Sunday, September 25, 2011

Forgotten Windows 2008 Server Password

HOW TO: Gain access to a Windows Server 2008 running RAID when the local administrator password is forgotten

The original problem
The IT team was diagnosing an issue with all inbound connections being rejected to a Windows 2008 server machine (a dual quad-core Dell Poweredge running 4 disk RAID PERC 6/i). It turned out the problem was that Windows Firewall was setup as using the "public" profile for its firewall rules.

Since the server should have been assigned to the "domain" profile for the firewall rules, and it seemed like the machine was not on the domain, the IT team decided it would be a good idea to "bump" the server onto the domain, that is, take it off the domain and then re-add it to the domain. Unfortunately the server ran the accounting software (including payroll) for the company.  Also, the domain controller was administered in a country half way around the world, such that any access to higher up IT support would have had to wait another 12 hours or so.

The new problem
The IT team didn't have the local administrator password for the server. And since they had now taken the server off the domain, it could no longer be accessed using the domain user and password combination that they had always used in the past. But nobody in the company knew the local administrator password for the machine. In 14 hours time the company's payroll would need to be processed and there was no way to access the application server running the accounting software. If there's anything that motivates people to work hard its the possibility of not being payed their wages due to a technical issue.

The admin password, it now seemed, was just lost forever. About this point I came upon the following Q&A post on the excellent ...

There is two main types of free linux-based "boot crackers" which crack windows machines by booting a custom version of linux with a limited user interface ...

Type 1: Rainbow Table Cracker
A boot cracker that brute forces passwords using lookup tables (rainbow tables). This type does not need to actually change the file system of the machine, but just reads the encrypted Windows SAM (Security Accounts Manager) password file from the machine and cracks it using lookup tables to gain access to the administrator password. Various comments on forums generally say that in most cases this will succeed, and will take no more than a few minutes.

Type 2: Password Reset Cracker
A boot cracker that resets the local administrator password on the machine. This type just clears the password and in doing so has to write to the file system. For this reason it is considered a little more risky. Also that fact that if the EFS (Encrypted File System) is being used, then it can result in the password not being cleared but actually being scrambled, and furthermore, irretrievable.

Using the cracker
I initially decided to try ophcrack since it was type 1, and didn't write back to the file system. This seemed initially to work like a charm, booting first time into its linux GUI, but when we tried to mount the file system (which was 4 disk RAID) we realised that the PERC 6/i RAID controller wasn't recognised by the cracker's linux distro. The linux command "fdisk -l" only listed one drive - that of the DVD-ROM drive which the cracker booted with - so it didn't have access to the RAID file system.

So onto the next option; using a type 2 cracker called "NTPASSWD" - we burnt the files to a CD-ROM and booted. This one has a command line only interface, but it worked like a charm - booted first time and had access to the RAID file system. It listed all the local users on the system. So we selected which one to clear the password for (Administrator) and this was all that was needed. Hey presto, restarted the machine and no login was needed - it had worked!

If this one hadn't worked, there was one final cracker that I probably would have tried, a commercial cracker, here, that boots in a "Pre-installation" version of Windows and claims to support all major RAID controllers and hard disk hardware around. The cost was something like $199 but this would have been well worth it if the other free crackers hadn't worked.

Follow @dodgy_coder

Subscribe to posts via RSS

Sunday, September 18, 2011

Top Ten Books about Hackers

Here is my list of what I believe are ten of the best books about hackers in real life. All of these include descriptions of actual events, and the personalities involved in hacking. Feel free to post your alternative suggestions in the comments section below. For a brief description of each one please check this page out here. Enjoy!

