Password cracking for windows in Linux

Source: Internet
Author: User

If you have an optical drive, if you have the permission to enter the BIOS, please do not read this article any more. You can find a Windows xp cd. What should you do.
The question I want to talk about here is for the company's office computer. The company's IT department is always in conflict with ordinary employees. At the requirements of the company's leadership, the IT department should always try its best to give you as few permissions as possible or easily manage IT by yourself. The drive, and the drive will not be used; the BIOS password won't tell you (of course, this is not a problem in most cases); the drive C must be in NTFS format, boot. ini: You don't need to touch IT. If you don't have any hope, you still need to check whether drive C has the write permission. There are two types of USB seals: physical port seals, this is called human governance. The system sets the card permission to the legal system, which is relatively sinister. It uses the domain controller to manage the permissions in a unified manner. It also uses various group policies to card the execution permissions of various applications ......
Out of our desire for freedom, we will never admit defeat ......
Some time ago, I wrote an article about John/bkhive/samdump and how to crack SAM password in Linux. This is a successful case of mine, but it will not be absolutely useful, if BT's IT buddies make the administrator password complex and long enough, that's all. No, I met it after I changed my job to a new company. After asking John to help me calculate it for a month, I decided to give up using this method.
If you google it, you will find that there are more than N methods to improve the permissions of Windows XP, but most of them are invalid. The overwhelming articles are just an irresponsible copy:
1. Delete the most famous SAM file. Under normal circumstances, you cannot move this file. When you delete this file, you will find that the system will crash. Sweat...
2. Enter the security mode with command lines, and execute commands similar to net user admin 123/add. Sorry, first of all, if a common user wants to enter the security mode as an administrator, Microsoft will not mix it for so many years. Second, if a common user wants to add a user and change it to an administrator, microsoft does not need to mix up. Khan Second...
3. run various rootkit tools that can detect windows passwords. It's also a problem with eggs and eggs. The premise for successfully running these tools is generally that you have the Administrator permission. If you have the Administrator permission, do you need this? Khan third place...
4. Write a bat file and write the code:
Net user admin 123/add
Net localgroup administrators admin/add
Replace logon. scr, magnify.exe, and other system programs.
This is a little poor, but it is difficult to execute. Windows protects these files. You cannot modify, delete, or rename the files, even if you detach the hard disk to another windows machine. However, this method is based on this.
I declare that this is not my original idea. The idea and method come from the internet. I just proved its feasibility through practice and reduced the detours for the freedom fighters who work in the company.
Now, let's get started:
1. Prepare the script for adding the user. Write the following content in the WordPad and change the file name to magnify. bat.
@ Net user admin/del
@ Net user young001 123456/add
@ Net localgroup administrators young001/add
@ Exit
The first line above will delete the admin user to avoid affecting the execution of the next two rows if it does not exist. The execution of the next two rows will not be affected. The second line will add an account named admin, set the password to 123456. The third line adds the admin account to the administrators user group. The fourth line exits.
2. Convert the file magnify. bat to the exe format. Please do not directly change the suffix so it cannot run. There is a tool named bat2exe that can be converted into two files, bat2com.exeand com2exe.exe. Run the following commands:
Bat2com magnify. bat // generate the magnify.com File
Com2exe magnify.com // generate the magnify.exe File
The bat2exe tool is a 16-bit program. If the above connection cannot be downloaded, please google 3. Replace the file: Replace the generated magnify.exe file with the C: WINDOWSsysten32magnify.exe file. In fact, this is a magnifier program. to replace it, you must first back up the original magnify.exe so that it can be replaced after use. Otherwise, your magnifier program will no longer work.
This is the most difficult part. I would like to reiterate that if you have optical drive, soft drive, USB, BIOS and other resources, please use the convenient method of Windows XP. I removed the hard disk and placed it in a Linux system to replace it. (NTFS3g program is used to make Linux writable to NTFS. Here we use Linux to Mount windows partitions, modifying files is not covered in this topic. If you need it, you can ask me ). You can also use other methods, but the hard disk is fixed, otherwise it will be the same; another system is sure not to use WindowXP, because this will not succeed.
4.run magnify.exe. Start WindowsXP to log on to the page. Press Ctrl + U to bring up the auxiliary tool dialog box. There are two optional programs, the magnifier program and the screen keyboard program. Select a magnifier and click Run. Then you can log on with the admin password 123456.
Congratulations, the system is yours. Remember to replace the original magnifier Program
Here is only my method of success, but the process must not be unique. For example, the substitution program is not necessarily a magnifier program. You can also use the Screen Keyboard program. The file replacement process is even more difficult. It is entirely because of your creativity.

Contact Us

The content source of this page is from Internet, which doesn't represent Alibaba Cloud's opinion; products and services mentioned on that page don't have any relationship with Alibaba Cloud. If the content of the page makes you feel confusing, please write us an email, we will handle the problem within 5 days after receiving your email.

If you find any instances of plagiarism from the community, please send an email to: info-contact@alibabacloud.com and provide relevant evidence. A staff member will contact you within 5 working days.

A Free Trial That Lets You Build Big!

Start building with 50+ products and up to 12 months usage for Elastic Compute Service

  • Sales Support

    1 on 1 presale consultation

  • After-Sales Support

    24/7 Technical Support 6 Free Tickets per Quarter Faster Response

  • Alibaba Cloud offers highly flexible support services tailored to meet your exact needs.