1. Open the BackTrack Folder from the Menu.
2. Open Privilege Escalation
3. Open PasswordAttacks
4. Click on “chntpw”
5. Type in “chntpw -i /mnt/hda1/Windows/system32/config/SAM”
1. You may have to change the “hda1″ to something else such as hdb1, sda2, sdb3. Try a few different combination until you can get it, or ask me for help.
6. Press “1″
7. I want to remove my password, and my username is simply “phr0z3n”. So here, I will type in “phr0z3n”.
8. Press “1″ to clear the password. If all is well, it should say “Password cleared!”
9. Again, lets type in our name, mine is still “phr0z3n”.
10. Press “4″.
1. The reason behind why we do this? Sometimes the account will get locked after we change the password, so we want to make sure we unlock it before we save the changes and boot back up to Windows.
11. Type “!”
12. Type “q”
13. You will be asked, “Write hive files? (y/n) [n] : “ We want to press “y” for yes.
Source: http://cyberterrorists.net/forum/viewtopic.php?f=19&t=12407
Subscribe to:
Post Comments (Atom)
No comments:
Post a Comment