I would like to know how to obtain someones password on a Windows 2000 machine after they have logged on and left the machine.

Ug good question... I dont think I even know that off hand. I would have to do some digging around.

I would guess you generally would need admin/poweruser privs to view it.

Anyone know where that info is stored? Please tell me its not in the registry... =P

simon

gotta grab their hashes somehow, either sniffing or stealing locally (ie shadow/passwd linux, or backup dirs / sam win) if you can root the system you can pull the shit remotely

then of course, you have to brute force the hashes, ie cracker jack / l0phtware, etc

I would love to see someone brute force the pwds of my servers that i have in the hack my server thread

actually a tool that tries to do that. Even though sometimes it doesn't succeed in extracting the password, but its very good at changing it.
I am talking about the admin account.

This tool cannot be used remotely because it requires rebooting the machine and using a floppy as a start
Regards

the easiest way is to find something else that has passwords of theirs cached.. ie instant messenger, web browser, etc.. I've had about an 80% success rate of uncovering the **** to find the same pwd that the person uses for all their accounts

I'm not interesting in hitting the Admin account on theses machines. I was wondering if I could obtain the password using the account that is currently logged in. I dont want to change the password. I would like to just obtain it with out being noticed and keep it for a furture resource. I'm currently searching more myself and will also post any findings. This could be very useful info if found.

If someone does discover how to change the password without know the current one and not using admin, please post it.