[[Recover Mac Password without CD]]
Capstone Tasks
Capstone Tasks
These are the tasks needed to complete our [[Capstone Project]]
-
Create a [[How to make an Ubuntu Gold Master Image Gold Master Ubuntu Server Virtual Machine Image]] - Create a [[Gold Master Windows 2008 Server Virtual Machine Image]]
-
Create a [[How to Create a Virtual Linux Router using Ubuntu Virtual Linux Router]] -
Create a Virtual [[How to Create an Active Directory Server Active Directory Server]] - [[Enable Group Policy in Windows 2008]]
-
Create a Virtual [[Ubuntu RID NFS Server Linux NFS Server with Samba]] - Create a [[Virtual Windows Deployment Server]]
- [[Configure DHCP]]
- [[Deploy a Virtual Windows 7 Desktop using Windows Deployment Server]]
- Create a Virtual [[Puppet Master Server]] and [[Puppet Dashboard]]
- Configure the [[Puppet Client]] on the host nodes
- [[Puppet on Oracle Solaris 11]]
- [[Deploy a Virtual Ubuntu Linux Desktop using Windows Deployment Server and Puppet]]
Windows 7 Software
| This page is to document what software is needed to be installed on the Windows Desktops in the [[http://www.cs.umb.edu/sp/about/facilities/ | Unix Lab]]. The table will document whether the software is to be included on the deployment image or to be deployed via GPO. The table will also include what mechanism to update the software. Certain software packages need to be updated more frequently due to security concerns. If the solution for updating is Re-Imaging then automatic update checking should be turned off because the user won’t be able to update anyway. |
^ Software Name ^ Vendor ^ Deployment Method ^ Update Method ^ | Windows 7 | Microsoft | Image | WSUS | | Office Professional Plus 2010 | Microsoft | Image | WSUS | | Office Project Professional 2010| Microsoft | Image | WSUS | | Adobe Flash Player 11 | Adobe | Image | WSUS | | Adobe Reader | Adobe | Image | ??? | | CyberLink PowerDVD 9.5 | CyberLink | Image | Re-Image | | Google Chrome | Google | ??? | [[http://support.google.com/chromeos/a/bin/answer.py?hl=en&answer=188447|Chrome Browser FAQ for Admins]] | | GSview 5.0 | Ghostgum | Image | Re-Image | | Java SE Developer Kit 7 | Oracle | ??? | ??? | | McAfee VirusScan Ent. | McAfee | Image | McAfee Server | | Microsoft Visual Studio 2010 | Microsoft | Image | WSUS | | Mozilla Firefox | Mozilla | Image | Self-updates? | | NetBeans IDE 7.2.1 | NetBeans.org| Image | Re-Image | | PuTTY | Simon Tatham| Image | Re-Image | | Python 2.7.3 (64-bit) | Python Soft | Image | Re-Image | | QtSpim | Larus-Stone | Image | Re-Image | | SSH Secure Shell | F-Secure | Image | Re-Image | | VMware vSphere Client 5.0 | VMware Inc. | Image | Re-Image | | VMware Workstation 8 | VMware Inc. | Image | Re-Image | | WinZip 17.0 | WinZip | Image | Re-Image | | Wireshark 1.8.3 | Wireshark | Image | Re-Image |
How to Reset Mac Password Without a CD
Using a pretty nifty trick you can reset a forgotten Mac password without a Mac OS X installer CD/DVD. The steps may seem a little intimidating at first but I assure you it’s easy if you follow them exactly, here is exactly how to do this in three stages:
Stage 1) Boot into Single User Mode and remove a setup file
Restart the Mac holding down the Command+S keys, this will take you into Single User Mode and it’s Terminal interface You’ll need to check the filesystem first:
fsck -fyNext, you must mount the root drive as writeable so that changes will save:
mount -uw /Now, type the following command exactly, followed by the enter key:
rm /var/db/.applesetupdoneAfter removing the applesetupdone file, you need to reboot, type ‘reboot’ and hit enter
Stage 2) Create a New User Account upon System Boot
You aren’t finished, but the hard part is now over – no more command lines, you’ll now be in the familiar Mac OS X GUI to finish the password reset process. In this step we just create a new user account as if you just got a new Mac:
Upon reboot, you will be presented with the traditional “Welcome Wizard” startup screen just like when you first get a Mac Follow the welcome wizard and create a new user account – making the account name different from the account whose password you want to recover Continue on and boot into Mac OS X with this newly created user account, this new user account is an Administrator and has administrative access
Stage 3) Reset the Forgot Password via System Preferences
You are almost done, now you just need to reset the forgotten user account password using the Accounts control panel:
Once you are booted into Mac OS X, click on the Apple logo and then navigate down to “System Preferences” Click on the “Accounts” icon in System Preferences Click on the Lock icon in the lower left corner of the “Accounts” preference window and enter the newly created user credentials, this enables you to change other user accounts and reset other users passwords On the left side user panel, select the user account containing the forgotten password With the user of the forgotten password account selected, click on the “Reset Password” button Enter a new password for that user, be sure to include a meaningful hint so you don’t forget it again! Close System Preferences and reboot the Mac You can now login to the previously inaccessible user account using the newly reset password! All user files and settings are maintained as before the password was forgotten Optional: If you’d like, you can delete the temporary account you created to reset the users password. This is wise for security purposes.
Here’s how this works: by deleting the .applesetupdone file, you are telling Mac OS X to re-run the setup wizard, which by default creates a new user account with Administrative abilities, which can then reset the forgotten password of any other user on the Mac. This is a great trick and excellent troubleshooting technique if you don’t have a Mac OS X installer CD/DVD laying around, which is pretty much the norm as many people tend to lose or misplace the installer disks that come with their computers. I have used this exact method multiple times to restore various Macs with forgotten/lost passwords.
