If you ever forget your Microsoft Windows, no worries because when Windows saves your user passwords, it stores them in a SAM file. It stores users’ passwords in a hashed format (in LM hash and NTLM hash). Since a hash function is one-way, this provides some measure of security for the storage of the passwords.
Requirements:
A USB Flash drive with Linux installed (i use kali linux)
A Windows with password installed on it.
If you don’t know how to install windows on USB drive follow this tutorial HERE:
1- Insert the USB drive in your machine.
2- From the boot menu select Live (first option)
The username and password is root:toor
Now login to your kali linux desktop and open the terminal and write “sfdisk –l” to list drives:
Now follow these steps to mount the Windows partition which in this case is /dev/sad2
1- Mount the hard drive partition that the Windows installation:
sudo mount /dev/sda2 /mnt/Microsoft/
2- Navigate to the directory where the SAM file is in:
cd /mnt/Microsoft/Windows/System32/config/
3- List the users on the computer contained in the SAM file.
sudo chntpw -l SAM
Type 1 (Edit user data and passwords):
Type your user account name:
Type 1 to clear the user password or 2 to set a new password for the Hacker-PC user, then quit and save the changes:
Reboot into Windows and remove the USB, then select Sign in and you will be logged in without the need for password!!
Hacking Tips & Tricks - Labs Walkthrough - Infosec Articles 