Hacking SAM database on offline Windows
Today I had presentation for my colleagues - they had to prepare few vmware machines for me to test some functionalities...
However there was old local administrator password on these boxes - the one that no one was able to remember...
So I tried to use one of my "oldies goldies" tools called Offline NT Password & Registry Editor. This utility (or should I say Linux distro? ;)) is using known security issues of windows with local SAM file (hope so it is fixed once and for all in Windows Vista).
You can download it here: http://home.eunet.no/pnordahl/ntpasswd/
You download CD image (you can burn it or mount it to virtual CD drive), boot from it, hit enter few times (default configuration) and voila - you local administrator password is empty - and you were able to do it in few minutes....
I know that I shouldnt be happy about such security bug (specially if even SysKey is not able to protect you), however it helped me too many times... And hope so it will help you too :)