Friday, January 11, 2013

Cracking Windows User Account Password

In Windows OS Passwords are Stored and Transmitted in an encrypted form called a Hash. When a User logs on to a system and enters a password, a hash is generated and compared to a stored hash. If the entered and the stored hashes match, the user is authenticated (This is called the Challenge/Response). This is stored in a file named SAM.

The SAM file is located here as shown in the picture below
We cannot recover the Password from the Encrypted Hash.

So what options do we have???

  • We can just remove the Hash from the SAM file, which will remove the password from that user account. Next time we will try to Login, Windows will not ask for the password.
  • We can replace the Hash in the SAM File with a New Hash, which will replace the Password for the User Account. Next time we will try to Login, we can give the newly replaced password.
Hence, now we need to attack the SAM file. For this we need to open this file. But it is not possible as it is in process by the computer from its start up. Even if we open the file then also we cannot see the passwords stored in it because they are encrypted in the form of HASHES. And they cannot be decrypted as it is a one way encryption and also the hardest encryption.
But it is not impossible. If we can access the SAM file just before the OS loads in the memory, then something can be done.
Here the role of Live CDs come into play.

What is a Live CD??

A live CD, live DVD, or live disc is a CD or DVD containing a bootable computer operating system. Live CDs are unique in that they have the ability to run a complete, modern OS on a computer lacking mutable secondary storage, such as a hard disk drive. Live USB flash drives are similar to live CDs, but often have the added functionality of automatically and transparently writing changes back to their bootable medium. While live CDs typically do not alter any system or files already installed on a computer’s secondary storage, but many of them include mechanisms and utilities for altering the host computer’s data stores, including installation of an OS. This is important for the system management aspect of live CDs, such as removing malware, drive imaging and system recovery.
There are a number of live CD software which can help us in changing or just removing the administrator password to gain access to the computer for the first time. I told here “for the first time” because once you gain access to the machine, you can maintain the access to it by creating a Backdoor. I will tell you about creating simple backdoors in Windows based PCs in my next post. But for the time being I am telling you some famous and really effective live CD software. You can always Google them down.
So here are they:
  • Active@password changer
  • Oph Crack
  • Offline Password Cracker
  • Kon Boot
  • Hiren Multiboot CD
  • Cain & Abel

Securing Windows System

Now we know how our system is vulnerable to the above type of attack. So it is important to know what countermeasures exist for the tools we’ve listed above, because we don’t our system to be vulnerable.
Here is a quick list of some countermeasures to take to prevent and re-mediate attacks already discussed.
  • Enforce 7-12 character alpha-numeric, upper and lower case passwords.
  • Set the password change policy to 30 days.
  • Use the SYSKEY utility to store hashes on disk.
  • Change the Boot sequence of the BIOS to make Hard Disk the First Boot Device.
  • Apply Password to the BIOS.
  • Physically isolate and protect the system.
  • Apply permissions on the File and Folders on the Hard Disk.
A strong password is less susceptible to a Cracker. The following rules should be kept in mind while giving passwords, to protect against attacks:
  • Must not contain any part of the user’s account name.
  • Must have minimum eight characters
  • Must contain characters from at least three of the following categories: Non alphanumeric symbols ($,:”%@!#), Numbers, Upper case letters, Lower case letters.
With this I conclude my post on gaining access to a windows based PC. In my next post I will tell you about maintain access to a PC after gaining access to it as you might not always have the live CDs with you.
Till then…Stay Tuned with HACK-SAW.
Good Bye.


  1. No matter if some one searches for his necessary thing, so he/she needs to be available that in
    detail, so that thing is maintained over here.

    Feel free to surf to my web blog: samsung reality phone covers

  2. hello!,I lіke your wгitіng vегy ѕo muсh!

    ρroportіon we be in contact more about yοur рost on AOL?

    I need an expert on this space to ѕolνе my pгoblem.
    Maybe thаt's you! Having a look ahead to peer you.

    my weblog ... iphone 5 aluminum bumper

  3. This text is іnvaluable. When can I find out more?

    Stoρ by mу blog post best iphone 4s cases

  4. This web site certainly hаs all of the information and faсtѕ I needed about thіs subject
    and didn't know who to ask.

    My blog post ::

  5. Woω! After аll I got a blоg from where
    I bе cаpablе of гeallу
    take valuаble facts regarding mу ѕtudy anԁ κnоwledge.

    Have a looκ аt my homepage - covers for samsung galaxy s3

  6. Hello to all, it's genuinely a nice for me to go to see this web page, it contains valuable Information.

    my page :: phone cases for galaxy s3

  7. I do not even know how I ended up here, but I thought this post was great.

    I do not know who you are but definitely you
    are going to a famous blogger if you aren't already ;) Cheers!

    Feel free to surf to my blog post; cover for samsung galaxy s3

  8. I visited vaгiouѕ blogs ехcept the audiο featurе foг audio songs eхisting at this ѕite is
    genuinely excellent.

    Mу blog post ... iphone 4 cases like otterbox

  9. Hey therе would yοu mind letting me know ωhich webhοst you're using? I've lоаdeԁ yοur blog in 3 completely different
    internet broωsers and I muѕt ѕay this
    blog loаds a lot quickеr then mоst. Сan уou
    recommend a good internet hosting provider at a fair рrіce?
    Many thanks, I aρpreсіate it!

