December 21 2015

Reset Windows Password on 1and1’s Cloud Server

Let’s take a scenario:
You created a Windows Server VM at 1and1.com and decided to use your own super secret password. Since you specified the password, it doesn’t show up in the cloud panel. Since this is a windows, we can’t just load up a LiveCD of Linux, CHROOT and run the command “passwd” and be done with it. We also don’t have the ability to use our own ISOs which may have a nice Bootdisk to that resets passwords in the SAM file. We need to get this data somehow, and I figured out how to do it.

The golden ticket here is we need to be able to run Command Prompt and we need to change our password. Since we have KVM access, we only need to rename the Command Prompt “cmd.exe” to a system program like “Utilman.exe” or “Magnifier.exe” so we can run it at the logon screen.

For the new Cloud Servers, which has the “Cloud Panel” and dubbed “NGCS” or “1&1 Cloud Server”, the only DVD/Application available that works seems to be GParted which is Debian based. For older 1&1 Cloud Servers, which went under the names “Dynamic Cloud Server”, “Virtual Dedicated Server”, “VDS” / “DCS”, you can use the “Recovery Tool” in the 1&1 Control Panel as the “Linux Rescue” both stable and unstable are Debian Based as well.

For the NGCS:
– Go ahead and load up the KVM from you Cloud Panel by going to “Actions” => “Access KVM Console”
– In the Cloud Panel also load the GParted by clicking “DVD” => “Applications” => select “GParted”
– Reboot server and watch it in the KVM Console
– When you follow the prompts, you’ll get to a desktop, choose “Terminal”

For VDS/DCS:
– Go to 1&1 Control Panel => 1&1 Servers => Recovery Tool => choose either Linux Rescue
– Use your VNC Console or SSH into your server using IP address, Root, and the Recovery password created
– Either option will bring you into the server’s Terminal

 

In Terminal

  1. Mount the Windows partitions
    1. NGCS
      1. mount /dev/sda2 /mnt
    2. VDS/DCS
      1. mount /dev/sda1 /mnt
  2. Change Directory to “C:\Windows\System32”
    1. cd /mnt/Windows/System32
  3. make backups of Utilman.exe or Magnifier.exe
    1. mv Utilman.exe Utilman.exe.bak
  4. Copy and Rename CMD as previous application
    1. cp cmd.exe Utilman.exe
  5. Reboot Server with back to regular mode
    1. NGCS
      1. Remove DVD from CloudPanel
      2. Restart Server
    2. VDS/DCS
      1. Recovery Tool => Windows Server (normal)

Now the server should be starting up and getting to the Logon Screen. Both the VNC Console and the KVM console should show you at the Windows Login Screen, and in the bottom left there’ll be a little square button. This is your “Ease of Access” button or “Utilman.exe”. If you renamed CMD to Utilman, then clicking this will bring up a Command Prompt, otherwise Open that and click on your Magnifier to bring up the Command Prompt

In Command Prompt

Change User Password

  1. net user <USER> <NewPassword>
  2. Login with User and it’s new password

Create a new user with Local Admin Rights

  1. net user <USER> <Password> /add
  2. net localgroup Administrators <USER> /add
  3. Login (no need to reboot)

 

Note:

  • Always remember to change the applications back to the originals with the backups you made. While unlikely someone would get KVM/VNC console access, if they find an exploit (like the one needed for Dedicated Servers) then they can reset/add Admin users.
  • Changing user passwords this way may cause loss of access to “Encrypted Files/Folders”. Do this as a last resort when the only other option that’s been given is to Reimage.

Tags: , , , , , ,
Copyright 2020. All rights reserved.

Posted December 21, 2015 by Timothy G in category "1&1 Internet", "Providers

Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.