3 Simple Ways to
Share What You Make

With Instructables you can share what you make with the world — and tap into an ever-growing community of creative experts.

PhotosPhotos

Share one or more photos of a project, recipe, or whatever you've made, quickly and easily.

Get Started

Learn more & Get Tips

Step by StepStep-By-Step

Share your step-by-step photos with text instructions of what you made so others can do it too!

Get Started

Learn more & Get Tips

VideoVideo

Share your how-to video. You'll need your embed code from a video site such as YouTube.

Get Started

Learn more & Get Tips

Print PDF

Favorite

Cracking/Hacking Windows Passwords (UPDATED: VISTA too!!)

Step 2Crack

1. Make sure the computer you intend to crack is off.

2. Turn on, and instantly pop in the CD you just created.

3. By this time, windows might have started loading. So, turn off computer by holding down power button and then turn on again. What you want to do is boot from the CD. This can be done in two ways:
a. Often pressing one of the function keys (depending on manufacturer) takes you into the BIOS setup (the first splash screen that pops up when you turn on your computer should tell you which one: often F2, F11 or F12.) There, you should look around until you find where you can change the boot order (this differs from company to company depending on your computer brand). Change the boot order, so the computer first boots from CD then from Hard Disk.
b. There is often another function key (again depending on manufacturer) which enters you into the boot selection menu where you can select where to boot from. Hit boot from CD.

4. Watch as the CD loads. It will load a temporary version of linux on to the ram, dump all user names in a box and start processing. This software can only crack passwords up to 14 digits. As it deciphers the passwords, it will decipher each password in two blocks of 7 characters each, and then show you the whole password as a combination of those two under the column labeled 'net password'.

5. Vola! In about 5-10 minutes you have all the user names and passwords on that computer.

« Previous Step

Download PDFView All Steps

Next Step »

43 comments

1-40 of 43

Sep 19, 2008. 6:42 AMMuscelz says:

RAINBOW FILES PEOPLE!!!!! RAINBOW FILES!!!!
look em up, make em, USE EM!!! u can crack a 14 number and letter password in aprox 2mins max

He he he he, i got 125gig of tables, i can crack nt lm passwords number/letter/symbol at a 96% hit rate :) **evil laugh** ok very serious

here are some helpful things to follow
LOOK UP
LEARN
LOOK UP SUM MORE JUST TO BE SURE
LEARN WHAT YOU NEED TO
AND USE UR KNOWLEDGE IT CAN GET YOU PLACES!!!! money tooo

Aug 8, 2009. 3:38 AMknex_mepalm says:

uselesss, my computer file is 100 letters randomly typed and now remembered by me i remember the whole thing!!!!YOu cann't crack that in less than 10 hours i bet

Aug 15, 2009. 6:30 AMMuscelz says:

i know how to generate new sam files. if cracking doesn't work. ill just replace the sam file leaving no passwords

Sep 29, 2009. 7:17 PMThe Miracle Man says:

You can change the password, but you will need to know what the password was before you changed it to decrypt those files.

Aug 15, 2009. 11:09 PMknex_mepalm says:

i did a 512 - bit encryption and i made it so it is impossible to delete unless you fry the cpu or something

Aug 16, 2009. 1:34 AMMuscelz says:

haha nah it dusnt work that way, the sam file contains info about the pc including specs, keys, passwords etc etc. as long as i got the cd key i can replace the sam file. jsut gota detect specs, enter product key and its ready to go lm and ntlm encryptions don't phase me anymore.

Sep 29, 2009. 7:31 PMThe Miracle Man says:

What's the character set on your NTLM tables? Character length? Does it support Unicode? If I use a 128 character length password, your 10 character length limited NTLM rainbow table will NOT crack that. If you attempt brute force, your computer will give out before you ever get it cracked.

