Bypass/Crack The Windows Admin Login

[ashoksoft 83]

Hello mates!

Been a while since my last post, well life catches on. This is a quick tutorial to bypass / crack the windows admin password. Might sound mighty illegal – but hey .. you might have just forgotten your password right

Disclaimer : The procedures listed below are exclusively for educational purposes, any mis-use of the information here is done at your own risk and the author (aka me ) should not be held liable.

Jargon out, please be aware that your actions might even land you out of a job. At the same time, the tools I’m mentioning here can potentially save your day if your computer does act up.

What does it do ?

Bypass the windows administrator login for all windows releases xp and higher.

Cracks the admin password for xp and vista (did not try it on my windows 7 lappy yet)

How does it do it?

To be filled

What do I need?

• .2 Pen drives – 2 GB each preferred 1 Pen drive of 4 GB!
  
• Xboot for multiboot from ISO (http://sites.google....hamurxboot/home)
  5.26MB
  
• A torrent manager to get some of the utilities you’ll need … I use www.utorrent.com
  722.86 KB
  
• Magic ISO to edit ISO images http://www.magiciso.com/download.htm
  4.70 MB
  Though I’d recommend getting a cr@ck3d version from http://www.torrentz.eu
  Since we’d be working on images larger than 300 MB (PS : I DO NOT SUPPORT PIRACY! But this is for educational testing )
  
• Ophcrack windows XP live ISO http://downloads.sou...ivecd-2.3.1.iso
  415.65 MB
  Vista tables : http://sourceforge.n...ee.zip/download
  391.58 MB
  
• Hirens boot CD for a lot of tools (including the ones to bypass the login) http://www.hirensbootcd.org/download/
  498. 38MB
  
• Patience and another computer with access to the internet J I use my android phone
  

Process :

1 . Insert pen drive in the USB slot.

2. Open MagicISO and open the ophcrack-xp-livecd-2.3.1.iso, go to tables folder and create a new directory : vista_free

3. Extract and drag the contents of tables_vista_free to the folder you created in magic ISO.

4. Save the iso as ophcrack.iso on your desktop

5. Fire up xboot drag the ophcrack.iso you made and the hirens boot cd 15.1 iso you downloaded to xboot, HBCD will ask for a prompt, choose this

Once done ...

Boot from the flash drive :

Step 1 : To bypass windows passwords :

Choose hirens boot disk :

Choose Kon-Boot or boot to mini windows xp and choose any of these :

Step 2: HOW TO CRACK THE PASSWORD ...

Boot from the flash drive, and choose OphCrack

Choose the graphical mode - automatic.

The computer will startup a linux load of ophcrack with both the xp rainbow tables as well as the vista tables.

A rainbow table is a bunch of precomputed tables for decrypting hash functions. A semi detailed approach about the

functionality is mentioned on wikipedia at http://en.wikipedia.org/wiki/Rainbow_table

The boot up will automatically load the ophcrack tool, which scans for hash tables off SAM/Security lists to generate both the NT hash and LM hash. (http://en.wikipedia.org/wiki/LM_hash) which can be run thro the table list to get the actual password.

I needed the password for #admin (which is used by most corporates), note the LM Hash and NT Hash

You'll note that a password is generated on LM PWD1 / LM PWD2. But considering the fact that we're using the

free tables a password like "a5h0k@R!mw3b" will be generated as ASHOKARIMWEB or A?H0K?R?MW?B

note the LM/NT passwords like : LMhash:NThash that'll be 32 characters on each side of the ":"

eg :

8b75c0f157f**7b******bd*f1f***ba:d0f****b1231e0f***a0e****de20f8f

I've hashed out a few of the characters for obvious reasons

Copy the same and paste it here :

http://www.objectif-securite.ch/en/products.php

At the bottom of the page, enter your hash and submit ... wait for a couple of seconds - and bingo you have the password including special characters!!

HURAAY!!!

cheers

Karki

[Genius 817]

NIce - info there are many good thing in Hirens boot CD - i love it

and Magic ISO can create multiple bootable install USB capable of installing multiple OS

[Honest 836]

Thanks for the Educational stuff Ashok Bhai. +1

[::Hitesh:: 1,763]

Hirens Boot CD is good, but UBCD4Win is far better for average users,

UBCD4Win is easy to create, one app create ISO / USB etc. even beginner users can create their own cd/usb

Main advantage is its boot directly in Windows from cd/usb, and you can do all the admin jobs from it.

http://www.ubcd4win.com

[ashoksoft 83]

Let me get to the office... Some more updates which'll mean the difference

Sent from my SPH-D700 using Tapatalk

[rajanmehta 4,056]

Don't remember exactly now but i think i have used this tool once to reset even a Windows Server Domain Admin Password.

Windows Password Key Enterprise >> http://download.cnet...4-75415549.html

Was easy and effective.

That's a trial version but one should know how to get the full version from the internet.

[::Hitesh:: 1,763]

Google uncle ko sab kuch pata hai !

[ashoksoft 83]

Updated the post with the procedure to CRACK the password as well

[ami1 237]

Good info Ashok. +1

I usually do the following when I need to reset Admin password on win7/winxp.

1. boot any Linux live CD or Live USB (smallest is partedmagic 187mb or the chntpw live cd/usb 3 MB linked below)

2. cd to C:\WINDOWS\system32\config

3. run "chntpw" (see details here and download the Live CD or Live USB Pendrive image)

4. Select option blank the Admin password (this is if you want to set up your own administrator password)

OR

Upgrade a user to Administrator (this is if you don't want the administrator password to be blank)

Offcourse it has some limitations but its very quick 1 min job and i need to do this routinely.

The limitations are

1. you can't find out the Administrator password with chntpw - you can change it OR you can make yourself member of Administrator group.

2. you won't be able to access EFS encrypted files unless you know the password