System Hacking

Written by: Nirav Patel

Contact Links: facebook.com/patelnirav twitter.com/niravvhackky

1|Page

INDEX
Introduction Types of password cracking How to crack windows password with command prompt How to crack windows password with Hiren Boot CD

How to bypass windows password with kon-boot

How you can prevent from system Hacking

2|Page

Introduction
To bypass any system login authentication is known as system hacking. Consider that you had forgot your own system password and tried all possible passwords but it didnt work in this case what you will do to bypass? Or consider that your best friend has forgot his system password and asking you for help in that case what will you do? Dont worry guys here is the perfect tutorial which will show you how to bypass login authentication to any system. And this process also used by professional hacker during investigation of a criminal case. After getting this tutorial you can also perform this attacks to bypass login authentication. And it is very easy to perform.

Above screenshot shows login authentication of Windows XP.

3|Page

Before getting forward to further topics lets understand different types of password attack.

4|Page

Types of Password Cracking

1) Dictionary Attack: This attack tries to attempt all the word which are present in the dictionary book. This process will take long time to crack. As there are so many words in dictionary. If any word match to the password than you logged in successfully.

2) Brute Force Attack: This attack tries all the combination of words, Upper case, Lower case, Special characters and spaces. This attack needs more time to crack the password as it uses all the combinations of words, For example aa,ab,ac,ad,Aa,Ab,Ac,Ad,A!,A@ and etc. so trying this many combinations obviously it will take even more than 6 days to crack the password and obvious we cant wait till 6 days.

3) Rainbow table attack: A rainbow table is a list of pre-computed hashes - the numerical value of an encrypted password, used by most systems today - and thats the hashes of all possible password combinations for any given hashing algorithm. The time it takes to crack a password using a rainbow table is less than above attacks. And they also large number in size to download. We cannot afford the size as they are around 50 to 100 GB.

5|Page

4) Shoulder Surfing: I will explain you by screenshot so that you can easily be understand that what is shoulder surfing?

5) Offline Password Cracking: Offline password cracking is the process of recovering passwords from data that have been stored in or transmitted by a computer system. System password is stored in a Security Account Manager(SAM) file, the below path shows the location of SAM file C:/Windows/System32/config

6|Page

This SAM file stores system password and the last login details in hash format. But the problem is, you cannot open the file and if somehow opens than you will see nothing in the SAM file as this file is configured in such a way that when operating system boots this file will be locked and user cannot open the file.

Now lets move to further with the topics mentioned above.

Lets HACK!!!!!!!

7|Page

How to crack windows password with command prompt

Step 1: Press the start button and type cmd and open as administrator

8|Page

Step 2: After command prompt opens, type net user in cmd

This command will show you all the user accounts which are available in the system.

9|Page

Step 3: type net user [account name] *, where account name is which you to crack the password and * is to tell the administrator that I want to change the password

10 | P a g e

Step 4: As soon as you press enter it will ask you for the password, follow the screenshot below

And yes you have crack the system password with command prompt successfully. This will work in Windows XP, Windows 7 and in Windows 8 also.

11 | P a g e

How to crack windows password with Hiren Boot CD

Hiren boot cd contains 100+ tools for different task such as recovery tools, anitivirus tools, backup tools, file manager tools, Cleaners, Hard disk tools, MBR tools, etc. This is advanced method to crack the system password. Follow the screenshot below to know that how you can also crack the windows password. Step 1: Download Hiren Boot CD from below link Link: http://www.hirensbootcd.org/download/ Step 2: Extract the file and you have to make it bootable as we are going to boot hiren boot cd in boot sector so in order to make a bootable pendrive or cd, download universal usb installer as this software helps you in making bootable pendrive for most of the operating system. You can download from the link below and see the guide Link: http://www.pendrivelinux.com/universal-usb-installer-easy-as-12-3/

12 | P a g e

Step 3: Open the Universal USB Installer,

13 | P a g e

Step 4: Select linux distribution, than select your file location(.iso) and select device drive letter.

Click on create.

