How To Hack Windows Login Password Using Chntpw
Obstacle
Unable to login to windows password protected admin account
Objective
Login to windows password protected admin account
Solution(s)
I. Make myself an admin
I. Make myself an admin
II. Clear admin account's password
Techniques/Methods
Get physical access to the computer
Reboot the computer and boot up to the live Linux OS
Use a root account or make myself root
Use chntpw
Requirements
Requirements
Preferably a live boot-able Linux distro e.g. Kali Linux, Fedora,Network
Security Toolkit (NST), Caine(Computer Aided Investigation Environment)
e.t.c.
Ensure you have chntpw installed in your Linux distro,download if not
Exploratory curious mind
Quick Briefing....
chntpw is a utility to view some information and reset user passwords in a Windows NT/2000 SAM user database file used by Microsoft Windows Operating System (in NT3.x and later versions). This file is usually located at \WINDOWS\system32\config\SAM on the Windows file system.It is not necessary to know the previous passwords to reset them. In addition it contains a simple registry editor and a hex-editor with which the information contained in a registry file can be browsed and modified.
This program should be able to handle both 32 and 64 bit Microsoft Windows and all versions from NT3.x up to Win8.1.
As a windows feature, the SAM files can't be accessed when the computer is still on, i.e. while windows is still running. So definitely you can't accessed the SAM files while running windows, and neither can you do that through a Linux distro if at all windows wasn't shut down completely e.g. hibernation mode for windows.
In the SAM files, windows passwords are encrypted using NT/LM hashes. You can either clear the password or obtain the hashed values and find a way of decoding them.
Password changing is only possible if the program has been specifically compiled with some cryptographic functions. This feature, however, only works properly in Windows NT and Windows 2000 systems. It might not work properly in Windows XP, Vista, Win7, Win8 and later systems.
Unleashing the kraken....
The fun begins.
[+] Find your way into the following windows directory: Windows/System32/config
You should find some SAM files
[+] Fire up chntpw from the terminal and type: chntpw -l -v <your SAM file>
This will allow you to view user accounts, their names, RIDs, whether
they have passwords or not,which accounts are admins and which
accounts are locked or unlocked.
Usernames can be given as name or RID (in hex with 0x first)
[+] Type: chntpw -i -l -u -v <sam file>
The -i will help open an interactive menu system, -l will list all
users in the SAM file, -u displays usernames and RIDs for
interactive edit, -v for a verbose output.
[+] Edit user data and passwords
From the Main Interactive Menu choose option 1 for editing user data
and passwords. You will get a list of all usernames for the computer, their RIDs, their states(locked/unlocked) and
permissions(admin/not admin).
Pass RID of account of your
choice and pass as input. You'll get user account info and also get to
view the NT/LM hashed passwords which you can use to decrypt the
password.
You will be also be prompted with a user edit menu.
[+] Make yourself admin
With your selected account of choice, pass option 2 as input to unlock
the account if it was locked. Then pass option 3 as input to
promote yourself to administrator with that account. You could also
decide to add the user account to a different group e.g. the group
of administrators.
You can view this groups from the Main Interactive Menu and pass option 2 for List Groups.
Your job is done here as you can now login to windows using that user
account with all the admin privileges, without having to
interfere with the main admin account.
[+] Clearing Admin Password
With your selected account of choice, pass option 1 for clearing user
password(ensure account was unlocked), making it blank.
You can now reboot the system and login to the admin account as it won't require password authentication. Yeah. Full access.
Make sure to save changes you made as you exit from chntpw.
[+] Explore
Explore more of chntpw, it's the way of Hacking to learn that one learns to hack.
See Also Other Tools:
reged, samusrgrp, sampasswd
No comments:
Post a Comment