I have searched this topic on google and here-Knoppix to crack a Windows password

but not clear how to do it

I somehow blacked myself from my newly istalled WK pro install,now it wont accept my password

I booted from knoppix live cd-found these files, which contain password info
"winnt/repair/sam"

"winnt/system3"

but how do you open these,it wont open with open office writer or Kwrite

:( :(

duah55,

Even if you manage to open these files, they are most certainly encrypted. Which means you will be looking at really strange ASCII characters, of those, some may be viewable, and some may not, depending on the font used in the program you are viewing them in.

With an encypted file, you have to have a "key" to unlock the characters that they represent - which is probably maintained by the operating system. If I know Microsoft, thus any version of Windows, the encryption is probably 128 bit, or possibly even 256.

I have been able to "decypher" an encrypted file, but only when I knew what the data actually was, and also knew that all the data files by a specific program used the exact same encryption. The program I was working on was an old Fantasy Role Playing game, and I wanted to know all the possible functions a character could do. In the case of this programs encryption, it saved a number in front of the text that was used in (ASCII) value to shift the remaining letters (ASCII) value by that amount, left.

But, this form of "encryption" was seriously less than an encryption that would be used in an operating system.

Good luck figuring out your password encryption, you are going to need it - if you can manage to view the file.
Ms. Cuddles

I don't think files under Windows are encrypted, so just copy whatever is important to you then reinstall Windows. The SAM(at least the password stuff) however is encrypted and it is almost impossible to crack, so why bother.

You can even just install another copy of XP/W2K to a different directory and in general can open the files.

Before I reinstalled Windows I would try deleting the password files. What have you got to lose?

I cannot DELETE these 2 files under knoppix,thats the only way I can see to reset passwords, to blank

there must be a way,knoppix is promoted as a emergency repair solution?

It's not possible to retrieve your original password (exept if you brute force it and if you used a password with many letters that could take months-years).

Although it is possible to overwrite the password with a new one.
I've forgot how to do this but google might give you the answer.

But since you have a newely installed windows wouldn't it be easier to just reformat?

With a few qualifications -- this has nothing to do with Knoppix; your best bet would simply be to reformat and reinstall; I can't vouch for whether this works or whether it will simply trash Windows, having never tried it; I hope I'm not contributing to something illegal, immoral, or fattening --

-- with all that said, there is a boot floppy/boot CD named the Offline NT Password & Registry Editor (http://home.eunet.no/~pnordahl/ntpasswd/) that might do what you want.

Inorder to delete the files you would have to make the hard drive writeable. Right click on HDA1 and enable write to.

To mmcphilips: You can only write if the hd partition isn't ntfs...

I was of the understanding that the newest version of Knoppix could now handle NTFS.

I cannot DELETE these 2 files under knoppix,thats the only way I can see to reset passwords, to blank

there must be a way,knoppix is promoted as a emergency repair solution?

Hmmmm... (I guess it is?), but it is also an OS first.

As Eco2Geek said, this is really not a Knoppix issue though, because knoppix can boot your system, and as you said, it can gain access to your hardware, it just doesn't seem to allow you to delete specific files for another operating system - which, I might add, are not knoppix's responsibility to maintain.

Just cause you want to use Knoppix as a tool to do something in another OS, doesn't make that OS responsible if it doesn't, or can't...

What I would suggest, take it to M$ Windoes for resolution, hence my previous response, was to get the "jest" that editing it, or modifying the password files are hard to decypher, and if you can't get knoppix to assist in removal of the files, that I would go to Windows Support for resolve.

I Know of many "windows" specific forums (newsgroups) that you could post your issue to, and get a OS specific resolve to this. I don't work for, nor do I work with, M$ OS's, but I do run a Knoppix/GNU Linux OS, thus my answers tend to follow the OS I am running, I would think that a Forum, specific to M$ OS's, would also do the same.

As Bast, Nmcphillips, Eco2Geek, and anyone else, has stated, this kind of action could be possibly illegal, etc... and may simply "trash" your Windows installation - so, see if Windows has any information of this issue, they may have dealt with it a lot more than people who run Knoppix, or any other Linux variant, and lastly, you may have to re-install.

Just my thoughts,
Ms. Cuddles

I've never used this, but have seen it in action.

John the Ripper (http://www.openwall.com/john/)

What have you got to lose?

, this kind of action could be possibly illegal,

Whooo! It shall be illegal, to crack into you own OS?
I don't believe that!

