Today, i am going to show you many aspects of the Windows Password Storage path, Method of Encryption, and breaking into Windows by cracking the admin password. We need this often for many reasons: 1) Sometime we have forgotten our old password and Hint isnt helping out. 2) We want to break into someone computer to get the information. 3) Just want to take revenge from someone. 4) Stealing computer data. Lets, take a deep dive in Cracking Windows password and also where these are stored and in which format. SAM file and Password Hashes~Place where these passwords are stored in Hashes: Password Hashes - When you type your password into a Windows NT, 2000, or XP login Windows Seven, Vista etc Windows encrypts your password using a specific encryption scheme that turns your password into something that looks like this: 7524248b4d2c9a9eadd3b435c51404eddc5 This is a password Hash. This is what is actually being checked against when you type your password in. It encrypts what you typed and bounces it against what is stored in the Registry and/or SAM File. You can break this hash password from md5hash passcracking.ru SAM File - Holds the user names and password hashes for every account on the local machine, or domain if it is a domain controller. Location of SAM/Hashes: You can find what youre looking for in several locations on a given machine. It can be found on the hard drive in the folder %systemroot%system32config (i-e C:\windows\system32\config). However this folder is locked to all accounts including Administrator while the machine is running. The only account that can access the SAM file during operation is the System account. The second location of the SAM or corresponding hashes can be found in the registry. It can be found under HKEY_LOCAL_MACHINESAM. This is also locked to all users, including Administrator, while the machine is in use.(GO to Run and Type Regedit and Hit enter, Now scroll to HKEY_LOCAL_MACHINESAM, However you may not access to it.) So the two (Some other also) locations of the SAMHashes are: - %systemroot%system32config - In the registry under HKEY_LOCAL_MACHINESAM Cracking or Breaking Into Admin Account: How to get Hashes form SAM file? Well, Below are the methods to do so: 1) Well, the easiest way to do this is to boot your target machine to an alternate OS like NTFSDOS or Linux and just copy the SAM from the %systemroot%system32config folder. Its quick, its easy, and its effective. You can get a copy of NTFSDOS from Sysinternals(sysinternals) The regular version of NTFSDOS is freeware, which is always nice, but only allows for Read-Only access. This should be fine for what you want to do, however, if youre the kind of person that just has to have total control and has some money to burn. NTFSDOS Pro, which is also by Sysinternals has read/write access but itll cost you $299. 2) You can also get password hashes by using pwdump2 (Google It to get software ~ Search at openwall). pwdump uses .DLL injection in order to use the system account to view and get the password hashes stored in the registry. It then obtains the hashes from the registry and stores them in a handy little text file that you can then paste them into a password cracking utility like l0phtcrack or John the ripper (Linux Based works well) also cain and abel can be used. 3) Import Hashes directly from l0phtcrack, and let them open to you by cracking. Obtained Hashes? Now crack them: Well, as i have said that these cant be reversed but somehow automated famous cracking softwares can be used to achieve the target. Yes, it is possible, All we have to do is to have a bit patience. The software will use a lot of strings and will compare these hashes also, Inshort it will decode them. 1) John the Ripper - John the Ripper is to many, the old standby password cracker. It is command line which makes it nice if youre doing some scripting, and best of all its free and in open source. The only real thing that JtR is lacking is the ability to launch Brute Force attacks against your password file. But look at it this way, even though it is only a dictionary cracker, that will probably be all you need. I would say that in my experience I can find about 85-90% of the passwords in a given file by using just a dictionary attack. 2) L0phtCrack - Probably the most wildly popular password cracker out there. L0phtCrack is sold by the folks at @Stake. And with a pricetag of $249 for a single user license it sure seems like every one owns it. This is probably the nicest password cracker you will ever see. With the ability to import hashes directly from the registry pwdump and dictionary, hybrid, and brute-force capabilities. No password should last long. Well, I shouldnt say no password. But almost all will fall to L0phtCrack given enough time. Making Your Own Password in Windows: Injecting Password Hashes into the SAM: Easiest ways to gain Administrator privileges on a machine, is by injecting your own password hashes into the SAM file. In order to do this you will need physical access to the machine and a brain larger than a peanut. Using a utility called chntpw by Petter Nordhal-Hagen you can inject whatever password you wish into the SAM file of any NT, 2000, or XP machine thereby giving you total control, just burn the .iso on a disk and use it. I would give a tip like backing up the SAM file first by using an alternate OS.Make a USB disk of linux or Windows Live dsik can also work. Go in, inject the password of your choosing. Login using your new password. Do what you need to