  1. Ghost in the Wires: My Adventures as the World's Most Wanted Hacker [2011]
    By Kevin Mitnick, Steve Wozniak and William L. Simon

  2. Kingpin: How One Hacker Took Over the Billion-Dollar Cybercrime Underground [2011]
    By Kevin Poulsen

  3. The Cuckoo's Egg: Tracking a Spy Through the Maze of Computer Espionage [1985]
    By Cliff Stoll

  4. The Fugitive Game: Online with Kevin Mitnick [1997]
    By Jonathan Littman

  5. Fatal System Error: The Hunt for the New Crime Lords Who are Bringing Down the Internet [2010]
    By Joseph Menn

  6. The Art of Intrusion: The Real Stories Behind the Exploits of Hackers, Intruders and Deceivers [2005]
    By Kevin Mitnick and William L. Simon

  7. The Hacker Crackdown: Law And Disorder On The Electronic Frontier [1993]
    By Bruce Sterling

  8. The Watchman: The Twisted Life and Crimes of Serial Hacker Kevin Poulsen [1997]
    By Jonathan Littman

  9. Masters of Deception: The Gang That Ruled Cyberspace [1995]
    By Michele Slatalla

  10. Unmasked [2011]
    By Peter Bright, Nate Anderson, Jacqui Cheng, Eric Bangeman and Aurich Lawson (of ArsTechnica)

Follow @dodgy_coder

Subscribe to posts via RSS

Sunday, September 4, 2011

Top Ten Most Influential Programming Books of All Time

As voted on by several thousand members of StackOverflow in this article here.

The original question was:

"If you could go back in time and tell yourself to read a specific book at the beginning of your career as a developer, which book would it be."

Since it was first posed back in 2008, this question has become the second most popular question of all time on StackOverflow.

Here are the results:
  1. Code Complete (2nd Edition)
    By Steve McConnell
    Published: July 7, 2004
    Publisher: Microsoft Press
    Amazon Link: here

    Widely considered one of the best practical guides to programming, this book has been helping developers write better software for more than a decade. The second edition was updated with leading-edge practices and hundreds of new code samples, illustrating the art and science of software construction. Capturing the body of knowledge available from research, academia, and everyday commercial practice, McConnell synthesizes the most effective techniques and must-know principles into clear, pragmatic guidance. No matter what your experience level, development environment, or project size, this book will inform and stimulate your thinking, and help you build the highest quality code.

  2. The Pragmatic Programmer: From Journeyman to Master
    By Andrew Hunt and David Thomas
    Published: October 30, 1999
    Publisher: Addison-Wesley Professional
    Amazon Link: here

    Like any other craft, computer programming has spawned a body of wisdom, most of which isn't taught at universities or in certification classes. Most programmers arrive at the so-called tricks of the trade over time, through independent experimentation. In The Pragmatic Programmer, Andrew Hunt and David Thomas codify many of the truths they've discovered during their respective careers as designers of software and writers of code. The cool thing about this book is that it's great for keeping the programming process fresh. The book helps you to continue to grow and clearly comes from people who have been there.

  3. Structure and Interpretation of Computer Programs, Second Edition
    By Harold Abelson, Gerald J Sussman and Julie Sussman
    Published: August 1, 1996
    Publisher: McGraw-Hill Science/Engineering/Math
    Amazon Link: here

    Teaches readers how to program by employing the tools of abstraction and modularity. The authors' central philosophy is that programming is the task of breaking large problems into small ones. You will learn a thing or two about functional programming, lazy evaluation, metaprogramming (well, metalinguistic abstraction), virtual machines, interpreters, and compilers. The book was originally written for the famous 6.001, the introductory programming course at MIT. It may require an intellectual effort to read, but the reward is well worth the price.

  4. The C Programming Language (2nd Edition)
    By Brian W Kernighan and Dennis M Ritchie
    Published: April 1, 1988
    Publisher: Prentice Hall
    Amazon Link: here

    Concise and easy to read, it will teach you three things: the C programming language, how to think like a programmer, and the C abstract machine model (what's going on "under the hood"). Co-written by Dennis Ritchie, the inventor of the C programming language.

