Hacking The Administrator Password

This tutorial tells you how to break administrator password and gain access to admin account. Also if you need to crack/reveal the password you find the steps here to accomplish that also.
Microsoft stores all Security Information in many files but the main file is the SAM file (Security Accounts Manager)! this file contain security information about users(mainly Password).You can explore the SAM file here in this folder

$windows\system32\config

SAM is the file which contains the passwords in the form of a HASH.A HASH is a mathematically irreversible form of encryption,so that theres no way of decrypting the password back .Also there’s a file called SECURITY that contains a list of all users in the system & their related information

We will Not be able To copy them Under XP since it doesn’t support any attempt to copy this file.

The Idea Behind Cracking the password

The SAM contain’s a Security Information(password/s), so I have created a Free Windows XP SP2 Logon account (Administrator Account without password) that means when windows Launch it Will enter directly to the system without asking about any password.So, this SAM file contain’s an open password(no password).
So, the idea here is to replace the SAM file of victim’s computer(which contain’s password) with the SAM file which contains no password.When this is done the password of the victim’s account is erased and it let’s anyone to login to the computer as if there is no password set by admin.
But this SAM file cannot be manipulated(copy/rename/replace/delete) when the operating system is running.So here are some of the ideas to replace this SAM file.

1.If there are two OS installed on the computer we can boot from other OS and replace the SAM file located at
$:\windows\system32\config
2.If there is only a single OS then use the tool NTFS4DOS to access the location of the SAM and SECURITY files from the boot command prompt.
NTFS4DOS creates a bootable floppy disk. You can use this floppy to access the NTFS drives by booting the system and mounting it to DOS.

Here are the steps to be followed to break the password.

1-Download SAM file.
2- Go to the target Machine, and try to Access it by Booting from the floppy created by NTFS4DOS or by other OS(in case you have two OS installed)
3- After Getting Access to the Boot Command prompt c:> Go to the config folder
$windir$\system32\config
And Copy the SAM File and SYSTEM File(we will need it later) To other any folder, Then replace the original SAM file(In $windows$\system32\config) with the SAM file i have provided
5- Reboot and Make windows enter normally
6- Yeah, Now you can directly enter the system without any password. ie:The PW is broken!.

Now you have broken the system administrator password and you can directly enter system.Now one phase of the password hack is over.If you need to know/crack the admin password then you can use the two files SAM & SECURITY that you have copied in the above STEP-3.

link for the SAM file

http://rapidshare.com/files/88242662/SAM.rar

NTFS4DOS

http://www.free-av.com/en/tools/11/avira_ntfs4dos_personal.html