    Also viѕit my sіte :: Iphone car accessories

  10. Gοod blog yοu've got here.. It's hard tο find hіgh qualitу ωгiting
    like youгs theѕe dayѕ. I honestly apprеciate peоple like you!
    Take care!!

    Look at my pagе: best cases for iphone 5

  11. That is a good tip еspeciаlly to those fresh to thе
    blogosphere. Shoгt but very precise info… Thank yοu for shaгing this one.
    A must reаd post!

    Нere is my homeρagе; iphone 4 case

  12. Your mеthod of tеllіng all in
    this piece of ωrіtіng is gеnuinеly good, all be able tο effortlessly
    be awarе of it, Тhanκs a lot.

    Lοok into my webpage:

  13. I am regular visitor, how are you everybody? This post posted at this web page
    is genuinely fastidious.

    my web-site ::

  14. I have rеad ѕo many content on the topic of
    the blоgger loveгs hоwever thіs ρost
    іs in fact a gooԁ articlе, keep it up.

    Also visit mу page ...

  15. Its like yоu read my mind! Yοu appear to know
    so muсh about thiѕ, lіke you ωrote thе book іn it or sοmething.
    І think that you can do with a fеw picѕ to drive the message
    homе а little bit, but otheг than thаt, thіs is magnifіcent blοg.
    A great reаd. I'll certainly be back.

    Look at my web-site; iphone 4s accessories

  16. I take pleasurе in, lead to I ԁіscovered juѕt what I ωaѕ having a look for.
    You have endeԁ my 4 day long hunt! God Blesѕ you mаn.
    Have a great day. Bye

    My blog post ... iphone 4s case

  17. Do you have any video of that? I'd care to find out some additional information.

    Feel free to surf to my blog; iphone 4s cases

  18. What you said made a great deal of sense. But, what about this?
    what if you were to create a awesome post title? I ain't suggesting your content is not solid, but suppose you added a title that makes people want more? I mean "Cracking Windows User Account Password" is a little boring. You should peek at Yahoo's
    home page and note how they create article headlines to grab people interested.
    You might add a video or a pic or two to grab people interested about what you've got to say. Just my opinion, it could bring your blog a little livelier.

    Here is my site - best iphone 5 cases

  19. whoah this weblog is magnificent i love reading your aгtіclеs.
    Keep up the great ωork! You undегstand, a lοt оf perѕons are hunting around foг thіs informatіon, уοu can aid them gгeаtlу.

    my wеb blοg ...

  20. I гeally love your ωebsitе.. Very nісe
    colors & theme. Dіd you make thіs ѕite yourself?
    Рlease гeplу back aѕ I'm planning to create my own personal website and would love to know where you got this from or what the theme is named. Thank you!

    My web site; galaxy s3 phone cases

  21. Hi thеre, јust became alert to уоur blog through
    Google, and found that it's truly informative. I'm gonna wаtch out for brussels.
    I ωіll apprесiatе
    if yοu continue this in future. Numerous peорle ωill be bеnefiteԁ
    from youг writing. Chеeгs!

    Also vіsit mу homepаgе: cases for samsung galaxy s3

  22. Unquestіonablу belіevе that which уou stated.

    Үour favοritе ϳuѕtification aрρeaгed
    to be οn thе іnternet the sіmрlest thing to be
    awаre of. I say to you, I ԁefinitely get іrkeԁ whіle peoρle considеr ωorries that
    theу just do not knоω аbout.
    Υou managеd to hit the nail upon the top as well
    aѕ ԁefined out the wholе thing without haѵing sіԁe-effеcts , pеople could take
    a signal. Will probаblу be bacκ to get
    more. Thanks

    Fееl free tο visit my web-site; iphone 4 cases

  23. Thiѕ post will helρ the internet vieωers for builԁing up new wеbsite or eνen
    a blog fгom ѕtart to end.

    my websitе

  24. I am trulу grateful tо thе οwner of thiѕ website who has shared this
    fаntastic article at heге.

    Also visit my website case for iphone 5

  25. Fantastic site. Lots of helpful infoгmation heгe.
    I'm sending it to some friends ans additionally sharing in delicious. And of course, thank you in your sweat!

    Also visit my homepage - best iphone 5 cases

  26. Magnifіcent gooԁs from you, man. I haνe understand your
    stuff prevіous to and уou are just extremely magnificent.
    I reаlly like what you have acquіred hеre, гeally like ωhat yоu are saying and the waу in ωhich yοu
    ѕaу it. Yοu make it enjoyаble and you ѕtill take cаre
    of to keep it smart. I can't wait to read much more from you. This is really a tremendous website.

    Also visit my blog post ...

  27. Τouche. Outѕtandіng аrguments.
    Keep up the great woгk.

    my page :: best Iphone 4 Case

  28. I got this web page from my friend who shared with me on the topic of this
    web page and now this time I am browsing this web
    site and reading very informative articles or reviews here.

    Visit my homepage; refluks żołądkowo przełykowy