  5. Introduction to Algorithms
    By Thomas H. Cormen, Charles E. Leiserson, Ronald L. Rivest and Clifford Stein
    Published: July 31, 2009
    Publisher: The MIT Press
    Amazon Link: here

    Introduction to Algorithms, the 'bible' of the field, is a comprehensive textbook covering the full spectrum of modern algorithms: from the fastest algorithms and data structures to polynomial-time algorithms for seemingly intractable problems, from classical algorithms in graph theory to special algorithms for string matching, computational geometry, and number theory. The revised third edition notably adds a chapter on van Emde Boas trees, one of the most useful data structures, and on multithreaded algorithms, a topic of increasing importance.

  6. Refactoring: Improving the Design of Existing Code
    By Martin Fowler, Kent Beck, John Brant and William Opdyke
    Published: July 8, 1999
    Publisher: Addison-Wesley Professional
    Amazon Link: here

    Refactoring is about improving the design of existing code. It is the process of changing a software system in such a way that it does not alter the external behavior of the code, yet improves its internal structure. With refactoring you can even take a bad design and rework it into a good one. This book offers a thorough discussion of the principles of refactoring, including where to spot opportunities for refactoring, and how to set up the required tests. There is also a catalog of more than 40 proven refactorings with details as to when and why to use the refactoring, step by step instructions for implementing it, and an example illustrating how it works The book is written using Java as its principle language, but the ideas are applicable to any OO language.

  7. Design Patterns: Elements of Reusable Object-Oriented Software
    By Erich Gamma, Richard Helm, Ralph Johnson and John Vlissides (Also known as "The Gang of Four")
    Published: November 10, 1994
    Publisher: Addison-Wesley Professional
    Amazon Link: here

    Design Patterns is a modern classic in the literature of object-oriented development, offering timeless and elegant solutions to common problems in software design. It describes patterns for managing object creation, composing objects into larger structures, and coordinating control flow between objects. The book provides numerous examples where using composition rather than inheritance can improve the reusability and flexibility of code. Note, though, that it's not a tutorial but a catalog that you can use to find an object-oriented design pattern that's appropriate for the needs of your particular application--a selection for virtuoso programmers who appreciate (or require) consistent, well-engineered object-oriented designs.

  8. The Mythical Man-Month: Essays on Software Engineering
    By Frederick P. Brooks
    Published: August 12, 1995
    Publisher: Addison-Wesley Professional
    Amazon Link: here

    Few books on software project management have been as influential and timeless as The Mythical Man-Month. With a blend of software engineering facts and thought-provoking opinions, Fred Brooks offers insight for anyone managing complex projects. These essays draw from his experience as project manager for the IBM System/360 computer family and then for OS/360, its massive software system. Now, 20 years after the initial publication of his book, Brooks has revisited his original ideas and added new thoughts and advice, both for readers already familiar with his work and for readers discovering it for the first time.

  9. Art of Computer Programming, Volume 1: Fundamental Algorithms (3rd Edition)
    By Donald E. Knuth
    Published: July 17, 1997
    Publisher: Addison-Wesley Professional
    Amazon Link: here

    The bible of all fundamental algorithms and the work that taught many of today's software developers most of what they know about computer programming. One of the book's greatest strengths is the wonderful collection of problems that accompany each chapter. The author has chosen problems carefully and indexed them according to difficulty. Solving a substantial number of these problems will help you gain a solid understanding of the issues surrounding the given topic. Furthermore, the exercises feature a variety of classic problems.

  10. Compilers: Principles, Techniques, and Tools (2nd Edition)
    By Alfred V. Aho, Monica S. Lam, Ravi Sethi and Jeffrey D. Ullman
    Published: September 10, 2006
    Publisher: Prentice Hall
    Amazon Link: here

    Known to professors, students, and developers worldwide as the "Dragon Book," the latest edition has been revised to reflect developments in software engineering, programming languages, and computer architecture that have occurred since 1986, when the last edition published.  The authors, recognizing that few readers will ever go on to construct a compiler, retain their focus on the broader set of problems faced in software design and software development.

