Jump to content

Having issues with previous IT guy.


Rodder

Recommended Posts

Just took a job where the previous IT guy did some shady stuff. The usual github licenses and charging for the real deal but he has software installed Ninjarmm that I cant remove despite my many attempts and he's locked the server down and is not handing over any admin passwords. is there anything yall can recommend or point me in the direction of to bypass this? not sure what to do. 

Link to comment
Share on other sites

A quick web search shows that Ninja RMM has uninstall prevention. See here: https://github.com/samersultan/Ninja-One-Uninstall-Agent/blob/main/Uninstall-Ninja-One-Agent-From-Workstation.md. As for the server, I know some things about hacking an AD DC, especially with physical access, but it would be a long walkthrough and dependent on the environment. 

  • Like 1
Link to comment
Share on other sites

On 1/10/2024 at 10:44 AM, DramaKing said:

A quick web search shows that Ninja RMM has uninstall prevention. See here: https://github.com/samersultan/Ninja-One-Uninstall-Agent/blob/main/Uninstall-Ninja-One-Agent-From-Workstation.md. As for the server, I know some things about hacking an AD DC, especially with physical access, but it would be a long walkthrough and dependent on the environment. 

Thanks for looking into this for me. Unfortunately; it didn't work. The product key is not even found in the uninstall file in the registry. I can see the program in the registry but there is no uninstall. Any additional help here would be appreciated. 

 

As for the server I had no choice but to off load what data I could, wipe the drives and install Windows server 2022 with a legit product key. They have about 30 computers here I cant do that for all of them. So again any help is greatly appreciated.

Link to comment
Share on other sites

1 hour ago, Rodder said:

Thanks for looking into this for me. Unfortunately; it didn't work. The product key is not even found in the uninstall file in the registry. I can see the program in the registry but there is no uninstall. Any additional help here would be appreciated. 

 

As for the server I had no choice but to off load what data I could, wipe the drives and install Windows server 2022 with a legit product key. They have about 30 computers here I cant do that for all of them. So again any help is greatly appreciated.

If BitLocker wasn't enabled, a bootable password reset tool should have been all you needed to login as the default administrator.

Again, that program will prevent uninstallation unless you follow the instructions from GitHub. 

Link to comment
Share on other sites

On 1/15/2024 at 2:30 PM, DramaKing said:

If BitLocker wasn't enabled, a bootable password reset tool should have been all you needed to login as the default administrator.

Again, that program will prevent uninstallation unless you follow the instructions from GitHub. 

Thanks @DramaKing going to attempt a SAM Dump and have John the Ripper or something else work the hash out for me. Unfortunately we are working on a limited budget, its just going to take some time. I'm by no means an IT guy I'm just trying to clean up a mess and get them back up and running securely. 

 

If you have an alternate idea to a SAM dump let me know. 

 

Thanks again!

Link to comment
Share on other sites

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

  • Recently Browsing   0 members

    • No registered users viewing this page.
×
×
  • Create New...