Dell Optiplex 790 Bios Configuration
====== Dell OptiPlex 790 BIOS Settings ====== * Hit F12 to enter Boot Options
-
Choose BIOS Setup from OTHER OPTIONS
-
System Configuration -> Integrated NIC -> Enabled w/PXE
- General -> Boot Sequence ->
- Only check: Onboard NIC and P0: WDC WD5000AAKX-753CA1
- Make the OnBoard NIC the first option in the list
-
USB Configuration -> Uncheck Enable Boot Support - Power Management -> Wake on LAN -> LAN only
Wds for Cs
====== Prerequisites ====== Bring up the Domain functional level to Windows Server 2008 R2
Modify the lab computers to PXE boot with the needed [[Dell Optiplex 790 BIOS Configuration]]
| Modify the [[configure dhcp | DHCP server configuration]] to include the settings needed by WDS |
======Install Windows Deployment Services====== Add Computer to Domain and login with administrative Domain Account!!!
Install WDS role on the WDS computer
Get the volume licensed install media to add the boot and install image to WDS
Test by installing a default windows 7 install on a machine
======Create Capture Image====== On WDS go into Boot Images
Click on Create Capture Boot Image
Walk through wizard
Click Add Boot Image
======Custom Install Image======
Create a reference computer (install the operating systeem, applications, and any other changes)
run sysprep /oobe /generalize /reboot
Configure Dhcp
I cloned a new virtual Ubuntu 12.04 server and added isc’s dhcp server to emulate the cs department’s network.
apt-get install dhcpd-server
This installs isc’s dhcpd version 4 I think.
Edit /etc/dhcp/dhcpd.conf
default-lease-time 600;
max-lease-time 7200;
authoritative;
subnet 10.10.10.0 netmask 255.255.255.0 {
range 10.10.10.100 10.10.10.200;
option routers 10.10.10.1;
option subnet-mask 255.255.255.0;
option broadcast-address 10.10.10.255;
option domain-name-servers 10.10.10.10, 10.10.10.11;
option domain-name "tom.umb.edu";
option domain-search "tom.umb.edu";
# dynamic DNS updates ddns-updates on; ddns-domainname “tom.umb.edu”; ddns-rev-domainname “10.10.10.in-addr.arpa”;
next-server 10.10.10.20; filename “boot\x86\wdsnbp.com”; } </code>
Start the server: service isc-dhcp-server start
How to Convert a Man Page to Text
At the command line, run:
$ man MANPAGE | col -b > filename.txtHere’s what it means:
man = display the man pages for a stated command
| = pipe the output of the man pages somewhere else
col -b = format the output
> = send the output to a file
filename.txt = name of the file you wish to create and populate with output10 Important Google Search Terms
site
- The site operator is great for trolling through all the content Google has gathered for a target.
- This operator is used in conjunction with many of the other queries presented here to narrow the focus of the search to one target. ##intitle:index.of
- The universal search for Apache-style directory listings.
- Directory listings provide a wealth of information for an attacker. ##error | warning
- Error messages are also very revealing in just about every context.
- In some cases, warning text can provide important insight into the behind-the-scenes code used by a target. ##login | logon
- This query locates login portals fairly effectively.
- It can also be used to harvest usernames and troubleshoot procedures. ##username | userid | employee.ID | “your username is”
- This is one of the most generic searches for username harvesting.
- In cases where this query does not reveal usernames, the context around these words can reveal procedural informations an attacker can use in later offensive action. ##admin | administrator
- Using the two most common terms for the owner or maintainer of a site, this query can also be used to reveal procedural information (“contact your administrator”) and even admin login portals. ##-ext:html -ext:htm -ext:shtml -ext:asp -ext:php
- This query, when combined with the site operator, gets the most common files out of the way to reveal more interesting documents.
- This query locates backup or tempory files and directories ##inurl:temp | inurl:tmp | inurl:backup | inurl:bak
- This query locates backup or temporary files and directories. ##intranet | help.desk
- This query locates intranet sites ( which are often supposed to be protected from the general public) and help desk contact information and procedures.
Windows Server 2008
======Synchronize time with external NTP server on Windows Server 2008======
Time synchronization is an important aspect for all computers on the network. By default, the clients computers get their time from a Domain Controller and the Domain Controller gets his time from the domain’s PDC Operation Master. Therefore the PDC must synchronize his time from an external source. I usually use the servers listed at the NTP Pool Project website. Before you begin, don’t forget to open the default UDP 123 port (in- and outbound) on your (corporate) firewall.
First, locate your PDC Server. Open the command prompt and type: C:>netdom /query fsmo Log in to your PDC Server and open the command prompt. Stop the W32Time service: C:>net stop w32time Configure the external time sources, type: C:> w32tm /config /syncfromflags:manual /manualpeerlist:”0.pool.ntp.org, 1.pool.ntp.org, 2.pool.ntp.org” Make your PDC a reliable time source for the clients. Type: C:>w32tm /config /reliable:yes Start the w32time service: C:>net start w32time The windows time service should begin synchronizing the time. You can check the external NTP servers in the time configuration by typing: C:>w32tm /query /configuration You can also check the status: C:\Users\tmullaly>w32tm /query /status Leap Indicator: 0(no warning) Stratum: 3 (secondary reference - syncd by (S)NTP) Precision: -6 (15.625ms per tick) Root Delay: 0.0978394s Root Dispersion: 7.8137172s ReferenceId: 0xCE392C11 (source IP: 206.57.44.17) Last Successful Sync Time: 12/18/2012 7:15:14 PM Source: 1.pool.ntp.org Poll Interval: 6 (64s)
Check the Event Viewer for any errors. Tested on Windows Server 2008 Standard