    Follow @dodgy_coder

    UPDATE:  There was just too many great books that finished outside of the top 10 to ignore... below I've added the programming books which finished placed 11th through to 30th in the survey... enjoy!

  11. Head First Design Patterns
    By Elisabeth Freeman, Eric Freeman, Bert Bates and Kathy Sierra
    Published: November 1, 2004
    Publisher: O'Reilly Media
    Amazon Link: here

  12. Gödel, Escher, Bach: An Eternal Golden Braid (20th Anniversary Edition)
    By Douglas Hofstadter
    Published: February 5, 1999
    Publisher: Basic Books
    Amazon Link: here

  13. Effective C++: 55 Specific Ways to Improve Your Programs and Designs (3rd Edition)
    By Scott Meyers
    Published: May 22, 2005
    Publisher: Addison-Wesley Professional
    Amazon Link: here

  14. Clean Code: A Handbook of Agile Software Craftsmanship
    By Robert C Martin
    Published: August 11, 2008
    Publisher: Prentice Hall
    Amazon Link: here

  15. Programming Pearls (2nd edition)
    By Jon Bentley
    Published: October 7, 1999
    Publisher: Addison-Wesley Professional
    Amazon Link: here

  16. Working Effectively with Legacy Code
    By Michael Feathers
    Published: October 2, 2004
    Publisher: Prentice Hall
    Amazon Link: here

  17. CODE: The Hidden Language of Computer Hardware and Software
    By Charles Petzold
    Published: November 11, 2000
    Publisher: Microsoft Press
    Amazon Link: here

  18. Peopleware: Productive Projects and Teams (2nd Edition)
    By Tom DeMarco and Timothy Lister
    Published: February 1, 1999
    Publisher: Dorset House
    Amazon Link: here

  19. Coders at Work: Reflections on the Craft of Programming
    By Peter Seibel
    Published: September 16, 2009
    Publisher: Apress
    Amazon Link: here

  20. Effective Java (2nd Edition)
    By Joshua Bloch
    Published: May 28, 2008
    Publisher: Prentice Hall
    Amazon Link: here

  21. Patterns of Enterprise Application Architecture
    By Martin Fowler
    Published: November 15, 2002
    Publisher: Addison-Wesley Professional
    Amazon Link: here

  22. The Little Schemer (4th Edition)
    By Daniel P. Friedman, Matthias Felleisen, Duane Bibby
    Published: December 21, 1995
    Publisher: The MIT Press
    Amazon Link: here

  23. The Inmates Are Running The Asylum: Why High Tech Products Drive Us Crazy and How to Restore the Sanity
    By Alan Cooper
    Published: March 5, 2004
    Publisher: Sams - Pearson Education
    Amazon Link: here

  24. The Art of UNIX Programming
    By Eric S Raymond
    Published: October 3, 2003
    Publisher: Addison-Wesley Professional
    Amazon Link: here

  25. Practices of an Agile Developer
    By Venkat Subramaniam and Andy Hunt
    Published: July 1, 2005
    Publisher: Pragmatic Bookshelf
    Amazon Link: here

  26. The Elements of Style: 50th Anniversary Edition
    By William Strunk and E. B. White
    Published: October 25, 2008
    Publisher: Longman
    Amazon Link: here

  27. Test-Driven Development: By Example
    By Kent Beck
    Published: November 18, 2002
    Publisher: Addison-Wesley Professional
    Amazon Link: here

  28. Don't Make Me Think: A Common Sense Approach to Web Usability
    By Steve Krug
    Published: August 28, 2005
    Publisher: New Riders Press
    Amazon Link: here

  29. Domain Driven Design: Tackling Complexity in the Heart of Software
    By Eric Evans
    Published: August 30, 2003
    Publisher: Addison-Wesley Professional
    Amazon Link: here

  30. Modern C++ Design: Generic Programming and Design Patterns Applied
    By Andrei Alexandrescu
    Published: February 23, 2001
    Publisher: Addison-Wesley Professional
    Amazon Link: here

    Follow @dodgy_coder