Aug 18, 2009. 3:42 AMknex_mepalm says:

i put it into an encryption folder

Aug 18, 2009. 5:25 AMMuscelz says:

my 3.3ghz I7e 975 can smash that 512bit encyption with in a month.
i can crack: (in real time mode)
Rijndael 128-256
Tripple DES 128
DES 56
Blowfish 128
PK v2.04g

and you can delete it, a encrypted file can be deleted. it just means it cant be read with out being decrypted. from my perspective you dont know what your talking about
AES 128-256

Aug 19, 2009. 3:14 PMknex_mepalm says:

ooops i typed it wrong, i put it in a folder which has a password on and if you want to delete it you need to crack the password but if you wanna read it you gotta crack another one

Aug 20, 2009. 1:25 AMMuscelz says:

ha it doesn't work like that, all you gota do it stop that process that's running that's "protecting" that file. once process has been ended the file is open for deletion. or if that doesn't work which it will (100%) just pop in my debian flash drive and delete that suka... no way u can stop me from deleting anything or cracking it unless i don't have the algorithm or i cant identify the encryption type

Sep 29, 2009. 7:39 PMThe Miracle Man says:

What if the BIOS is password protected and doesn't allow booting from external media (of course there are ways around that)? On top of that, what if the entire hard drive is encrypted, with say... TrueCrypt? Combine those two with the encryption on the folders, and I hate to say it, but the liklihood you'll succeed in our lifetime are about .001%.

Sep 29, 2009. 6:28 PMThe Miracle Man says:

The deletion I'll agree with you, but would need to be done in offline mode, or with system/root level permissions. As for your comment on cracking, apparently you forgot to mention there can be no time constraints. I'll give you the benefit of the doubt, you can crack anything, but the cracking process may not finish in this century.

Aug 20, 2009. 5:23 AMknex_mepalm says:

hmmmmm. that gives me an idea, say are you good at cracking?

Aug 21, 2009. 1:17 AMMuscelz says:

yes ofcource i can, and im not decrypting for the hell of it

Aug 18, 2009. 5:26 AMMuscelz says:

oops AES 128-256 was meant to be under PK v2-04g

Aug 16, 2009. 1:35 AMMuscelz says:

oh yea, i just boot off my debian that ive got installed on my flash drive. and i got my progams ready to do the sniffing and replacing

May 5, 2009. 9:20 AMapples!!!!! says:

What's the best place to save those tables to? I've been wondering about that for a while......

May 9, 2009. 3:21 AMMuscelz says:

where ever you want

Nov 21, 2008. 7:09 AMScorpio_ctza says:

If I have used pwdump to get a list of usernames and passwords, how do I crack the hashes

May 9, 2009. 3:26 AMMuscelz says:

1st step learn about rainbow files, learn what your variables could be, or your possible variables could be
2nd make rainbow files
3rd download cain&able or another program thats similar. and be on your way
4th step if your lazy and don't care about time, use a bruteforcer

IM SERIOUSLY NOT GOING TO EXPLAIN TO YOU HOW IT WORKS!!!! WASTING MY TIME!!! ITS SIMPLE! USE WIKIPEDIA OR WHAT EVER!!!!!!!!!!!!!!!!! etc

Sep 29, 2009. 7:44 PMThe Miracle Man says:

"2nd make rainbow files" Have you ever created rainbow tables? Do you know how cpu intensive and time consuming this is? Especially if you need a full character set table generated. Not to mention if you need more than 8 characters. You'll need a 100 GPUs running about 2 years to generate a highly successful and relaible rainbow table.

Nov 2, 2007. 5:23 AMneil.satra says:

like the guy said, this is a very common program, i used it to boot rite off my pen drive and crack win passwords earlier, only one problem : this finds only local passwords, not network passwords for a local network...any ideas for that dasarp? i really wanna get back at my school admins...:D

Aug 15, 2009. 6:38 AMMuscelz says:

thats very tricky to steal network sam files, because they are located on the main server, to get at that ur gona need to go to if physically or use a program like putty to access cmd prmt to do your work.... its quite hard to get inside a server on a secured network, at my school we've got a MOS ver. of xp (managed opperating system) and things a pretty tight. but there are always ways around things.... sometimes..... haha well not all the time. just dnt give up. or if u dnt want passwords which i see is pointless getting just start throwing around virus's on the school pc's. they give the techs a great time

Sep 29, 2009. 7:11 PMThe Miracle Man says:

It's funny, in a later post you're wanting to know why anyone would want to hack a computer, yet in this post you're talking about "throwing around virus's on the school pc's." Interesting! You also say that "passwords which i see is pointless getting" but you claim to be a "white hat" that makes a living cracking passwords. Interesting

May 1, 2008. 9:57 PMdot45 says:

There is no way to pull network id's and passwords from the local machine store. your best bet would be a hardware keylogger, but that is beyond the scope of this document and completely ILLEGAL.

