Have a basic idea of how passwords are stored. First, when you type it in, it is encrypted into something long and unrecognizable. Then it is stored in a file called the SAM.
Find the SAM file. You can find it at: Windows/system32/config/SAM. Don't go for it immediately as it is locked to all accounts while Windows is running. It can also be found in the registry under HKEY_LOCAL_MACHINE -> SAM.
Get the SAM file. The easiest way to do this is to get an alternate OS like Linux, and copy the file. That simple. You can also use a program called pwdump2, which will get it.
Encrypt the password. You can do this with any program.
Inject passwords into the SAM file.
Use chntpw to change a password. The easiest way to gain access is simply to use a tool called chntpw to change a password in the SAM (after you back it up using Linux), and then simply log in, do what you have to do, then restore it.
Finished.
Comments
0 comment