Cracking windows logon password is not so difficult. You can get many offline password crackers which could change/clear the existing password (like offline nt password and registry editor) or cracks the existing password (like oph crack). Just download their ISO images, burn them, insert to CD ROM and then things are simply self explanatory. I am writing this post to make you clear that how actually these password crackers work.
Okay when you set windows logon password, it is obviously stored in a file somewhere in windows. The password is stored in SAM file placed in %systemroot%\system32\config (like C:\windows\system32\config).
Now why we just don’t try to open SAM and see all stored passwords. Okay let’s do it, go to C:\windows\system32\config and open SAM. You must get an error that " it is in use by some another application". Actually we can’t open SAM file when windows is running. Even if anyhow we manage to access the content of SAM file, we won't get the passwords in clear text but they are encrypted.
So, what is SAM file?
SAM stands for Security Accounts Manager. SAM is database stored as registry in windows that stores windows users passwords in hashed formats (LM and NTLM). These are usually called as hashes.
What are hashes?
Hashes are kind of encryption. A hash function is a one way function. One way means, if plain text is converted into hash, it cannot be converted back to plain text. Remember this is the most important Point that they are one way functions.
What is windows authentication procedure?
Whenever a user creates new account in windows, its password is converted to hash and stored in SAM database. When user logins, the password is converted to hash and is compared with the stored hash in SAM database, if both the hashes match, the user is authenticated.
How to access SAM file?
SAM file cannot be moved/copied or opened when windows is running. It can be accessed only when windows is offline/not running. Got confused that how can we use the windows files when it is not running?
Here comes the concept of Live Operating systems. A live CD is containing a bootable OS. Just insert it in CD ROM and you can use it without any installation.
How to crack Windows password?
Okay suppose we have got access to SAM file and have password hashes. Don’t you think it’s useless because hashes can’t be converted to plain text? Let’s see, what we can do.
We (I mean automated tools) can actually do two things.
1. Clear/Change password: - Clear the existing hash and put new hash (we know algorithm to convert plain text to hash) in order to change/clear the password. This is how offline nt password and registry editor work. It doesn't give you the original password but helps you to change/clear it.
2. Crack password: - Make a long list of all possible combinations of alphabets, numbers and convert them to hashes. Compare every hash with hash we obtained from SAM file and hashes could be cracked. This is exactly how OPH crack works. It has already saved hashes of many possible combinations of letters/numbers stored in tables called as rainbow tables.
I hope things are clear to you :).
Note: This is illegal and is for educational purpose only. Any loss/damage happening will not be in any way our responsibility.
If you want to keep up-to-date on the Ethical Hacking Tutorials news, latest Tips & Tricks, latest scams & most important awareness and are a member of Facebook, don't forget to Join the Tricks4indya Facebook pageto keep informed about the latest security.
Incoming Search:-
Hack Windows 7 login password
Hack Windows Vista login password
Hack Windows XP login password
Reset Your Windows login password
