This instructable will show how to recover a Windows password and to show the weakness in Microsoft SAM. Warning: Do not use this for Illegal purposes like "Hacking". I and Instructibles will except no responsibility For your action's this is meant for educational purposes.
Step 1: What You Need
1.You will need Back track to extract the hashes from SAM. You can get back track here Back Track is a free Live Linux distro that includes many tools that can run off a cd.
2.after you download Back Track You will need to burn the image file to a cd if you don't have any software that can burn images you can use this free one Deep Burn
4. Burn IT
Step 2: Boot
After Back Track Boots up you will Come to a prompt that will ask you to log in the user name is root and password is toor.
Step 3: Getting to System Key
Open a terminal and run
bkhive /mnt/your drive/WINDOWS/system32/config/system key
In most cases your hard drive will be hda1
Step 4: Getting the Hashes
1.After getting the system key run
samdump2 /mnt/your drive/WINDOWS/system32/config/SAM key
2.Then you will get a list of hashes
3.copy the hash you want to crack
Step 5: Decrypting the Hashes
There are many ways of decrypting the hashes Dictionary attack,Brute force and Rainbow tables.
1.I am going to use a set of online Rainbow tables plain-text.info
2.click add hash
3.paste the hash
4.select the hash type Windows usually uses lm hashes
5.enter security code
7.click search and paste your hash and click search
8.and your Done!