LATEST NEWS

Reset Windows NT/XP/2003/Vista Password

img
Nov
27

New updates!!

You can now use kon-boot to bypass windows / linux logon. Just boot up from the bootable media and press enter during logon.

(I’ve not yet tested on domain environment)

These steps are intended for system administrators, which will help them to recover windows without reinstalling or formatting.

The steps shown here includes how to reset Windows Domain Controller password also.

Please take note that if you are thinking of hacking any enterprise or organization without them knowing, please do not continue. You will get caught. This is not intended for you. Beware that resetting an account’s password on some systems like Windows XP might cause data loss, especially EFS-encrypted files and saved passwords from within Internet Explorer. To protect yourself against EFS-encrypted files loss you should always export your Private and Public key, along with the keys for the Recovery Agent user.

Basically there are numerous methods and software for this task. And all of the tools are free to use. I will not put any commercial software in this tutorial.

The most popular ones are:

Offline NT Password & Registry Editor

Ultimate Boot CD (using ntpasswd)

Windows Ultimate Boot CD (using PasswordRenew)

Task 1 – Recover Access to Windows

Task 2 – Recover Access to Domain Controller

 

Ok guys, our first objective here is to recover access to windows. Since we FORGOTTEN the password or for WHATEVER reason we do not have the password, follow these steps carefully. I will be covering 2 method of completing this task, with the same concept.

The easiest way was always to use bootable CDs to open up Windows partition where the password file are stored. For all NT based windows, the password file is stored under WINDOWSsystem32config folder, which is called the SAM (Security Accounts Manager) file. Stored in a binary format, left undocumented and not easily accessible. I won’t explain every bit of the file. It is enough to know that the encrypted password is there.

1.1 Using ntpasswd

Download the ntpasswd bootable CD image and burn it.

http://home.eunet.no/pnordahl/ntpasswd/bootdisk.html

ALERT! Take note that versions before 0704xx will corrupt the disk on VISTA! 

  • Boot using the CD

 

  • Select the partition containing your windows installation. In most cases, for IDE drives it would shown as /dev/hdaX, while SATA or SCSI drives are /dev/sdaX and labelled as BOOT

 

 

  • Verify the file path to your windows installation and config directory. (WINDOWS/system32/config)

 

  • We want to reset the password. Select option no1 to reset.

 

  • We are going to edit user data and password. Select 1.

 

  • Select the account that we want to reset (Administrator)

 

  • Edit the user either by option no 1 or 2. Most of the time, forcing blank password works without any problem, while setting a new password may not work the first time. keep trying until it works.

 

  • Quit from the edit menu

 

  • It will prompt you to save changes. just type y, and reboot

 

  • Logon with the new pass that you have set…

 

Task 1.2 – Using PasswordRenew

Task 2 – Recover Access to Domain Controller

 

Related reading

http://en.wikipedia.org/wiki/Security_Accounts_Manager
http://beginningtoseethelight.org/ntsecurity/index.php
http://www.grape-info.com/doc/win2000srv/security/ntpasswd.html
http://www.hackinthebox.org/modules.php?op=modload&name=News&file=article&sid=5721&mode=thread&order=0&thold=0
http://www.irongeek.com/i.php?page=security/localsamcrack2