Home » PASSWORD HACKING, VISTA HACKS, XP HACKS

Hacking Windows Administrator Password

Submitted by Srikanth on Saturday, 26 January 200813 Comments

Learn Hacking from Basics - An Excellent Guide for Beginners
Want to Learn Hacking, But Don't Know Where to Start? Here is the Solution.

This article introduce very simple way to hack Administrator Password on Win XP System.This tutorial tells you how to break administrator password and gain access to admin account.Also if you need to crack/reveal the password you find the steps here to accomplish that also.

First of all let us have a close look at the Security flaws/Loopholes in Win XP

Microsoft stores all Security Information in many files but the main file is the SAM file (Security Accounts Manager)! this file contain security information about users(mainly Password).You can explore the SAM file here in this folder

$windows\system32\config

SAM is the file which contains the passwords in the form of a HASH.A HASH is a mathematically irreversible form of encryption,so that theres no way of decrypting the password back .Also there’s a file called SECURITY that contains a list of all users in the system & their related information

We will Not be able To copy them Under XP since it doesn’t support any attempt to copy this file.

The Idea Behind Cracking the password

The Idea is simple I will explain it manually and it can also be programmed.Here’s the idea..

The SAM contain’s a Security Information(password/s), so I have created a Free Windows XP SP2 Logon account (Administrator Account without password) that means when windows Launch it Will enter directly to the system without asking about any password.So, this SAM file contain’s an open password(no password).This SAM file is available for download for your further use in breaking the password of the system.

So, the idea here is to replace the SAM file of victim’s computer(which contain’s password) with the SAM file which contains no password.When this is done the password of the victim’s account is erased and it let’s anyone to login to the computer as if there is no password set by admin.

But this SAM file cannot be manipulated(copy/rename/replace/delete) when the operating system is running.So here are some of the ideas to replace this SAM file.

1.If there are two OS installed on the computer we can boot from other OS and replace the SAM file located at

$:\windows\system32\config

2.If there is only a single OS then use the tool NTFS4DOS to access the location of the SAM and SECURITY files from the boot command prompt.

NTFS4DOS creates a bootable floppy disk.You can use this floppy to access the NTFS drives by booting the system and mounting it to DOS.

Here are the steps to be followed to break the password.

1- Download My SAM file which I have Included in Downloads

2- Go to the target Machine , and try to Access it by Booting from the floppy created by NTFS4DOS or by other OS(incase you have two OS installed)

3- After Getting Access to the Boot Command prompt c:> Go to the config folder

$windir$\system32\config

And Copy the SAM File and SYSTEM File(we will need it later) To other any folder, Then replace the original SAM file(In $windows$\system32\config) with the SAM file i have provided

5- Reboot and Make windows enter Normally

6- Yeah, Now you can directly enter the system without any password. ie:The PW is broken!.

Now you have broken the system administrator password and you can directly enter system.Now one phase of the password hack is over.If you need to know/crack the admin password then you can use the two files SAM & SECURITY that you have copied in the above STEP-3(This step is optional).It is done as follows.

Download any of the following Password crackers

1.LC4 (Lophtcrack).New version is LC5

OR

2.SAMINSIDE

LC5 is better according to me

You can also contact me using the Contact Form for those two tools if you don’t find it.

Once you have either of the two password cracking tools,you can load the SAM & SECURITY files and start the cracking process.This process may take a long time since it is Bruteforce method depending on the size of the password.

NOTE: THE ABOVE METHOD IS ALSO APPLICABLE FOR WINDOWS VISTA

IF THE ABOVE TRICK FAILS AND IF YOU GET AN ERROR-REFER THIS POST FOR A SOLUTION
“Security Accounts Manager Initialization Failed” How To Recover?

WARNING: THE ABOVE INFORMATION IF FOR EDUCATIONAL PURPOSES ONLY

Visitors who read this post, also read:

  1. "Security Accounts Manager Initialization Failed" How to recover?

