Many free (or nearly free) break-in tools are readily available on the Internet. Now, don't get upset—we're not revealing secret break-in tools that no one has heard about before. You can easily find these utilities by searching the Internet with the keywords break-in tools.
You should take a quick look at the free break-in utilities for two reasons:
1. The quantity, general availability, and feature set of these tools should give you a wake-up call to physically secure your servers and defend against their potential use in your environment.
2. You might find some of these tools useful and want to try them in a test environment. However, we have not tested these tools, nor do we specifically recommend them for use.
Here's a sampling of free tools that will probably keep you awake at night:
Advanced Windows Password Recovery (AWPR— http://www.elcomsoft.com/awpr.html) enables recovery of logon passwords, Microsoft .NET Passport passwords, stored user passwords, RAS and dial-up passwords, passwords to VPN connections, and passwords and access rights to shared resources. In addition, this tool lets you run programs in another user's context, show password history hashes, and read password hashes from SAM and system files.
Austrumi (http://sourceforge.net/projects/austrumi) is a Linux bootable .iso image for recovering Windows NT passwords. It lets you change any password, including Administrator passwords. At only 50MB, the file can fit on a business card CD-ROM.
Emergency Boot CD (EBCD—http://ebcd.pcministry.com) is a bootable CD-ROM that lets you perform emergency boots (works with Windows Server 2003, Windows XP, Windows 2000, and NT), recover the Master Boot Record (MBR) of hard disks, and change the password of any local user account. The tool also lets you recover deleted files (even files deleted from the Windows Recycle Bin), perform disk wipes, recover data from an accidentally formatted disk, and copy and move files.
Offline NT Password & Registry Editor (http://home.eunet.no/~pnordahl/ntpasswd) lets you change the password of any local user account, even when Syskey is enabled. It also lets you detect and unlock locked or disabled user accounts. It works offline, so you boot from a floppy disk or CD-ROM.
XP Password Cracker (http://xpcracker.mine.nu/xpcracker) doesn't change an Administrator password, but it tells you the existing password for that account. This tool works with Encrypting File System (EFS) files and password hashes.