[itsthepitts]

Hello, everyone!

I just installed a networking computer in my office in order to take the office paperless. Password protected...or is it?

A coworker, who fancies him/herself a consummate hacker, has told me that he/she has a disc he/she can insert to break any password.

1. Does such a thing exist?

2. If it does exist, is there a way to lock this person out?

I'd appreciate anything ya got!

[lunarlander]

There are programs I know of that can change any password on a windows PC. To do that they need to reboot the PC and load a CD. The way to stop it is to have a bios password for booting the PC and set the bios so that it does not use the CD Rom when booting up.

[Elvandil]

Such things do exist. Depending on the level of complication, it can take more or less time. It would be unwise to get into specifics here, but you might try enlisting his help rather than promoting an adversarial relationship. Make your password as complex as possible, using numbers and symbols that are allowed and ask him to try.

[itsthepitts]

The main computer is part of a medical instrument and is NEVER to be turned off, but I think that's because of nightly updating, although I'll find out for sure.

I have a friend of a friend who is really good with this stuff. I'll speak with him and show him your email. It's nice to know something can probably be done. Thank you so much!

[itsthepitts]

Not adversarial - a lot of it is challenge meeting challenge!

Most of what I know about computers has been learned through having problems and finding similar problems on this board, then solving the problems myself (with all you guys' help, of course!).

[Made-In-Canada]

There are several possibilities.
1.) A key-logger which logs any keystroke and possibly takes screenshots
2.) A brute-force attack (basically tries all possible password, a password as simple as abcd it will crack in a couple of seconds. Something like Ab@d1S-=? will take a lot longer)
3.) An Asterisk unhider which really only works if a password is saved and is shown as asterisks

[mrss]

You didn't clarify what type of password access. For example, there's the user password needed to access a Windows PC that has been set up for password access. Then there's the password needed to get into shared files on a network.

This seems like a social engineering issue to me. Why would a coworker want to crack the password on your PC. Get your management to set the boundaries here. If this PC is running a medical instrument, no one should be messing with it,

[stephencc]

Set a BIOS password and lock the computer case, if possible. Other than that, any windows password can be removed and I have proof. Also make sure you password your administrator account if it's Windows XP because you can simply boot in safe mode and get right into anyones administrator account who never set a password on it

[lotuseclat79]

One thing you can do to thwart your co-worker, is to craft a special password, and store it on a CD for safe keeping. Make it a 256 character password, which is long enough to keep any attempt buzy for too long a period of time to be worth anyone's while. The key to remembering such a password (also using special characters) is to make up a mnemonic with which to remember it (also mix in alternating upper and lower case characters along with special characters).

That may be more work than the other respondees have mentioned - the best using the BIOS password approach, and setting the adminstrator password.

Also, there must be a technique to make the network computer inaccessible to the internal network other than by its own console - so that your co-worker would have to use the console to make his/her intrusion attempts, and not do it over the internal network which would allow them more leeway in using intrusion techniques.

Also, make sure you batten down the hatches on the network computer, like no one but an administrator can login.

-- Tom

[tex0gen]

There is one that you can put on a bootable CD or Keydrive that gets all the SAM hashes and then converts the hash to a letter eventually uncovering a password. I think that takes a few hours tho. I found it a few times on the net but never got to test it out. (On my own computer that is) [Hacking is illegal... lets remember that.] lol

[Triple6]

Tex0gen, I've removed your second post. Please do not provide links or instructions on how to crack or discover passwords as thats against our rules.

[tex0gen]

Sorry, it was meant for information. Not cracking.

[suns2remember]

First is first, make sure you have your "ADMINISTRATOR" password set ( not talking bout your USER admin )or anyone can go to SAFE MODE and reset everything and change or delete whatever they like.

The BIOS PASSWORD enable is the best. Cant Boot Windows without a BIOS password and no BOOT disk capabilities!!