  2. Forgot Windows XP Password ?

  3. Renaming Win XP Start Menu Button

  4. Changing Windows XP Product Key without Re-Installation

  5. Bypassing Vista SP1 Windows Genuine Advantage

Subscribe to GoHacking.Com


Enjoyed this article?
Subscribe to GO HACKING and get daily updates in your email for free

13 Comments »

  • Anonymous said:

    hey but nower days no body uses floppy disk and they r not present in the system.suggest an other alternative to put replace floopy disk. can v use USB r CD roms instead of floopy ????????????????????

    - 31 August 2008 at 5:46 am
  • rutvik said:

    hii.
    when i open task manager or property of start bar there is a message “sorry SAM”.
    and it is nt open..
    what i do.?
    plz repiy me on
    [email protected]

    - 6 November 2008 at 7:28 am
  • Poppernut said:

    Is it possible to do the same thing with a CD instead? almost no computers have floppy drives.

    - 26 November 2008 at 2:49 am
  • Frank said:

    when i type in $windir$\system32\config, it says bad command or filename.

    - 3 December 2008 at 3:08 am
  • visitor said:

    Well I have Idea . My pc at work has everything blocked . I cant even change clock . But when I plug in my UBUNTU live USB I boot from usb and voila . I am on internet , I change clock , I can do a
    lot . I did not want to change SAM file becouse we have maintenance man comes once a month , I dont want to get busted :o) . Try ubuntu all you hackers . I run ubuntu on my laptop without HDD :o)

    - 11 December 2008 at 6:01 am
  • linkinrohit said:

    how can i crack the password of my pc,if i forget….
    on the window log in screen….
    where we enter the password…

    - 28 December 2008 at 9:14 am
  • linkinrohit said:

    first of all
    i must say
    your site is awesome…great…i luv it..
    hi srikant,
    how can i create a web form service….
    i hav searched on google…
    but somebody told that u hav to pay 4 it…
    can u tell me please must reply……………

    - 28 December 2008 at 9:19 am
  • Srikanth (author) said:

    @ linkinrohit

    Creating a webform service is easy and free.
    just goto

    http://www.emailmeform.com/

    and signup

    - 28 December 2008 at 8:35 pm
  • Slim0123 said:

    If you are accessing the system physically then there are a lot of safe methods hack the administrator account or whatever account you want to hack or lock or block, but is there any way by which this can be done remotely????

    thanks in advance if you can provide any info

    and one more thing, how can i keep a track on when my posts are being replied on your site Srikanth??
    Please mail me on [email protected] if you have any rss feeds or something like that for only particular posts(not all) or when someone replies to your post then being notified………

    - 31 December 2008 at 1:33 am
  • jwmghf said:

    Hey:

    I tried to do this to my computer and all I get is:

    FreeDos FAT Kernel and the floppy just continually spins??

    The drives I am trying to access are running in Raid-1 and Raid-0 configuration. Is there a way to get in when the drives are running these configurations?

    Thanks

    - 8 January 2009 at 6:03 am
  • Enso said:

    There is a better and simpler way…

    Ophcrack (google it I did)

    Its a live CD you can load it on a USB if you know how.

    It boots and runs automatically and give you all the passwords. Mine took 20 min to break out all of them. I had the one I wanted in 2.

    Then you can reboot and change all the passwords you want using the admin accounts and windows tools. No real hacking required.

    //Signed
    Enso

    - 29 January 2009 at 2:52 am
  • Undertaker said:

    is there any replacement for NTFS4DOS(flopy), as u know there is no flopy in new cabinates. Any s/w with using CD ??? or Pendrive ?

    - 8 February 2009 at 8:53 am
  • Srikanth (author) said:

    @ Undertaker

    Soon I’ll come up with a new post on this topic and teach you how to hack using a CD rom instead of a Floppy Drive. Subscribe to my posts and you’ll be notified when the post is published..

    - 8 February 2009 at 11:19 am

Leave your response!

Add your comment below, or trackback from your own site. You can also subscribe to these comments via RSS.

Be nice. Keep it clean. Stay on topic. No spam.

You can use these tags:
<a href="" title=""> <abbr title=""> <acronym title=""> <b> <blockquote cite=""> <cite> <code> <del datetime=""> <em> <i> <q cite=""> <strike> <strong>

This is a Gravatar-enabled weblog. To get your own globally-recognized-avatar, please register at Gravatar.