do. Then restore the original SAM so that no one will know that i was hacked. You need to have admin access to perform this change from the command line. This is an especially handy trick if you want to change a password on an account but you’ve forgotten the original (going through the Control Panel can require confirmation of the old password). Now we hack Admin Password To verify the user name, by simply typing net user, I get a list of all the user names on that windows machine. Now, go to the command prompt and enter: cd\ cd windows\system32 net user If there are people near you and you don’t want them to see the password you type, enter: net user * E.g. > net user username * > Type a password for the user: > Confirm the password: Another Easy method, Using ophcrack to Hack into Admin Account: Ophcrack is a Windows password cracker based on a time-memory trade-off using rainbow tables. This is a new variant of Hellmans original trade-off, with better performance. It recovers 99.9% of alphanumeric passwords in seconds. This is a type of offline cracking, Just grab .iso of ophcrack from here. Burn it and enjoy using. 1. Opchrack can crack passwords for Windows 7, Windows Vista, and Windows XP. 2. Ophcrack can recover 99.9% of passwords from Windows XP, usually in a matter of seconds. Any 14-character or smaller password that uses any combination of numbers, small letters, and capital letters should be crackable. 3. Ophcrack can recover 99% of passwords from Windows 7 or Windows Vista. A dictionary attack is used in Windows 7 and Vista. 4. The Ophcrack LiveCD option allows for completely automatic password recovery. 5. LiveCD method requires no installation in Windows, making it a safe alternative to many other password recovery tools. 6. No Windows passwords need to be known to use the Ophcrack LiveCD to crack your Windows passwords. Download I think this ophcrack method is far better, Try this one just get a disk and write it, Or else USB disk can aslo be used. Some security Tips ~ Making strong passwords: Now, You might have come to know that how passwords can be cracked, So there are some tips for you. 1) Do not make common passwords like 123456 or the one of your own name. 2) Use @, *, # or other symbols in your passwords to ensure maximum security in this case John the ripper and Ophcrack and also other cracking tools may take long time, it will be frustrating for hacker. 3) Keep changing your password. So, that if long time is taken by one hash to decode, until it decodes you have generated another hash. Today, i am going to show you many aspects of the Windows Password Storage path, Method of Encryption, and breaking into Windows by cracking the admin password. We need this often for many reasons: 1) Sometime we have forgotten our old password and Hint isnt helping out. 2) We want to break into someone computer to get the information. 3) Just want to take revenge from someone. 4) Stealing computer data. Lets, take a deep dive in Cracking Windows password and also where these are stored and in which format. SAM file and Password Hashes~Place where these passwords are stored in Hashes: Password Hashes - When you type your password into a Windows NT, 2000, or XP login Windows Seven, Vista etc Windows encrypts your password using a specific encryption scheme that turns your password into something that looks like this: 7524248b4d2c9a9eadd3b435c51404eddc5 This is a password Hash. This is what is actually being checked against when you type your password in. It encrypts what you typed and bounces it against what is stored in the Registry and/or SAM File. You can break this hash password from md5hash passcracking.ru SAM File - Holds the user names and password hashes for every account on the local machine, or domain if it is a domain controller. Location of SAM/Hashes: You can find what youre looking for in several locations on a given machine. It can be found on the hard drive in the folder %systemroot%system32config (i-e C:\windows\system32\config). However this folder is locked to all accounts including Administrator while the machine is running. The only account that can access the SAM file during operation is the System account. The second location of the SAM or corresponding hashes can be found in the registry. It can be found under HKEY_LOCAL_MACHINESAM. This is also locked to all users, including Administrator, while the machine is in use.(GO to Run and Type Regedit and Hit enter, Now scroll to HKEY_LOCAL_MACHINESAM, However you may not access to it.) So the two (Some other also) locations of the SAMHashes are: - %systemroot%system32config - In the registry under HKEY_LOCAL_MACHINESAM Cracking or Breaking Into Admin Account: How to get Hashes form SAM file? Well, Below are the methods to do so: 1) Well, the easiest way to do this is to boot your target machine to an alternate OS like NTFSDOS or Linux and just copy the SAM from the %systemroot%system32config folder. Its quick, its easy, and its effective. You can get a copy of NTFSDOS from Sysinternals(sysinternals) The regular version of NTFSDOS is freeware, which is always nice, but only allows for Read-Only access. This should be fine for what you want to do, however, if youre the kind of person that just has to have total control and has some money to burn. NTFSDOS Pro, which is also by Sysinternals has read/write access but itll cost you $299. 