FOGcrypt password
-
OK, So I have an odd question. I took over IT in a small company and they were already using FOG, which is great since I love to use it. But I am having problems accessing several systems as they had no docs on things. They do have FOG joining to AD, I was hoping to find a way to decrypt the password for the client to find what it is(it is the legacy client FOG 1.2). I know I can change the password in AD and update it in FOG. But the reason to decrypt is to hopefully gain access to a few systems that are not AD integrated without jumping through many hurdles(I am hoping they had a generic password they used for admin accounts).
And no there is no way of getting the information from the previous tech unfortunately. Just hoping you can help and if not then I guess I have alot of work ahead of me. I might even if you can help, but here’s to hope. Thanks
-
@ITSolutions said:
nd no there is no way of getting the information from the previous tech unfortunately. Just hoping you can help and if not then I guess I have alot of work ahead of me.
I don’t feel comfortable about sharing methods that circumvent FOG Legacy’s security features, I’m sorry.
Best thing I can tell you is to try to get through some other way. Use powershell to create an account on those computers or something… Maybe even deploy some remote desktop software via powershell. Maybe brute force the password hashes with something oldschool like Cain & Able. Again, sorry… I just can’t make it easy to side-skirt something that’s designed to protect passwords.
It might be easier to just tear-down and rebuild.
If I had a technician working under me that refused to document things - and purposely made things difficult for “job security”, I’d look for every opportunity to write warnings and reprimands for that tech - until I had enough built up to fire them. And that’s just how I feel about that. Hopefully the guy before you was fired.
-
Also - since you work for a company that produces revenue - please see what can be done about donating to the FOG Project. See my signature for details.
-
I understand that you are uncomfortable sharing that information. I don’t blame you, I was hoping though.
The issue is this is a small company that has always been a 1 man shop and the previous tech passed-away and they contracted my services. Some of the systems I am referring to about trying to get passwords for are switches, firewalls, and even a couple linux boxes that other than brute force or rebuild there is no way. As you can image wiping firewalls and switches and routers and rebuilding is not a solution. Or not a solution that I can implement quickly, or easily. I am trying to keep them up with very little down time and issues. The powers that be had no idea about IT and he was here for over 10 yrs, so no one really questioned or asked. The only reason I was able to get into FOG was because he kept it as the default. Thanks again and I will see if there is anything else I can do.
-
As for donating I agree, I am going to address that as soon as I can with the company. I have set up other FOG servers for schools and non-profits and enabled mining on them. This is the first for profit business that I have gone with FOG on. I do contract IT services and love FOG and suggest implementing it in almost all cases.
-
There are tools out there that can get Windows Passwords fairly easily out of XP through 7 machines. Use of those tools is legal so long as you are the owner of the systems you are using them on, so that part is on you. I suggest doing a Google for “Trinity Rescue Kit”.
-
I do know about getting them from Windows machines, but that doesn’t help much as these are AD, Cisco, and Linux machines I am dealing with that I need passwords to. I did get the local admin password for the computers, which wasn’t used anywhere else. Which doesn’t surprise me, as I don’t know many admins that would use the same password as the local admin accounts.
-
Fair enough. Are there any other services used in the same server that runs FOG?
-
You could rebuild it - create detailed documentation - You should keep a digital copy and hard copy of that documentation, and then provide the client with both a digital copy and hard copy.
Obviously you should keep a backup of documentation safe just as you would backup any data, in a security deposit box at a bank. This way you always have many copies.
If you do all that - then the small business would never have to go through this again, and you will probably do a better job rebuilding everything anyways.
-
@Wayne Workman, Yes it looks as though I will be rebuilding much of the network. I know all about documentation. That is a big part of when I come into a company, when I go in I am not contracted as a full time replacement. Usually as a consultant or cases like this to help them determine how thing should proceed into the future and/or hire a replacement. This is a special case as I am going to work with whoever gets hired to assist for a longer term in getting everything to a point that is manageable, and documentation is key. For this case I was just trying to make my job easier as the last tech had things setup pretty well and running rather smoothly. Too bad he didn’t value documentation.
