This is the first time I’m using Backtrack to recovery my Windows Box password. My Windows password is simple, just contain an alphanumeric 7 chars. The step-by-step I will post here hope it will help someone =)
1. Boot into your backtrack 3 with setting your BIOS to booting from CD/USB.
2. Mount your Windows box into your backtrack 3. Using mount /dev/sda1/mnt
3. The Windows server 2000 box store the user information at C:\WINNT\system32\config\. There are 2 files SAM and system; in XP, the user information store at C:\WINDOWS\repair\ with the same 2 files sam and system.
Copy the sam and system file into /tmp :
cp /mnt/WINNT/system32/config/system /tmp
cp /mnt/WINNT/system32/config/SAM /tmp
4. Use bkhive to make a keyfile : bkhive system keyfile.txt
5. The next step we use samdump to make our user hash file and fill the information into myhash.txt :
samdump2 SAM system > myhash.txt
6. Next we will use john to crack the password, or rcrack (I use this tool in my tutorial about revealing windows password using RCrack), or another password cracker that the best match for you. In this case I will use john with dictionary attack(I prefer not to use brute force, it takes a long time) :
john –wordlist=the_dictionary_password.txt –format=NT myhash.txt
the format I use NT, because the system file the password come from Windows NT
There are the password =) I’ve got it
Popularity: 48% [?]
Related posts:
