|
Search Tech-Forums - link takes you to our Forum's search page. Note: The following is only a text archive! To view the actual forum discussion, please visit our website at http://www.tech-forums.net Pages:1 Windows Password Recovery(Click here to view the original thread with full colors/images)Posted by: wagnj1 Here is a way to get your windows XP password back. Be warned, it involves a lot of time and patience. I would only recommend doing this if absolutely no other options appear to be forthcoming. You will need to have admin access to a machine other than the one you are recovering the passwords from. First of all, you need to create a windows 98 boot disk (make sure it has the OEM ram drive configuration), there are websites out there (I recommend [url]http://www.bootdisk.com/bootdisk.htm[/url]) where you can download the correct files. A normal windows XP startup disc won't do, as it doesn’t contain autoexec.bat or system.ini or all those goodies. A side note about this boot disk configuration: If you want to increase the size of your ram disk, you can edit the config.sys file (sometimes it will be hidden, you may have to change your folder view properties to show hidden files). Start -> Run -> type “cmd” and hit enter -> change to your floppy drive -> type “edit config.sys” -> go to line 31 and change the “2048” to whatever you want (should be at least double – 4096) -> file -> save -> exit. You'll also need a copy of command-line PKZIP on a floppy (download from [url]http://www.pcworld.com/downloads/file_description/0,fid,1233,00.asp[/url]) Besides having PKZIP on a floppy, you’ll also need a utility that allows you to read NTFS formatted files from FAT16 or FAT32 file systems. A good utility for this is NTFSDOS (Info about NTFSDOS can be found at [url]http://www.sysinternals.com/ntw2k/freeware/ntfsdos.shtml,[/url] this page also contains a download link at the bottom) Boot into DOS, it may ask you if you want to boot with CD-ROM support or not, it doesn’t really matter what you pick. Once you get to a command prompt, you’ll want to run NTFSDOS. You can now browse your NTFS formatted partition. Go to the partition with windows installed on it, and browse to c:\windows\system32\config. In this folder, there will be some files; however, only two files are of concern to us: SAM and SYSTEM (the two without any file extensions, such as .log or .sav). The reason why we had to boot into DOS and do all this NTFSDOS stuff is because Windows keeps these two files locked once you start it up. If you’re in windows and try to copy, open, or do anything to these files, you will notice that you’re not allowed. The SAM file (Security Accounts Manager) is an encrypted file that stores password hashes for all local computer accounts. It would be easier if all we needed was this file, as it will easily fit onto one floppy disk, but we need the SYSTEM file in order to correctly extract the password hashes from the SAM file later on. What I usually do now is copy these two files to my ram drive. Then I run PKZIP on the SYSTEM file so that it will fit on a floppy disk. If you need help zipping the file, PKZIP should have a help section that shows you the proper syntax. I believe the syntax is: pkzip targetfilepath sourcefilepath You should now be able to fit the SAM file and the zipped SYSTEM file onto a floppy disk. Do so, and then reboot your computer. Assuming that most of you will be doing this to recover your own passwords, this is the part where you will need for find yourself a good friend who will let you use his computer for a couple days, or you will need to use another computer that you may have at home (one that you can log in to). You will need to have admin privileges on this computer. First, install SAMInside (The demo is available at [url]www.sharewareorder.com/SAMInside-download-19325.htm[/url]) Then install a version of lophtcrack or LC3 (essentially the same programs), available at [url]http://www.atstake.com.[/url] I’m not too sure whether you need to buy the full version or whether you can do this with the demo, as I have the full version and have never used the demo. Remember to extract the SYSTEM file out of your zipped file from the floppy before you run SAMInside, because you’ll need the unzipped version. Run SAMInside -> file -> import SAM file -> locate and select the one you have on your floppy disk -> it will prompt you for your SYSTEM file, locate and select the SYSTEM that you extracted from your PKZIP version. It will do some processing, shouldn’t take too long though. After this has finished, you’ll need to export the data as a PWDUMP file. Open up LC3 or lophtcrack and import/open the PWDUMP file you created using SAMInside. Depending on how hard you made the password to crack (using &, @, other symbols) you’ll have to adjust the brute force settings to allow for extra characters/symbols. You then start the cracking! If you use LC3 I know you can pause the session and save it, which is useful if you have other things to do besides let your computer run brute force for a couple days. I know one system I used this method on took 2 days, 17 hours to crack the admin password! One character at a time, LC3 should decipher the password(s). I usually only worry about the admin password or actual user passwords, some of the others accounts don’t really matter. Posted by: winblowz nice tutorial! :) Posted by: Naja Good tutorial... Thanks wagnj1 Posted by: s0me0ne Nice tutorial, but you could just simply go here [url]http://home.eunet.no/~pnordahl/ntpasswd/[/url] get the linux bootdisk. Boot the machines then reset or blank the password. =) Posted by: IsearcherI I also think that this tutorial is very useful but can I recommend a program called Windows Password Recovery :) ,I'm serious,this program is the best.I had problems when I tried to retrieve my admin password and I didn't even buy the program I was in a demo mode but still it allowed me to change my password to whatever I want and what can I say :) it really worked.And if you buy the full version you'll be able to see all of your windows passwords without having to change them ;) . Posted by: techsupport I've tried the linux boot disk and it did not work for me Posted by: big_B I have different method, I use proactive windows security explorer, it imports sam and system files, and problem with ntfs partitions can be solved with MountEverything - you can copy files to different directory and you don't need zip files, just copy files to USB, but anway it is a good tutotial Posted by: santi72 the floppy made in linux didn't work neither to me. I think it's because I have fat32, not ntfs. can someone tell me if I'm right? thanks. Posted by: Brona Hi, Password Changer tool is capable of retrieving or changing you pass. IT is really great, it saved me once. Recommended tool! [url]http://www.password-changer.com/[/url] vBulletin Copyright ©2000 - 2003, Jelsoft Enterprises Limited. PPC Management vB Easy Archive Final - Created by Xenon |