Google
 
Web tech-mania.blogspot.com

Tuesday, October 03, 2006

 

HOW TO GET ANY WINDOWS PASSWORD

Get the command prompt and go to C:\winnt\sytem32\config\ and do
the following commands:
>attrib -a -r -h
>copy sam.* a:>del Sam.*

>reboot the computer. There should be no administrator password.
just put in administrator and hit enter. replace the sam files to
restore the password to hide intrusion.

This works whether its windows 2000 or windows xp or windows xp SP1 or SP2
or windows server 2003....

this works even if syskey encryption is enabled.

If it is NTFS....

u have to download a program called NTFSPro.... it allows u to read from
ntfs drives... the demo version allows read only. the full version is
read-write.... you use the program to create an unbootable disk (so u will
still need another bootable disk and an empty disk) that has the required
files to access NTFS.

use the boot disk to get into dos, then use the disks created with ntfspro
to be able to access the filesystem, then copy the SAM and SYSTEM files to
another empty disk to take home....

AT HOME: u have to get a program called SAMInside. it doesn't matter if it
is demo version. SAMInside will open the SAM file and extract all the user
account information and their passwords, including administrator. SAMInside
will ask for the SYSTEM file too if the computer you took the SAM file from
has syskey enabled. syskey encrypts the SAM file. SAMInside uses SYSTEM file
to decrypt the SAM file. After SAMInside finishes, u still see user accounts
and hashes beside them. the hashes are the encoded passwords. Use SAMInside
to export the accounts and their hashes as a pwdump file into another
program, called Lophtaddon. it is currently in version 5, it is named LC5.
the previous version, LC4 is just as good. u need the full or addoned
version of the program. LC5 uses a brute force method by trying all possible
combinations of letters numbers, and unprintable characters to find the
correct password from the hashes in the pwdump file imported into it from
SAMInside. This process of trying all passwords might take 5 minutes if the
password is easy, up to a year if the password is long and hard (really
really hard). LC5 howver, unlike LC4, is almost 100 times faster. both can
be configured to try dictionary and common words before using all possible
combinations of everything. Once the correct password is found, it will
display the passwords in clear beside each account, including administrator.


# posted by Tech Mania @ 11:01 AM
Comments:
sounds helpful, Tariq!
Thanks a ton!!
# posted by Blogger गुरु : 10:41 AM
 
Post a Comment



<< Home

This page is powered by Blogger. Isn't yours?