Thank goodness for Windows security holes

I woke up Saturday morning to a very bad sound… **Click…. Whirrrrr…. Whirrrrr… Click, Click** By the time I was cognizant to what it was (the harddrive of my laptop, which sit by my bed), and attempted to save and close programs and shut it down, it blue screened.

“Well,” I thought, “it’s windows, BSOD is pretty common.” I do a force power down (hold in button for 5 secs), reboot, and wait.

**Windows/System32/Config/System file missing or corrupt**

Great… A registry hive error. Pretty much irrepairable with an OEM XP installation. Oh well, I’ve been wanting to do a clean install of Windows anyway. Nevermind the fact that today is day we’re supposed to upload all the content for our client’s new site. Oh well, how long can this take? Probably not past lunch, No biggie.

So I attach my external hard drive, and boot into Ubuntu to recover my data in case I have to wipe the drive. (Unfortunately I forgot to get my 3+ years of email… too late now.) That done, I attempted Windows recovery console. No dice there either. Well, I’ve got my IBM recovery partition, let’s try that… Good, that’s working. Let that run for 30-40 odd minutes. During the process it asked me to set an administrator password, which I did. It finishes, reboots and presents me with the login screen, and the user name of Administrator. I enter the password I chose earlier and wait.

**Bong** Password incorrect. Please retype your password. Passwords must be typed in the correct case.

Oops, my bad, try again. **Bong** Stupid me.. **Bong** What! **Bong** Good grief **Bong** Try blank… **Bong** **Bong** **Freeze** **Bong** **Bong** (you get the idea…)

Not good, I must have mistyped it. How could I have made the same typo twice??? Wrong home keys? Oh well, it’s only 10 o’clock or so, I’ll reinstall again.

This time I set the password to something really easy: abc. How could I mistype that? Reboot, and login screen.

**abc** **Bong** Ai yi yi **Bong** Ok, the Admistrator account has a problem… Let me try some other things… **Bong** An old account name? **Bong**

I should probably explain that because I bought my laptop from the school, the recovery partion I’m using has a custom image on it with school software. So I thought, “It must have a custom Administrator account too.”

Well, I have another option. Because I was an IT minor last year, I was able to take advantage of Microsoft’s Academic Alliance program which allows computer science students to download free M$ software including Visual Studio, VPC, and XP. I downloaded an iso of the XP install CD complete with academic license and authentication code. This disk image was on my harddrive and part of the files I had recovered. So I used another computer to burn it to a CD, and as Nero, for some reason wouldn’t recognize the .img file type of the iso, I used a free program called Burn 4 Free. Once that was done, I put my new XP install CD in my laptop and waited. After another 40 mins or so, I was able to log in. Yea!! But I had absolutely nothing. No OEM drivers, no internet, zip, zero, nada. So I decided to try the IBM thing again, just to get that. I had an Administrator account now that worked, after all.

Same as before, installed, rebooted, login screen… **Bong** AAAAAAARRRRRRRRRRRRRGGGGHHHHHHHHHH!

How can i reset this Administrator password? So a googling we go. Oops, sorry! I mean, I did an internet search using google.com. Much info abounds on how to attempt, both legally and illegally to get around the Administrator password. But the article i found most useful was this one… I Forgot My Administrator Password!!. It informs the reader of a (may I say) scary access hole during the install process. At one point you can hit SHIFT+F10 and bring up the windows command line, from which you full access to the system. Simply call up nusrmgr.cpl and you get the familiar windows gui for changing passwords. You can wipe out the admin password, or create a new admin account. I assume you could use this access hole to retrieve data using notepad.exe “<file name>”, and who knows what else. And as this can be done during a XP repair install, it could give you full access to all the data on the computer as Administrator once the repair is done running.

As it turned out, there was no Administrator account, just one called dormsupport (still on my computer and with no idea as to the password for it). So I created one, saved, closed and exited the command line and continued the reinstall.

Finally, after 13 hours, I was back in. Next to install XP SP2, and 62 other critical updates, and I was back in business around midnight. Meanwhile, we got the content for EBC-EBCA’s site uploaded, and began the process of domain registration transfer and DNS propigation.

So that was my weekend. How was yours?