Breaking In Windows XP Password
Method 1:
If you have an administrator account (and not the client Or Guest)
then XP user’passwords can be retrieved (reset) using the command prompt.
Go to Start Menu, click Run, and the position of the dialog box type“command”, press enter.
Now In the Command prompt type “net user”
the screen will display the list of available users on the computer
suppose there are six administrator users with the name of admin1, admin2, admin3, admin4, admin5, and admin6.
then the password of any user can be changed by logging into the account of any one administrator
for example if we want to change the password of admin2
then we can change it from the following command
net user admin2 password
similarly for other desired users
The general syntax is for changing password is
net user
Limitations: The method above works only if you are logged in as an administrator user account.
Method 2:
Windows Recovery option,
Boot from the Windows XP CD and press ENTER when prompted to install Windows back on the next screen is a repair existing version of Windows. This method is also known as Windows Recovery,
The repair option will take as much time as the installation would have taken because the Windows file-system is replaced including the SAM file where the password is stored.
C:WindowsSystem32configsam
whereas the users’ setting remain untouched.
Thus the users’ password is reset to NULL value.
#In repair mode you have another hole to modify the password.It is easier.The steps are as following.
Boot from xp bootable.After license agreement is done(pressing f8) select the target window for repair.
After file copy completed machine will restart.And repair process will start.You will see ‘installing devices’ 39 minutes left etc. at bottom left of your screen.
Now press Shift+f10.A console(command window) will open.
type nusrmgr.cpl and hit enter.This will let you to enter in the user account setting.Now change the password.You will not be asked for old password. Just type the new password there.
Continue process.It repair is highly recommended to continue until the repair is completed.
That's it, you are done. the password is replaced.The password strength does not matter in this case.
Method 3:
Boot your computer from a live Linux CD or DVD which has an NTFS/HPFS file-system support.
Then Mount the drive which has Windows copy installed on it. Copy the sam file on the location
C:WindowsSystem32configsam
Which will be mentioned as /media/disk-1/Windows/System32/config/sam
It is a common misconception that the SAM can be seen through normal text editor, Sam file is not a normal text file.
Gnome, KDE or vim text Editors won’t display the content of this file
Open the file using Emacs Editor (available in all the distributions of Live Linux). It will be hard to find the the password hashes, so go for the user-names which are not encrypted, after the user-names passwords’ hashes can be discovered, copy the code between “%” sign & on the the Google search for the rainbow tables, They will provide the decrypted value which have already been brute-forced earlier. This is isn’t a definite shot method, as the rainbow project is still under development. The password can be set to NULL by deleting the content, but this might lead to the corruption of the sam file, & recovery is the only option left after it.
Limitations: This method can damage the SAM file, which may lead to a repair of Windows XP, and you can risk your personal data with that.
Method 4:
OPHcrack method.
This is a sure shot password recovery method based upon bruteforcing.
This Live CD is based on the slax LiveCD v.5.1.7. It's been custom-made to include ophcrack 2.3.3 & the SSTIC04-10k tables set. It can crack 99.9%% of alphanumeric passwords. Since the tables must be loaded in to memory, cracking time varies with the amount of obtainable RAM. The maximum amount of RAM necessary is 256MB (because the LiveCD makes use of lots of it). The recommended amount is 512MB. Ophcrack will auto-detect the amout of free memory & adapts its behaviour to be able to preload all the tables it can.
A shell script launched at the beginning of the X session(Session for managing your desktop) does the job of finding the Windows partition & beginning appropriate programs to extract & crack password hashes. It will look for all partitions that contains hashes. If over one are found, you will must pick between them.
If your partition is not detected, make positive your the partition containing the hashes you require to crack is mounted & the use ophcrack ‘Load from encrypted SAM’ function to recover your Windows hashes. Then click ‘Launch’ & the cracking method will start.
Now In the Command prompt type “net user”
the screen will display the list of available users on the computer
suppose there are six administrator users with the name of admin1, admin2, admin3, admin4, admin5, and admin6.
then the password of any user can be changed by logging into the account of any one administrator
for example if we want to change the password of admin2
then we can change it from the following command
net user admin2 password
similarly for other desired users
The general syntax is for changing password is
net user
Limitations: The method above works only if you are logged in as an administrator user account.
Method 2:
Windows Recovery option,
Boot from the Windows XP CD and press ENTER when prompted to install Windows back on the next screen is a repair existing version of Windows. This method is also known as Windows Recovery,
The repair option will take as much time as the installation would have taken because the Windows file-system is replaced including the SAM file where the password is stored.
C:WindowsSystem32configsam
whereas the users’ setting remain untouched.
Thus the users’ password is reset to NULL value.
#In repair mode you have another hole to modify the password.It is easier.The steps are as following.
Boot from xp bootable.After license agreement is done(pressing f8) select the target window for repair.
After file copy completed machine will restart.And repair process will start.You will see ‘installing devices’ 39 minutes left etc. at bottom left of your screen.
Now press Shift+f10.A console(command window) will open.
type nusrmgr.cpl and hit enter.This will let you to enter in the user account setting.Now change the password.You will not be asked for old password. Just type the new password there.
Continue process.It repair is highly recommended to continue until the repair is completed.
That's it, you are done. the password is replaced.The password strength does not matter in this case.
Method 3:
Boot your computer from a live Linux CD or DVD which has an NTFS/HPFS file-system support.
Then Mount the drive which has Windows copy installed on it. Copy the sam file on the location
C:WindowsSystem32configsam
Which will be mentioned as /media/disk-1/Windows/System32/config/sam
It is a common misconception that the SAM can be seen through normal text editor, Sam file is not a normal text file.
Gnome, KDE or vim text Editors won’t display the content of this file
Open the file using Emacs Editor (available in all the distributions of Live Linux). It will be hard to find the the password hashes, so go for the user-names which are not encrypted, after the user-names passwords’ hashes can be discovered, copy the code between “%” sign & on the the Google search for the rainbow tables, They will provide the decrypted value which have already been brute-forced earlier. This is isn’t a definite shot method, as the rainbow project is still under development. The password can be set to NULL by deleting the content, but this might lead to the corruption of the sam file, & recovery is the only option left after it.
Limitations: This method can damage the SAM file, which may lead to a repair of Windows XP, and you can risk your personal data with that.
Method 4:
OPHcrack method.
This is a sure shot password recovery method based upon bruteforcing.
This Live CD is based on the slax LiveCD v.5.1.7. It's been custom-made to include ophcrack 2.3.3 & the SSTIC04-10k tables set. It can crack 99.9%% of alphanumeric passwords. Since the tables must be loaded in to memory, cracking time varies with the amount of obtainable RAM. The maximum amount of RAM necessary is 256MB (because the LiveCD makes use of lots of it). The recommended amount is 512MB. Ophcrack will auto-detect the amout of free memory & adapts its behaviour to be able to preload all the tables it can.
A shell script launched at the beginning of the X session(Session for managing your desktop) does the job of finding the Windows partition & beginning appropriate programs to extract & crack password hashes. It will look for all partitions that contains hashes. If over one are found, you will must pick between them.
If your partition is not detected, make positive your the partition containing the hashes you require to crack is mounted & the use ophcrack ‘Load from encrypted SAM’ function to recover your Windows hashes. Then click ‘Launch’ & the cracking method will start.
enjoy
Subscribe to:
Post Comments (Atom)
0 comments:
Post a Comment