I hate naive people…
First and foremost of all, please don’t mix a Hacker with a Cracker. A Hacker is someone that has “technical adeptness and a delight in solving problems and overcoming limits” (http://insideinformationdaily.info/gold-2012.htm) While a Cracker is the popper word for someone that uses security penetration techniques in order to gain access to something. If you dare to mix the two, Linux fanatics will loose their minds and eat your soul!… Ok maybe not, but you will have a whole community on your head going “HOW DARE YOU!!!!”. Trust me, I’ve got it hard…
You don’t tell a Linux user he can’t do something… never! Ever! You will piss him off and he’ll do whatever it takes just to prove you wrong, if it’s worth the trouble (at least that’s how big my ego is, feel free to disagree). I’m especially talking to you Windows users; you usually tend to be a lot more naive than the rest.
A friend of mine dared me to crack his Administrator account, so I did, in 30 seconds, and this is how I did it:
You need a Live Linux (CD, DVD, USB, Diskette, who cares) and the application
Note: It works for Windows XP, Vista and 7. I’ve tested it on Windows 7.
A bit of theory: Windows stores its local user accounts in the C:\windows\system32\config\SAM file. If you want to change ANYTHING that is related to the user accounts you do it from this file, but it is of course encrypted. Not a problem! While we can’t read the file and see what password is already assigned to a user, we can sure as hell overwrite it.
Now you need a version of Linux that has
chntpw, for example BackTrack. Otherwise you can install it, most Debian-based distros have it in their repositories. Of course if you’re running your Linux from a LiveCD or DVD, installing it is not really an option; so you need a Linux that already has it… stick with BackTrack
Without further ado, I present to you: Step by step instructions on how to crack the Administrator password…
1. Boot from Live Linux (CD/DVD/USB)
Blanking out the Administrator password
2. If not already mounted, mount your Windows Drive. Here is an example on how to mount your Windows drive presuming it is on the first partition of your hard drive:
OPTIONAL STEP: Some Linux distros (like BackTrack 5) don’t have the command chntpw added as an alias, so I had to do the following in order to get it to work properly, you might not need to do this on other distros:
Simplified explanation: lets you use the chntpw command from within any folder you may be on the system
5. Let’s say we just want to change the Administrator password to NOTHING. Press 1, Enter, Y, Enter aaand that’s it. Complicated I know…
Warning! This method is not very stable, it can backfire (in my experience, it dosen’t write the new password properly), a safer bet is to change the password to nothing and then set a new password from User Accounts Control in Windows
Changing a user’s password
It’s the exact same procedure, only that at step 4 instead of the above command, you use this
And at step 5 press 2, Enter, type in new password, Enter, y, Enter, DONE!
And that my children is how you can play a really mean prank on your girlfriend (provided you have one) making her think she forgot her own password.