14 | P a g e

Step 5: After that it will prompt you with confirmation message

Click yes. After process gets over close the program.

15 | P a g e

Step 6: Restart the system and boot from pendrive and you will come to below screenshot

Step 7: Select offline NT/2000/XP/Vista/7 password changer and click enter

Step 8: Click enter if you have reach to below screenshot

16 | P a g e

Step 9: Dont be panic its normal thing while booting from external device just wait for some time and you will come to below screenshot

Step-10:

Type 1 and click Enter

17 | P a g e

Step-11:

It is asking the path of SAM file and the default path is Windows/System32/config which it has already found as you can see the above screenshot. Simply click Enter

18 | P a g e

Step-12:

After getting on above screenshot select option 1 as we have to reset password which is in SAM file. Select 1 and click on Enter

19 | P a g e

Step-13:

Here we have to select 1 in order to reset windows password. Select 1-Edit user data and passwords and click Enter.

20 | P a g e

Step-14:

Choose Username that you want to crack the password and click Enter as shown in above screenshot.

21 | P a g e

Step-15:

Here I am selecting option 1 to clear the password, you can choose the option 2 if you want to add new password but it sometimes not work properly so its better to select option 1 and click Enter.

22 | P a g e

Step-16:

As you can see in above screenshot that Password Cleared! so you have successful in clearing password but dont forget to save as this step is important. Select option ! to quit and click Enter.

23 | P a g e

Step-17:

Select q and click Enter.

24 | P a g e

Step-18:

Here is the step to save your settings, press y and click Enter. Step-18:

As you can see in above screenshot that you have successfully done editing in password.

25 | P a g e

Now press ctrl+alt+delete button to restart the system and as you can see in below screenshot that you login successful without password.

26 | P a g e

How to bypass Windows password with Kon-boot

This method is also advance and used by the professionals to bypass the login authentication. In this method the old password remain as it is, until next time it boots means it will not crack the password or prompt you to enter another password as it will just give you the access without cracking old password and without entering the new one. This application puts original password in comment and give the access to administrator account. Follow the steps below.

Step 1: Download the software kon-boot from the link below

Link: http://digiex.net/downloads/download-center-20/applications/6498-kon-boot-password-utility-free-version.html

Step 2: Extract that file in specific folder and remember we have to make it bootable pendrive or cd with the help of unetbootin, this is also a great software which helps you in making bootable pendrive, follow the below screenshots to see the step by step process of making bootable pendrive

Step 3: Download unetbootin from the below link Link: http://unetbootin.sourceforge.net/

27 | P a g e

Step 4: Open unetbootin

28 | P a g e

Step 5: Select diskimage option and location of .iso image file which you have downloaded and select the drive of external device

Press OK

29 | P a g e

Step 6: Wait for some time and you will come to below screenshot

After that reboot your system and boot from your pendrive.

30 | P a g e

Step 7: When you boot from your pendrive you will come to below screenshot

And it will reboot automatically after this process gets over as it will directly give access to administrator account, you dont have to do anything during the process thats the main advantage of this tool and it is very easy to use. You just have to boot from external device and you are done!!!!!!!

31 | P a g e

How to prevent from System Hacking

Microsoft had come to know about cracking of SAM file which is easy by other application so what they did, they come up with a new way to secure account, they introduce syskey in every Windows. Now what is syskey and how it works and how to set up syskey? Basically syskey is used to secure SAM file which contains account information such as username and password. How to set up syskey?

Step-1: Open syskey.exe (SAM Lock Tool) from start menu

32 | P a g e

Step-2: Click on Update.

33 | P a g e

Step-3: As soon as you click on update a small window will pop-up as shown in below screenshot and select Password Startup and simply enter your password to encrypt SAM file.

Now what it does when you restart your system, first of all it will ask you to enter syskey password, and then you will ask to enter password of your account to login.

NOTE: There are more than 100+ ways to crack the windows password and I cannot show you all but we have to look for easy method and ofcourse this Tutorial contains easy ways to crack the system password.

34 | P a g e

35 | P a g e