2) You can also get password hashes by using pwdump2 (Google It to get software ~ Search at openwall). pwdump uses .DLL injection in order to use the system account to view and get the password hashes stored in the registry. It then obtains the hashes from the registry and stores them in a handy little text file that you can then paste them into a password cracking utility like l0phtcrack or John the ripper (Linux Based works well) also cain and abel can be used. 3) Import Hashes directly from l0phtcrack, and let them open to you by cracking. Obtained Hashes? Now crack them: Well, as i have said that these cant be reversed but somehow automated famous cracking softwares can be used to achieve the target. Yes, it is possible, All we have to do is to have a bit patience. The software will use a lot of strings and will compare these hashes also, Inshort it will decode them. 1) John the Ripper - John the Ripper is to many, the old standby password cracker. It is command line which makes it nice if youre doing some scripting, and best of all its free and in open source. The only real thing that JtR is lacking is the ability to launch Brute Force attacks against your password file. But look at it this way, even though it is only a dictionary cracker, that will probably be all you need. I would say that in my experience I can find about 85-90% of the passwords in a given file by using just a dictionary attack. 2) L0phtCrack - Probably the most wildly popular password cracker out there. L0phtCrack is sold by the folks at @Stake. And with a pricetag of $249 for a single user license it sure seems like every one owns it. This is probably the nicest password cracker you will ever see. With the ability to import hashes directly from the registry pwdump and dictionary, hybrid, and brute-force capabilities. No password should last long. Well, I shouldnt say no password. But almost all will fall to L0phtCrack given enough time. Making Your Own Password in Windows: Injecting Password Hashes into the SAM: Easiest ways to gain Administrator privileges on a machine, is by injecting your own password hashes into the SAM file. In order to do this you will need physical access to the machine and a brain larger than a peanut. Using a utility called chntpw by Petter Nordhal-Hagen you can inject whatever password you wish into the SAM file of any NT, 2000, or XP machine thereby giving you total control, just burn the .iso on a disk and use it. I would give a tip like backing up the SAM file first by using an alternate OS.Make a USB disk of linux or Windows Live dsik can also work. Go in, inject the password of your choosing. Login using your new password. Do what you need to do. Then restore the original SAM so that no one will know that i was hacked. You need to have admin access to perform this change from the command line. This is an especially handy trick if you want to change a password on an account but you’ve forgotten the original (going through the Control Panel can require confirmation of the old password). Now we hack Admin Password To verify the user name, by simply typing net user, I get a list of all the user names on that windows machine. Now, go to the command prompt and enter: cd\ cd windows\system32 net user If there are people near you and you don’t want them to see the password you type, enter: net user * E.g. > net user username * > Type a password for the user: > Confirm the password: Another Easy method, Using ophcrack to Hack into Admin Account: Ophcrack is a Windows password cracker based on a time-memory trade-off using rainbow tables. This is a new variant of Hellmans original trade-off, with better performance. It recovers 99.9% of alphanumeric passwords in seconds. This is a type of offline cracking, Just grab .iso of ophcrack from here. Burn it and enjoy using. 1. Opchrack can crack passwords for Windows 7, Windows Vista, and Windows XP. 2. Ophcrack can recover 99.9% of passwords from Windows XP, usually in a matter of seconds. Any 14-character or smaller password that uses any combination of numbers, small letters, and capital letters should be crackable. 3. Ophcrack can recover 99% of passwords from Windows 7 or Windows Vista. A dictionary attack is used in Windows 7 and Vista. 4. The Ophcrack LiveCD option allows for completely automatic password recovery. 5. LiveCD method requires no installation in Windows, making it a safe alternative to many other password recovery tools. 6. No Windows passwords need to be known to use the Ophcrack LiveCD to crack your Windows passwords. Download I think this ophcrack method is far better, Try this one just get a disk and write it, Or else USB disk can aslo be used. Some security Tips ~ Making strong passwords: Now, You might have come to know that how passwords can be cracked, So there are some tips for you. 1) Do not make common passwords like 123456 or the one of your own name. 2) Use @, *, # or other symbols in your passwords to ensure maximum security in this case John the ripper and Ophcrack and also other cracking tools may take long time, it will be frustrating for hacker. 