The starting point of this tutorial is a machine with Windows Server 2008 R2 Enterprise that has been booted with a boot CD.
Netcat windows 2008 password#
Resetting the administrator password on Windows Server 2008 R2 In the follow sections I will explain how I did this and how you can secure your Windows installations from applying this technique. This access level allowed me to reset the administrator password using a boot CD and finally login to the Windows Server with administrator privileges. As it was not very hard to compromise the machines on this network I was able to access the VMware vSphere administration panel as administrator in a very early stage of the penetration test.
The environment contained a domain controller and 3 application servers that were running Windows Server 2008 R2. Other then the Windows machines I also encountered a few Linux based network and back-up devices. Alternatively you can apply this technique when have some kind of physical access to a host.Ī couple months ago I was conducting a penetration test on a staged Windows environment that was running on a VMware hypervisor. This kind of access allows you to control the virtual machines as if you had physical access to it, including the ability to use boot disk and modify system files. Especially at the point when you’ve compromised the administration panel of the hypervisor software. And in some other situations it is definitely useful and comes in handy when you need it.
This is not a great ‘hacking’ technique that can be used to pwn all Windows installations but it is more a sysadmins last resort trick when nothing else works on a forgotten password. This technique requires us to have physical access to the machine that is running the Windows server or have access to the management interface of the hypervisor when Windows Server 2008 R2 is running virtualized. In this article we will be looking at how easy it is to bypass authentication and reset the administrator password on a Windows Server 2008 R2 installation.