Picture of Window Password Recovery!
This instructable will show how to recover a Windows password and to show the weakness in Microsoft SAM. Warning: Do not use this for Illegal purposes like "Hacking". I and Instructibles will except no responsibility For your action's this is meant for educational purposes.
Remove these adsRemove these ads by Signing Up

Step 1: What you need

Picture of What you need
1.You will need Back track to extract the hashes from SAM. You can get back track here Back Track is a free Live Linux distro that includes many tools that can run off a cd.
2.after you download Back Track You will need to burn the image file to a cd if you don't have any software that can burn images you can use this free one Deep Burn
3.Blank cd's
4. Burn IT

Step 2: Boot

After Back Track Boots up you will Come to a prompt that will ask you to log in the user name is root and password is toor.

Step 3: Getting to system key

Picture of Getting to system key
Open a terminal and run
bkhive /mnt/your drive/WINDOWS/system32/config/system key
In most cases your hard drive will be hda1

Step 4: Getting the Hashes

Picture of Getting the Hashes
1.After getting the system key run
samdump2 /mnt/your drive/WINDOWS/system32/config/SAM key
2.Then you will get a list of hashes
3.copy the hash you want to crack

Step 5: Decrypting the Hashes

Picture of Decrypting the Hashes
There are many ways of decrypting the hashes Dictionary attack,Brute force and Rainbow tables.
1.I am going to use a set of online Rainbow tables plain-text.info
2.click add hash
3.paste the hash
4.select the hash type Windows usually uses lm hashes
5.enter security code
7.click search and paste your hash and click search
8.and your Done!
the upgraded xp's have changed the encryption type but i forgot what it is ( i think it has a "N' in it but im not for sure) so you can just google it to find out
If I recall correctly, the two types are NTLM and MD4.

It's quite a bit simpler to just go get the OphCrack live CD. It can break most people's passwords all by itself, and, even if it can't, it will parse the sam file for you and put the hashes in a neat list on the screen for use with whichever list site you like.