Window Password Recovery!

29,803

40

38

Posted

Introduction: Window Password Recovery!

This instructable will show how to recover a Windows password and to show the weakness in Microsoft SAM. Warning: Do not use this for Illegal purposes like "Hacking". I and Instructibles will except no responsibility For your action's this is meant for educational purposes.

Step 1: What You Need

1.You will need Back track to extract the hashes from SAM. You can get back track here Back Track is a free Live Linux distro that includes many tools that can run off a cd.
2.after you download Back Track You will need to burn the image file to a cd if you don't have any software that can burn images you can use this free one Deep Burn
3.Blank cd's
4. Burn IT

Step 2: Boot

After Back Track Boots up you will Come to a prompt that will ask you to log in the user name is root and password is toor.

Step 3: Getting to System Key

Open a terminal and run
bkhive /mnt/your drive/WINDOWS/system32/config/system key
In most cases your hard drive will be hda1

Step 4: Getting the Hashes

1.After getting the system key run
samdump2 /mnt/your drive/WINDOWS/system32/config/SAM key
2.Then you will get a list of hashes
3.copy the hash you want to crack

Step 5: Decrypting the Hashes

There are many ways of decrypting the hashes Dictionary attack,Brute force and Rainbow tables.
1.I am going to use a set of online Rainbow tables plain-text.info
2.click add hash
3.paste the hash
4.select the hash type Windows usually uses lm hashes
5.enter security code
6.submit
7.click search and paste your hash and click search
8.and your Done!

Share

    Recommendations

    • Science of Cooking

      Science of Cooking
    • Microcontroller Contest

      Microcontroller Contest
    • Spotless Contest

      Spotless Contest
    user

    We have a be nice policy.
    Please be positive and constructive.

    Tips

    Questions

    25 Comments

    Yeah, I think the Windows Password Recovery Tool 3.0 could help u get past the password on the pc, u can have a try.



    And if you have a bootable USB drive, the password tools can be burn to it and you can boot your computer from USB to run the software,so that you can recover/remove Windows system password from USB.



    u can follow these 4 steps with less than 5 minutes:



    Step 1: Download Windows Password Recovery Tool 3.0


    Step 2: Burn bootable CD/DVD or USB flash drive


    Step 3: BIOS setting,set your locked computer to boot from CD/DVD or USB


    Step 4: Reset Windows password by a few clicks



    Good luck! Hope this helps you and save you time and the frustration!

    the upgraded xp's have changed the encryption type but i forgot what it is ( i think it has a "N' in it but im not for sure) so you can just google it to find out

    If I recall correctly, the two types are NTLM and MD4.

    It's quite a bit simpler to just go get the OphCrack live CD. It can break most people's passwords all by itself, and, even if it can't, it will parse the sam file for you and put the hashes in a neat list on the screen for use with whichever list site you like.

    when they ask for the account password just press ctrl-alt-del and there a dialog box will come.in that for user name type administrator and for password no need to type any thing contact me bip_ev@hotmail.com for any help god bless you

    some people deactivate the admin account or change the password for it so you cant do that

    You should put on there that you have to either get the backtrack cd or usb flash drive (you can do it both ways) in before windown starts to boot or you can crash your computer completely and, ironicaly, that's the program you need to get your computer info back. I recommend pressing F8 before window's loading screen kicks on (which takes you to BIOS), inserting the CD, and then restarting the computer with Backtrack in it. But DON'T PLUG IT IN before it starts or you won't be able to send a post saying it don't work like that. (I use Backtrack often, I know these things)

    Not necessarily,regarding pressing F8.On my machine ,pressing ANY key F1-F12 doesn't have any effect.It shows happily eMachines screen and promptly proceeds to log in .BIOS is somewhere there,but not accessible.Maybe booting from CD or floppy would help.

    you say copy but where do you copy it to? how do you save it? since the thing is running off a disc i wasn't able to get it to save to any hardrive. Also is there any more suggestions on different decryptors, possibly online?