First of all let us have a close look at the Security flaws/Loopholes in Win XP
Microsoft stores all Security Information in many files but the main file is the SAM file (Security Accounts Manager)! this file contain security information about users(mainly Password).You can explore the SAM file here in this folder
$windows\system32\config
SAM is the file which contains the passwords in the form of a HASH.A HASH is a mathematically irreversible form of encryption,so that theres no way of decrypting the password back .Also there’s a file called SECURITY that contains a list of all users in the system & their related information
We will Not be able To copy them Under XP since it doesn’t support any attempt to copy this file.
The Idea Behind Cracking the password
The Idea is simple I will explain it manually and it can also be programmed.Here’s the idea..
The SAM contain’s a Security Information(password/s), so I have created a Free Windows XP SP2 Logon account (Administrator Account without password) that means when windows Launch it Will enter directly to the system without asking about any password.So, this SAM file contain’s an open password(no password).This SAM file is available for download for your further use in breaking the password of the system.
So, the idea here is to replace the SAM file of victim’s computer(which contain’s password) with the SAM file which contains no password.When this is done the password of the victim’s account is erased and it let’s anyone to login to the computer as if there is no password set by admin.
But this SAM file cannot be manipulated(copy/rename/replace/delete) when the operating system is running.So here are some of the ideas to replace this SAM file.
1.If there are two OS installed on the computer we can boot from other OS and replace the SAM file located at
$:\windows\system32\config
2.If there is only a single OS then use the tool NTFS4DOS to access the location of the SAM and SECURITY files from the boot command prompt.
NTFS4DOS creates a bootable floppy disk.You can use this floppy to access the NTFS drives by booting the system and mounting it to DOS.
Here are the steps to be followed to break the password.
1- Download My SAM file which I have Included in Downloads
2- Go to the target Machine , and try to Access it by Booting from the floppy created by NTFS4DOS or by other OS(incase you have two OS installed)
3- After Getting Access to the Boot Command prompt c:> Go to the config folder
$windir$\system32\config
And Copy the SAM File and SYSTEM File(we will need it later) To other any folder, Then replace the original SAM file(In $windows$\system32\config) with the SAM file i have provided
5- Reboot and Make windows enter Normally
6- Yeah, Now you can directly enter the system without any password. ie:The PW is broken!.
Now you have broken the system administrator password and you can directly enter system.Now one phase of the password hack is over.If you need to know/crack the admin password then you can use the two files SAM & SECURITY that you have copied in the above STEP-3(This step is optional).It is done as follows.
Download any of the following Password crackers
1.LC4 (Lophtcrack).New version is LC5
OR
2.SAMINSIDE
LC5 is better according to me
You can also contact me using the Contact Form for those two tools if you don’t find it.
Once you have either of the two password cracking tools,you can load the SAM & SECURITY files and start the cracking process.This process may take a long time since it is Bruteforce method depending on the size of the password.
NOTE: THE ABOVE METHOD IS ALSO APPLICABLE FOR WINDOWS VISTA
IF THE ABOVE TRICK FAILS AND IF YOU GET AN ERROR-REFER THIS POST FOR A SOLUTION
“Security Accounts Manager Initialization Failed” How To Recover?
WARNING: THE ABOVE INFORMATION IF FOR EDUCATIONAL PURPOSES ONLY