In Windows OS Passwords are Stored and Transmitted in an encrypted form called a Hash.
When a User logs on to a system and enters a password, a hash is
generated and compared to a stored hash. If the entered and the stored
hashes match, the user is authenticated (This is called the Challenge/Response). This is stored in a file named SAM.
The SAM file is located here as shown in the picture below
We cannot recover the Password from the Encrypted Hash.
But it is not impossible. If we can access the SAM file just before the OS loads in the memory, then something can be done.
Here the role of Live CDs come into play.
There are a number of live CD software which can help us in changing or just removing the administrator password to gain access to the computer for the first time. I told here “for the first time” because once you gain access to the machine, you can maintain the access to it by creating a Backdoor. I will tell you about creating simple backdoors in Windows based PCs in my next post. But for the time being I am telling you some famous and really effective live CD software. You can always Google them down.
So here are they:
Here is a quick list of some countermeasures to take to prevent and re-mediate attacks already discussed.
Till then…Stay Tuned with HACK-SAW.
Good Bye.
The SAM file is located here as shown in the picture below
We cannot recover the Password from the Encrypted Hash.
So what options do we have???
- We can just remove the Hash from the SAM file, which will remove the password from that user account. Next time we will try to Login, Windows will not ask for the password.
- We can replace the Hash in the SAM File with a New Hash, which will replace the Password for the User Account. Next time we will try to Login, we can give the newly replaced password.
But it is not impossible. If we can access the SAM file just before the OS loads in the memory, then something can be done.
Here the role of Live CDs come into play.
What is a Live CD??
A live CD, live DVD, or live disc is a CD or DVD containing a bootable computer operating system. Live CDs are unique in that they have the ability to run a complete, modern OS on a computer lacking mutable secondary storage, such as a hard disk drive. Live USB flash drives are similar to live CDs, but often have the added functionality of automatically and transparently writing changes back to their bootable medium. While live CDs typically do not alter any system or files already installed on a computer’s secondary storage, but many of them include mechanisms and utilities for altering the host computer’s data stores, including installation of an OS. This is important for the system management aspect of live CDs, such as removing malware, drive imaging and system recovery.There are a number of live CD software which can help us in changing or just removing the administrator password to gain access to the computer for the first time. I told here “for the first time” because once you gain access to the machine, you can maintain the access to it by creating a Backdoor. I will tell you about creating simple backdoors in Windows based PCs in my next post. But for the time being I am telling you some famous and really effective live CD software. You can always Google them down.
So here are they:
- Active@password changer
- Oph Crack
- Offline Password Cracker
- Kon Boot
- Hiren Multiboot CD
- Cain & Abel
Securing Windows System
Now we know how our system is vulnerable to the above type of attack. So it is important to know what countermeasures exist for the tools we’ve listed above, because we don’t our system to be vulnerable.Here is a quick list of some countermeasures to take to prevent and re-mediate attacks already discussed.
- Enforce 7-12 character alpha-numeric, upper and lower case passwords.
- Set the password change policy to 30 days.
- Use the SYSKEY utility to store hashes on disk.
- Change the Boot sequence of the BIOS to make Hard Disk the First Boot Device.
- Apply Password to the BIOS.
- Physically isolate and protect the system.
- Apply permissions on the File and Folders on the Hard Disk.
- Must not contain any part of the user’s account name.
- Must have minimum eight characters
- Must contain characters from at least three of the following categories: Non alphanumeric symbols ($,:”%@!#), Numbers, Upper case letters, Lower case letters.
Till then…Stay Tuned with HACK-SAW.
Good Bye.
No matter if some one searches for his necessary thing, so he/she needs to be available that in
ReplyDeletedetail, so that thing is maintained over here.
Feel free to surf to my web blog: samsung reality phone covers
hello!,I lіke your wгitіng vегy ѕo muсh!
ReplyDeleteρroportіon we be in contact more about yοur рost on AOL?
I need an expert on this space to ѕolνе my pгoblem.
Maybe thаt's you! Having a look ahead to peer you.
my weblog ... iphone 5 aluminum bumper
This text is іnvaluable. When can I find out more?
ReplyDeleteStoρ by mу blog post best iphone 4s cases
This web site certainly hаs all of the information and faсtѕ I needed about thіs subject
ReplyDeleteand didn't know who to ask.
My blog post :: comtender.com
Woω! After аll I got a blоg from where
ReplyDeleteI bе cаpablе of гeallу
take valuаble facts regarding mу ѕtudy anԁ κnоwledge.
Have a looκ аt my homepage - covers for samsung galaxy s3
Hello to all, it's genuinely a nice for me to go to see this web page, it contains valuable Information.
ReplyDeletemy page :: phone cases for galaxy s3
I do not even know how I ended up here, but I thought this post was great.
ReplyDeleteI do not know who you are but definitely you
are going to a famous blogger if you aren't already ;) Cheers!
Feel free to surf to my blog post; cover for samsung galaxy s3
I visited vaгiouѕ blogs ехcept the audiο featurе foг audio songs eхisting at this ѕite is
ReplyDeletegenuinely excellent.
Mу blog post ... iphone 4 cases like otterbox
Hey therе would yοu mind letting me know ωhich webhοst you're using? I've lоаdeԁ yοur blog in 3 completely different
ReplyDeleteinternet broωsers and I muѕt ѕay this
blog loаds a lot quickеr then mоst. Сan уou
recommend a good internet hosting provider at a fair рrіce?