3) Keep changing your password. So, that if long time is taken by one hash to decode, until it decodes you have generated another hash. >>Open COMMAND PROMPT while Locked by User. >open notepad >type command > then save as cmd.bat at desktop >then enter now its open.....enjoy >>If your computer is slow? then clean up the ram.. >Open notepad >type FREEMEM=SPACE(64000000) >Save it as ram.vbs now run the script. Check out !! >>CracK BIOS Password >Open the CPU >Observe the Motherbord >Remove the Silver Battery(3v) >Wait 2 minutes and place the Battery >>Restoring a Lost Desktop- >Start >Run Type a period . Then press Enter >>If ur PC is hanged then do this. Press shift+ctrl+esc or ctrl+alt+del n den click on END TASK ur PC is runing now >>create folder without name >select any folder >rename it >press alt & type 0160 or 255 >enter >>Amazing trick for use Windows Backup Utility if installed go to run type ntbackup ok Now use backup >>Increase the speed of your file sharing Simple Way to Share Multiple Folders : Goto Run and Type SHRPUBW.EXE then press Enter Select the folder you want to share and Set permissions, your share folder is ready now..... >>Turning off the Help on Min, Max, Close Icons When the mouse goes over the minimize, maximize and close icons on the upper right hand side of a window. To disable that display: 1. Start Regedit 2. Go to HKEY_CURRENT_USER \ Control Panel \ Desktop 3. Create a String Value called MinMaxClose 4. Give it a value of 1 5. Reboot >>FIX CORRUPTED FILE IN WINDOW XP 1.Load XP cd into cd drive 2. go to Run 3. type sfc/scannowok 4. Then copy its lost file frm cd. >>AUTO DELETE TEMPORARY FOLDER.!! what i prefer is %temp% without quotes.. at Start -> Run.. this opens ur temp folder n den u cal erase it nearly First go into gpedit.msc Next select -> Computer Configuration/Administrative Templates/Windows Components/Terminal Services/Temporary Folder Then right click Do Not Delete Temp Folder Upon Exit Go to properties and hit disable. Now next time Windows puts a temp file in that folder it will automatically delete it when its done! Note from Forum Admin: Remember, GPEDIT (Group Policy Editor) is only available in XP Pro. >>Locking Folders: Consider you want to lock a folder named XXXX in your E:\, whose path is E:\XXXX. Now open the Notepad and type the following [code]ren xxxx xxxx.{21EC2020-3AEA-1069-A2DD-08002B30309D}[/code] Where xxxx is your folder name. Save the text file as loc.bat in the same drive. Open another new notepad text file and type the following [code]ren xxxx.{21EC2020-3AEA-1069-A2DD-08002B30309D} xxxx[/code] Save the text file as key.bat in the same drive. Steps to lock the folder: To lock the xxxx folder, simply click the loc.bat and it will transform into control panel icon which is inaccessible. To unlock the folder click the key.bat file. Thus the folder will be unlocked and the contents are accessible. >>Locking Drives: We don’t usually prefer to lock our drives, but sometimes it becomes nesscary. Say for instance you might have stored your office documents in D:\ and you don’t want your kids to access it, in such case this technique can be useful for you. Please don’t try this tweak with your root drive (usually C:\ is the root drive) since root drives are not intended to be locked because they are mandatory for the system and application programs. Start & Run and type Regedit to open Registry editor Browse HKEY_CURRENT_USER\Software\Microsoft\Windows\Curre ntVersion\Policies\Explorer Create a new DWORD value NoViewOnDrive and set its value as 2^ (Alpha Number of Drive Letter-1) where Alpha number are simple counting of alphabets from A to Z as 1 - 26 For example: to lock C:\, Alpha number of C is 3 so 2^ (3-1) = 4 (decimal value) To lock more drives, calculate the value of each drive and then set sum of those numbers as value To unlock your drive just delete the key from the registry. >>To Remove Recyle Bin From Your Desktop Open Regedit by going to START - RUN and type Regedit and hit enter. Then you should navigate to following entry in registry HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ Desktop\NameSpace\{645FF040-5081-101B-9F08-00AA002F954E} and delete it. This action should remove recycle bin from your desktop. >>Disable the Security Center warnings Follow the given steps to edit the computer registry for disable message: First click on Start button then type Regedit in Run option. Here locate the location to: • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center Here in right side panel, double click on Anti Virus Disable Notify and set its value 1. Now close the registry editor and restart your computer after any changes to go into effect. >>HIDE DRIVES How to Hide the drives(c:,d:,e:,a:...etc) To disable the display of local or networked drives when you click My Computer. 1.Go to start->run.Type regedit.Now go to: HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies \Explorer 2.In the right pane create a new DWORD item and name it NoDrives(it is case sensitive). 3.Modify its value and set it to 3FFFFFF (Hexadecimal) . 4.Restart the computer. 5.Now when you click on My Computer, no drives will be shown(all gone...). To enable display of drives in My Computer, simply delete this DWORD item that you created. Restart your computer. All the drives are back again. >>Show your name in taskbar Trick to Show Your name after time in taskbar... Try this trick to add up ur name in place of AM and PM beside time Its simple Step-1:- Navigate to -> Start -> Control Pannel -> Regional and Language Option -> Click on Customize -> Go to TIME Tab -> Change AM symbol and PM symbol from AM and PM to ur name -> Apply -> Ok ... Did It change? If not, follow step-2 below. Step2:- Now go to time in taskbar and Double Click it to open Date and time property ...Look place where time changes in digital form i.e. 02:47:52 AM , click to arrow to change the AM or PM by selecting and press arrow. It will Show ur name or name that was entered by u, Apply -> OK Done
Posted on: Sat, 15 Mar 2014 08:22:02 +0000
Trending Topics
Recently Viewed Topics
© 2015