[Gain SYSTEM/Administrative Access to Windows XP/2000]

Oh .. and sorry for multiple posting.. it may be in my case a good idea insert some code into a file an admin would access on login, which would be able to copy the sam to a unsecure part of the OS /email to GMail, whenever the admin logs in so i dont have to keep accessing the PC via boot disk when the admin routinly changes PWD.. that would put me 1 step ahead.

Also I believe the domain admin password is diff to the local PWD in terms of storage of HASH..

Is the domain PWD stored on the local machine in XP / 2k. how easy is the stored domain PWD to the local pwd in terms of HASH?. can these PWDS be broken with normal LM rainbow tables?

[Gain SYSTEM/Administrative Access to Windows XP/2000]

A bios chip cannot be backdoored or cracked on an oem machine. If it is a custom build machine then there are some backdoor passwords out there, but they rarely work. So that leaves you SOL.

Thanks mate.. gave me an Idea. i went to http://www.uktsupport.co.uk/reference/biosp.htm

and found a reasonable list of BD passwords for the award bios.. it seems my target has a cheap MB.. and AWARD_PW worked great.. I have full access now to boot CD / USB and can now go about the simple task of pilfering SAM

BTW it was not a matter of the case being locked but as in most cases the Security camerers make it too "james bond" to open case without bad consequences.

[Gain SYSTEM/Administrative Access to Windows XP/2000]

Is there a way to boot some sort of network device from the pxe / network boot to access the %system% . My target has bios locked, not possible to open case and no boot from cd etc.