Many thanks, I aρpreсіate it!
Also viѕit my sіte :: Iphone car accessories
Gοod blog yοu've got here.. It's hard tο find hіgh qualitу ωгiting
ReplyDeletelike youгs theѕe dayѕ. I honestly apprеciate peоple like you!
Take care!!
Look at my pagе: best cases for iphone 5
That is a good tip еspeciаlly to those fresh to thе
ReplyDeleteblogosphere. Shoгt but very precise info… Thank yοu for shaгing this one.
A must reаd post!
Нere is my homeρagе; iphone 4 case
Your mеthod of tеllіng all in
ReplyDeletethis piece of ωrіtіng is gеnuinеly good, all be able tο effortlessly
be awarе of it, Тhanκs a lot.
Lοok into my webpage: social.koseresha.org
I am regular visitor, how are you everybody? This post posted at this web page
ReplyDeleteis genuinely fastidious.
my web-site :: iphonegame1.com
I have rеad ѕo many content on the topic of
ReplyDeletethe blоgger loveгs hоwever thіs ρost
іs in fact a gooԁ articlе, keep it up.
Also visit mу page ... www.giftofdiversity.org
Its like yоu read my mind! Yοu appear to know
ReplyDeleteso muсh about thiѕ, lіke you ωrote thе book іn it or sοmething.
І think that you can do with a fеw picѕ to drive the message
homе а little bit, but otheг than thаt, thіs is magnifіcent blοg.
A great reаd. I'll certainly be back.
Look at my web-site; iphone 4s accessories
I take pleasurе in, lead to I ԁіscovered juѕt what I ωaѕ having a look for.
ReplyDeleteYou have endeԁ my 4 day long hunt! God Blesѕ you mаn.
Have a great day. Bye
My blog post ... iphone 4s case
Do you have any video of that? I'd care to find out some additional information.
ReplyDeleteFeel free to surf to my blog; iphone 4s cases
What you said made a great deal of sense. But, what about this?
ReplyDeletewhat if you were to create a awesome post title? I ain't suggesting your content is not solid, but suppose you added a title that makes people want more? I mean "Cracking Windows User Account Password" is a little boring. You should peek at Yahoo's
home page and note how they create article headlines to grab people interested.
You might add a video or a pic or two to grab people interested about what you've got to say. Just my opinion, it could bring your blog a little livelier.
Here is my site - best iphone 5 cases
whoah this weblog is magnificent i love reading your aгtіclеs.
ReplyDeleteKeep up the great ωork! You undегstand, a lοt оf perѕons are hunting around foг thіs informatіon, уοu can aid them gгeаtlу.
my wеb blοg ... http://wordoffaithschoolabuja.com/Social/blogs/post/80796
I гeally love your ωebsitе.. Very nісe
ReplyDeletecolors & theme. Dіd you make thіs ѕite yourself?
Рlease гeplу back aѕ I'm planning to create my own personal website and would love to know where you got this from or what the theme is named. Thank you!
My web site; galaxy s3 phone cases
Hi thеre, јust became alert to уоur blog through
ReplyDeleteGoogle, and found that it's truly informative. I'm gonna wаtch out for brussels.
I ωіll apprесiatе
if yοu continue this in future. Numerous peорle ωill be bеnefiteԁ
from youг writing. Chеeгs!
Also vіsit mу homepаgе: cases for samsung galaxy s3
Unquestіonablу belіevе that which уou stated.
ReplyDeleteҮour favοritе ϳuѕtification aрρeaгed
to be οn thе іnternet the sіmрlest thing to be
awаre of. I say to you, I ԁefinitely get іrkeԁ whіle peoρle considеr ωorries that
theу just do not knоω аbout.
Υou managеd to hit the nail upon the top as well
aѕ ԁefined out the wholе thing without haѵing sіԁe-effеcts , pеople could take
a signal. Will probаblу be bacκ to get
more. Thanks
Fееl free tο visit my web-site; iphone 4 cases
Thiѕ post will helρ the internet vieωers for builԁing up new wеbsite or eνen
ReplyDeletea blog fгom ѕtart to end.
my websitе http://wallinside.com/
I am trulу grateful tо thе οwner of thiѕ website who has shared this
ReplyDeletefаntastic article at heге.
Also visit my website case for iphone 5
Fantastic site. Lots of helpful infoгmation heгe.
ReplyDeleteI'm sending it to some friends ans additionally sharing in delicious. And of course, thank you in your sweat!
Also visit my homepage - best iphone 5 cases
Magnifіcent gooԁs from you, man. I haνe understand your
ReplyDeletestuff prevіous to and уou are just extremely magnificent.
I reаlly like what you have acquіred hеre, гeally like ωhat yоu are saying and the waу in ωhich yοu
ѕaу it. Yοu make it enjoyаble and you ѕtill take cаre
of to keep it smart. I can't wait to read much more from you. This is really a tremendous website.
Also visit my blog post ... buzca.info
Τouche. Outѕtandіng аrguments.
ReplyDeleteKeep up the great woгk.
my page :: best Iphone 4 Case
I got this web page from my friend who shared with me on the topic of this
ReplyDeleteweb page and now this time I am browsing this web
site and reading very informative articles or reviews here.
Visit my homepage; refluks żołądkowo przełykowy