TECH CORNER

Bite Into Technology

Some tricks to break windows xp password

Friends we were busy in some personal works for a while. so a long gap.

This post covers most of the ways of cracking windows XP users’ password.

Method 1:

If you have an administrator account (Not Guest)

then the XP users’ passwords can be reset using command prompt.

Go to the task-bar and click on the Start button, then click on run and in the place given on dialog box type “command”, press enter.

Now In the Command prompt type “net user
the screen will display the list of users available on machine

suppose there are three administrator users with the name of admin1, admin2 and admin3

then the password of any user can be changed by logging into the account of any one administrator

for example if we want to change the password of admin1

then we can change it from the following command

net user admin1 password

The general syntax is for changing password is

net user <user-name> <password>

Limitations: The above method will only work if you are logged in as the administrator user.

Method 2:

Windows Recovery option,

Boot from the Windows XP CD and press enter when you are prompted to Install Windows copy, on the next screen there is a repair existing Windows version. This method is also known as windows recovery method,

The repair option will take as much time as the installation would have taken because the Windows file-system is replaced including the SAM file where the password is stored.

C:\Windows\System32\config\sam

whereas the users’ setting remain untouched.

Thus the users’ password is reset to NULL value.

Method 3:

Boot your computer from a live Linux CD or DVD which has an NTFS/HPFS file-system support.

Then Mount the drive which has Windows copy installed on it. Copy the sam file on the location

C:\Windows\System32\config\sam

Which will be mentioned as /media/disk-1/Windows/System32/config/sam

It is a common misconception that sam file can be viewed through normal text editor, sam file isnt a normal text file.

Gnome, KDE or vim text Editors won’t display the content of this file

Open the file using Emacs Editor (available in nearly all the distributions of Live Linux). It will be hard to find the the password hashes, so go for the user-names which are not encrypted, just after the user-names passwords’ hashes can be found out, copy the code between “%” sign and on the the GOOGLE search for the rainbow tables, They will provide the decrypted value which have already been brute-forced earlier. This is isn’t a sure shot method, as the rainbow project is still under development. The password can be set to NULL by deleting the content, but this might result in the corruption of the sam file, and recovery is the only option left after it.

Limitations: This Method can corrupt your SAM file, which may lead to a repair of Windows XP, and you can risk your personal data with that.

Method 4:

OPHcrack method.

This is a sure shot password recovery method based upon bruteforcing.

This Live CD is based upon the slax LiveCD v.5.1.7. It has been customized to include ophcrack 2.3.3 and the SSTIC04-10k tables set. It is able to crack 99.9%% of alphanumeric passwords. Since the tables have to be loaded into memory, cracking time varies with the amount of available RAM. The minimum amount of RAM required is 256MB (because the LiveCD uses a lot of it). The recommended amount is 512MB. Ophcrack will auto-detect the amout of free memory and adapts its behaviour to be able to preload all the tables it can.

A shell script launched at the beginning of the X session(Session for managing your desktop) does the job of finding the Windows partition and starting appropriate programs to extract and crack password hashes. It will look for all partitions that contains hashes. If more than one are found, you will have to choose between them.

If your partition is not detected, make sure your the partition containing the hashes you want to crack is mounted and the use ophcrack ‘Load from encrypted SAM’ function to recover your Windows hashes. Then click ‘Launch’ and the cracking process will start.

Possibly related posts: (automatically generated)

July 20, 2008 - Posted by increa | Windows Hacking | | 15 Comments

15 Comments »

  1. I found your site on technorati and read a few of your other posts. Keep up the good work. I just added your RSS feed to my Google News Reader. Looking forward to reading more from you down the road!

    Comment by Alex | August 12, 2008 | Reply

  2. amazing tricks

    Comment by rakesh | August 20, 2008 | Reply

  3. You are welcome rakesh….

    Comment by increa | August 21, 2008 | Reply

  4. wow really usefull
    keep up the good job

    Comment by boy | October 5, 2008 | Reply

  5. it’s realy very useful trick…..Thanks

    Comment by atul | October 17, 2008 | Reply

  6. good…..i want more.trikssssssssssssssss..

    Comment by RAJESH SAHOO | November 3, 2008 | Reply

  7. very good work, keep it up,

    Comment by sarfraz | November 25, 2008 | Reply

  8. ohhh you did a wonwerful job keep go… on…..

    but my problem was not solved i hope you mail me another solution which is used to break my admin acc passwrd

    Comment by naresh | March 28, 2009 | Reply

  9. The style of writing is quite familiar . Have you written guest posts for other blogs?

    Comment by Heartburn Home Remedy | April 15, 2009 | Reply

    • may be………

      Comment by increa | May 5, 2009 | Reply

  10. Hello. Great job. I did not expect this on a Wednesday. This is a great story. Thanks!

    Comment by Dorene Tschida | April 27, 2009 | Reply

    • thanks yaar..

      Comment by increa | May 5, 2009 | Reply

  11. tank you
    its very exciting helpfull and excelent.

    Comment by saeed | August 31, 2009 | Reply

  12. these are like mircles and you 2

    tank you

    Comment by saeed | August 31, 2009 | Reply

  13. thanks for this good job.try to bring the next trick

    Comment by harrydarjeeling | October 6, 2009 | Reply


Leave a comment

« Previous | Next »