**A side note before we begin:
This article assumes that the locked computer doesn’t have the Administrator account enabled (which most don’t as it doesn’t come that way). If it is enabled, there are ways to clear the password and create a new one with the boot loader described below. Enjoy!
———-
I spent a solid hour trying to crack my brother’s Vista password just to get a stupid file off his computer. He’s a smart kid, and likes to program, and knows the importance of a secure password. It’s no wonder I wasn’t able to crack it.
A simple search on the internet told me 2 things.
1) This topic is heavily searched for.
2) Not a lot of people explain how to do it.
The first thing I found in my searches was that there is a secret super-user account called “Administrator” that exists with no password, but is hidden and can’t be accessed normally. To enable it, all you need to do is go into cmd.exe and type:
net user administrator /active:yes
(if you want to disable it, type “no” instead of “yes”)
This led to the first obstacle in my plan: I can’t access cmd.exe without logging into my brother’s account! This is where I was stuck for awhile. I tried lots of things. Holding F8 and starting in safe mode, or command prompt (but the login is still required). Using the Vista install disk hoping there was an option to boot with a command prompt to let me grab the file I wanted (there wasn’t). The only thing I could do with that disk was repair and reformat, which I didn’t want to do because it could possibly erase the file I needed.
A further search on google proved I was thinking along the right track… sort of. I needed a program that would boot before Vista would load and trap me at the login screen. I found one called NTPASSWD from http://home.eunet.no/pnordahl/ntpasswd/. It is a simple image file that you burn to a CD and boot load.
**For those of you who do not know what boot loading is or how to change the boot order, then I don’t recommend this because you could easily mess up your bios if you change options that don’t need to be changed**
For a basic walk-through, you can visit the programmer’s website:
http://home.eunet.no/pnordahl/ntpasswd/walkthrough.html
In a nutshell, this program asks where Windows is located on the hard disk and allows the user to perform a few functions. The function of interest being the enabling of the Administrator account. After you enable it, you save what you have done and restart it without the CD. When the Vista login screen appears, you will an account named “Administrator” that you can click on and logon with super-user privileges. There are other functions you can perform with this boot program, but there for our purposes, this is sufficient.
There you have it, 2 minutes to download, 2 minutes to burn, 2 minutes to load, 2 minutes to restart, and you are in the computer in less than 10 minutes with every administrator privilege you need.
**For those of us trying to be sneaky about it, simply disable the Administrator account before you restart the computer and no one will be the wiser.**
I’ve used this to fix problems with the NTLDR and bootconfig. works pretty well. Havent tried it for use with vista penetration.
I ‘ve tried a couple different ones. Ophcrack was pretty cool and it was easily boot loaded, and would get you access to a lot of the files on the computer; but I couldn’t get it to crack any of the account passwords. I gave up after about 10 minutes because it just wasn’t worth it when I can do it in 5 minutes with the boot loader I found.
What if we already provided a password to that Administrator account during windows installation? Then will it still be possible to do above?
I believe so. NTPASSWD also has the option to reset the password of an account. It words just fine on regular accounts, and I would assume it would work on the Admin account as well.
What a program, this worked where OPHCRACK and KON BOOT failed.
Little scary for a novice, read the step by step carefully.
Hmm this information could be little issue for some people… like Script kiddies ..
Tutorial is however well explained
True, for script kiddies, it is a perfect app with a tutorial. In fact I know someone who used this at their school to hack admin accounts in the computer lab. I have a cd with it just in case I ever need it (which I have twice).
Another new write-up with logical points, I have been a lurker here for a while but hope to be much more engaged in the foreseeable future.
holyy sh*t thanks