrack. The user 'Joe' that I did not use the evening, kept his password.

    This gives some vent to the hypothesis, that my data might have been eavesdropped that evening.

    The hotel provides a free network access to their guests; all share the same ISSD and the same password. I use it like any public network and set my network in Vista accordingly to 'public', so that my folders stay concealed.

    I first made the connection into the internet, and then logged into the VPN. The VPN is set to 'Private' network.

    If you consider the facts I gave here, do you find any hints on the reason why both passwords have changed, and to such primitive ones, too?

    I'd appreciate any qualified hints. Maybe you spot a blunder I made?


    Saturday, July 31, 2010 12:06 PM

All replies

  • I never read full story what you have told in the above, but I would like to say that we can easily change passwords of any account in windows OS by simple command work. To do that, we just need to only Command Prompt and don't need any old password to change it. I think it can help you to figure out how the password changed.



    Tuesday, August 3, 2010 6:14 PM
  • Although there are commands like 'net user', I still can't figure out, how on earth someone got access to my VPN . The point is not how someone changed the password after he got access to an account. The question is, how that person got access.

    I described the situation, and if you find any hint to a foult I possibly have made, I'd apreciate all qualified answers.



    Wednesday, August 11, 2010 4:57 PM
  • Could be two ways,

    you left your account open and the person came in and changed it.

    or used a bootable cd to wipe out the password and loged in and chaged it or if it is a good hacker did it from another computer in your network through command line.

    For the two first, learn to always lock you pc when away, and put a admin password to your bios(it will take him to take the cmos out and so to wipe it), but at least will make it harder.

    For the first one apply stronger policies.


    Good luck

    Friday, November 5, 2010 8:06 PM
  • SMARTKEY Password Recovery Bundle is a must-have toolkit to recover/remove/reset passwords for Windows, Excel, Word, Access, PowerPoint, Outlook, Outlook Express, PDF, RAR/WinRAR, ZIP/WinZIP, MSN, AOL, Google Talk, Paltalk, Trillian, Miranda, Opera, Firefox and IE Browser, etc. Over 21 types of passwords can be Recovered instantly. Until now, these password recovery tools are the fastest on the market, the easiest to use and the least expensive..
    Tuesday, January 18, 2011 7:44 AM