Every couple of months I am asked: “How to Break into a Windows Computer”. Many circumstances exist for asking this question. I investigate fully before I answer or resolve the issue.
To a certified “White Hacker”, the knowledge to penetrate and circumvent Windows security is one of your basic tools in your arsenal for serving your clients.
Table of Contents
Reasons for Requiring to Break Into a Windows Computer
- A disgruntled employee changed all the administrative passwords, preventing employer access.
- The computer is fully “RAT’ed” and as a result, the password has been changed.
- User forgot their Original Password
- Bought a Used Computer and do not have access to the operating system.
- You are just “locked out”
What is “RAT’ed”?
Short for Remote Access Trojan, a Trojan horse that provides the intruder, or hacker, with a backdoor into the infected computer system. This backdoor allows the hacker to snoop your system, grab all your passwords and data, use all your peripherals (web camera), use your infected system to launch a zombie (attacks on other systems), or even run malicious code.RAT Defintion
This is a Script Kiddies’ first step and their primary tool. It is very easy to do.
Windows Security is (very) Simple to Get Through
There is a tool that I have used for over a decade to reset or create NEW administrative passwords. I have used this tool on Windows 95, 98, 2000, XP, 7, 8, 8.1, 10, etc. This tool has saved my bacon many times.
It is critical when changing the password that you ensure that the new SAM is written to the Operating System correctly. It is also critical not to corrupt the LSA.
What is a SAM?
Windows stores and manages the local user and group accounts in a database file called Security Account Manager (SAM). it is known that Windows computers can be configured to be in a workgroup or joined to a domain. In a workgroup, each computer holds its own SAM which contains information about all its local user and group accounts. The passwords associated with each of these accounts are hashed and stored in the SAM. The hashing of passwords offer some measure of security and minimize the risks of an attack.SAM is the integral part of every Windows Computer Security.
What is LSA?
The Local Security Authority (LSA) validates a user’s logon attempt by verifying their credentials against the data stored in the SAM. A user’s logon attempt is successful only when the entered password matches the password stored in the local SAM.LSA is the feature that you are updating to gain access to a Windows Computer
I preface the information below saying that you need a high level of skill to use the tools outlined below. Failure to have the foundational knowledge for the application of these tools can and will result in lost data or access to the computer as a whole.
This is not the tool to use IF your computer(s) have Bitlocker, TrueCrypt, or VeraCrypt in place. That is an entirely different article and set of tools.
What is BitLocker?
BitLocker is a full volume encryption feature included with Microsoft Windows versions starting with Windows Vista. It is designed to protect data by providing encryption for entire volumes. By default, it uses the AES encryption algorithm in cipher block chaining or XTS mode with a 128-bit or 256-bit key.Wikipedia
Steps on How to Break into a Windows Computer
- Download the Offline NT Password & Registry Editor
- Build a bootable USB drive using your favorite tool (i.e. Rufus)
- Run your USB Drive Tool, Select NT Password ISO file, Create bootable Drive.
- Boot to your newly created Bootable USB Drive (thumb drive)
- Boot to default settings on the drive
- Confirm and select your “Possible windows installations found:”. You are selecting your Windows boot installation partition.
- If you do not see your Windows install then you may need to load disk drivers or select an alternate open from the status menu.
- Select your partition
- Ignore the list of password-related files (blf files, regtrans-ms , etc.)
- Select “1” -> “Password Reset [sam]” (Say away from Recover Console option.
- Choose “1” -> “Edit user data and passwords”
- You have access to all user accounts on the computer. Choose the “RID” of the account you want to change the password for.
- You can now see the state of the account (Disabled, Pwd don’t exir, Normal account, etc.)
- Choose option “2” -> “Unlock and enable user account”
- Secondly, choose option “1” clear (blank) user password
- q to quit
- You can now write out the altered HIVE. Write the HIVE “y”
- You now have the option to edit another account select “n”
- Eject your USB drive
- Press Ctrl-Alt-Del and you should have full access to the computer using the Admin account with NO password.
- On reboot, Windows will rebuild the Admin account.
You now have full access to your computer and all data.
This is the easiest and most efficient solution I have used for Breaking into a Windows Computer. This software is freeware and just works. Breaking to a Windows computer is done in under a minute. Your clients will love you.
THIS SOFTWARE AND ARTICLE COME WITH NO WARRANTY WHATSOEVER. THE AUTHOR IS NOT RESPONSIBLE FOR ANY DAMAGE CAUSED BY THE (MIS)USE OF THIS SOFTWARE!
Do you Disce? iDisce!