Well, to do this you have to have a basic idea of how passwords are stored. First, when you type it in, it is encrypted into something long and unrecognizable. Then it is stored in a file called the SAM.
Ad
2
Now, where can you find this SAM file? Well, to be blunt, it is here: Windows/system32/config/SAM. But, don't go for it just yet! It is locked to all accounts while Windows is running. It can also be found in the registry under HKEY_LOCAL_MACHINE -> SAM.
3
"If it is locked, how do I get it?" Well, the easiest way to do this is to get an alternate OS like Linux, and copy the file. That simple. You can also use a program called pwdump2, which will get it as well.
4
"Now I have it, but the password is encrypted!" Now you get to the fun part, cracking the password. There are numerous programs available, but one of the best ones is called Cain, and can be downloaded from www(dot)oxid(dot)it/cain(dot)html.
5
It outputs password, and you are done!
6
Also, another awesome trick is injecting passwords into the SAM.
7
The easiest way to gain access is simply to use a tool called chntpw to change a password in the SAM,(after you back it up using Linux), and then simply log in, do what you have to do, then restore it.
0 comments:
Post a Comment