Dec 12, 2008. 9:07 AMkiller77 says:

I tried to use this and it wouldnt boot from a cd even when I went into the BIOS menu and changed the boot order

Aug 4, 2008. 1:33 PMdecypher says:

To boot from USB: 1. Download .iso from site 2. Burn to CD 3. Copy contents from CD to USB 4. launch CMD from windows 5. CD to usb thumbdrive 6. CD to boot folder 7. Run bootinst.bat 8. Follow on screen instructions

Jul 26, 2008. 10:02 AM5iN says:

just an FYI, if you need help burning an iso file, you probably shouldn't be messing around in bios to do this. The concepts here are pretty basic, and the software is doing alot of the hard work for you. However, BIOS and CD burning isn't exactly taught in your typical intro to computers class. Do some reading on BIOS, educate yourself on CD burning and creating CD backups before attempting! However, if you've lost your password and you're using this as a one time password recovery option and have no desire to learn, you have kids, and you don't know what you're doing, show this instructable to your kid and chances are it'll be done by dinner time. If you are a kid and you're having a hard time following this instructable, start doing some independent research on what you don't understand. This is the kind of thing that my generation (today's 20 somethings) grew up doing and it IS something that you will use in the future. Knowing the basic ins and outs of bios can save you tons of money in PC repairs and upgrades.

Sep 17, 2007. 3:57 PMLiamScot says:

Ok I realize that other people have asked but non of that made sense to me so.... how do I run it from a Flash drive??? you can email directly At sarvernator@gmail.com

May 1, 2008. 9:59 PMdot45 says:

search google for information on booting from a usb drive. you'll have to be using this on a computer that can actually boot from usb (older ones will not).

Oct 2, 2007. 8:34 PMMikkikaye says:

I am confused on the "dump all user names" part of the problem. I get the cd in and it is in the boot up menu, and it gives me this list of things that I can mess around with. Memory, CPU, security settings, etc. The only one that I can tell that has anything to do with passwords is the security settings feature. But it doesn't let me do anything with user names or anything like that. It lets me make a setup password and that's about it. If anyone knows what I'm talking about, I would be very happy.

May 1, 2008. 9:58 PMdot45 says:

You found the BIOS setup screen for your computer. you need to look for a setting like "boot from other devices" or "Boot From" and make it "cd-rom first" then restart the computer and you will be loading the application.

Oct 25, 2007. 6:52 AMkiller wj says:

I understand shat your saying.you went into the setup of the computer! if you change vital parts of the computer, the result would me fatal!

Aug 24, 2007. 4:09 AMmhramsden says:

you know, i've come across a much simpler way of getting around a user's password in my time as a bench-technician. i've only used this in xp home, though, so don't jump down my throat if it doesn't work on xp pro or something. the basic concept is to boot into safe mode and log in as "Administrator" which should now be an option when the pc boots up. Logged in as "Administrator" you can change all the account settings that you want for other users, including, you guessed it - passwords!

May 1, 2008. 9:55 PMdot45 says:

NEVER CHANGE A PASSWORD IN THAT MANNER. Doing so will make any encrypted files that the user has through windows un-recoverable (no application will be able to get them back EVER!!) when you change the password you destroy the encryption hash the windows uses to encrypt and decrypt the files. Also if you are logged in as admin, you dont need any other passwords, since you can traverse the whole filesystem inlcuding other users folders. This tool is used when you dont have admin rights on a machine, for example the people that own the computer your workign on have no idea what the administrator password is on their 3year old computer.

Feb 24, 2008. 5:47 PMles_SD_3386 says:

What am i doing wrong?

http://s172.photobucket.com/albums/w9/blackmagic20/Video/?action=view&current=VCLP0366.flv

Jan 18, 2008. 1:21 PMtaylornrolyat says:

i did everything up to step 4. after the cd loads and the usernames pop up in the box the program just sits there, i left it active for 20 min and nothing happened. what could be the problem?