Admin password, the dream of everyone. Specially, when you are in an environment where you are not the system administrator. Today, what I’m going to show you is how to take Windows Administrator passwords. You might have even noticed, if we can find out where windows stores the password, we can just look at it. But unfortunately, it is not that easy.

Windows stores the passwords in the Windows\System32\Config\SAM file. But windows prevent you from accessing that file. So, the answer is LINUX. Take a Knoppix CD, put it into your CDROM and restart the machine. Make sure your first boot device is CD-Rom. Then, it’ll boot into the Linux. Then the best option would be a USB pen. Just mount it and copy the SAM file into it. And make sure you also copy the Windows\System3\Config\System file. Then, restart again, you need Windows now.

Now you have to take a key called syskey from the system file. There are some windows utilities to do that, but I can’t remember the names. Anyway, once after you get it, you can use that key to decrypt the SAM file. Now the password!!! NO!! It’s not.

Again you have some hashes. What do we do now? Now, you have the time consuming part. You have to download and run John the ripper on these hashes. Please note this may take few hours, depending on the length of the password.

After that ***you*** are the system admin!!!

This entry was posted on Monday, February 6th, 2006 at 8:26 pm and is filed under Hacking and Cracking. You can follow any responses to this entry through the RSS 2.0 feed. You can leave a response, or trackback from your own site.