If you own a house, and lost the key, do you buy a new house?

, this kind of action could be possibly illegal,

Whooo! It shall be illegal, to crack into you own OS?
I don't believe that!

If you own a house, and lost the key, do you buy a new house?

Ok, Ok, calm down, take ten breathes, slowly....

What I was saying, that "cracking" a password can be used for other systems, not just your own... Add this this that many people can transfer information to a "company" machine, and even though a "company" machine is used by someone on there desk, it doesn't belong to them, thus, my statement...

This all comes down to the "gun" laws, and what the "gun police" say: "its not the gun who kills people, but the person using it..." -=- Considering the "initial" post here, I was seeing "knoppix" as the gun, and took the "initiative" of considering the thought of it being used for other purposes, by any user of it. As in your example User Unknown, if its my house, and "I" lost my key, I wouldn't buy a new house, but, I wouldn't give my key, to my house, to a known theif, or robber either - no inferance intended to anyone in this post, just the thoughts of the corrolation.

Gun = Tool
Knoppix = Tool
Tool = Good or Bad - depending on the person using it - and considering that anyone reads these posts - I was covering my rump :)

Honesty is always the best policy - but don't use "apt-cache search" for it -=-
Ms. Cuddles

Well - duah55 was only talking about his newly installed win.

We know that it is pretty simple to get root-access on a linux-machine, you have physical access to.
It's a bit harder, to crack into, without leaving too much and too obvious tracks.

I guess it's pretty hard, to crack into a smaller system, install a permanent backdoor, and hiding your tracks.

I don't know whether it's possible, to crack the win-passwords - perhaps to replace the file with encrypted passwords, you take from another machine, but if it's easily possible, I think everybody should know.

as eco2geek said

knoppix is not a solution
delete or empty or modify the SAM file will corrupt your win os
==> you won't be able to boot it anymore

get ultimate boot cdrom

after booting on it
==> F2 (file system tools)
==> F6 (a trusted nt pass manager for blanking admin nt pass)

All information that is contained within is for use only on your own personal systems, if caught doing anything illegal the author takes no responceability for the actions taken, you have been advised.

Now this information is incomplete since I just remember all of my passwords that I use in my head, and have never needed to use it, plus I create my own backdoors to my information i.e. I backup keys, and create parallel hidden users for all of my software.

Check out the newest issue of http://www.thebroken.org/ for the gist of how to do this, it is also available under one of Kevin Rose's (same dude, you can also ask on thebroken's forums) dark tips from thescreensavers.com, but their site is down. You need to get a copy of the program of SAMInside though to do it, which must be run on windows. Have you tried though (if you didn't install an admin password at boot) at the login screen hittin CTRL+ALT+DEL twice to bring up the old WinNT login screen and used administrator with the password, or if you have home or didn't do it in Pro, using the default password (absoltely nothing) with the Administator login.

Now as far as encription goes, in windows (HA HA HA HA Windows... Security... same sentence). By default windows keeps an old Lan Manager Password as one of the 'encripted' password hashes for all of the users (so that Older windows systems can network to it) and this hash is a joke, it takes the password and converts it all to two different hashes and then before conversion makes them all uppercase for the hash, so if you use a brute force cracker it doesn't take that long, (it removes 26 possible characters from the dictionary, and if I remember correctly, it adds even removes the numbers to make them into the special characters, but I am not 100% sure) so on most systems the password can be cracked in a number of hours. but by that time you will probably remember the actual characters of you password.

The other method is on Knoppix-STD is to replace the sam hashes to change the characters to a new password, but you lose access to ALL of the files that are encripted. But that is only if the files are encripted. There is also a way to do this if you want to try to find it in the MS Knowledge base, but it is a pain in the ass from what I remember (why is it available, so that when any networking GURU at work loses his passwords, he can fix it without hosing the network, there is a way to do this for all of the Network Operating Systems that are availble, but in Novell 4.11 it requires physical acess to the Server).

Hope I helped some.

, this kind of action could be possibly illegal,

Whooo! It shall be illegal, to crack into you own OS?
I don't believe that!

If you own a house, and lost the key, do you buy a new house?

You'll have to burn it down first so you can collect the insurance.
;)

Here's a boot disk with this specific capability (listed in the boot menu). Have tried it on both Win 2K and XP machines with complete success.
- Your results may vary.

Uses Linux to rewrite the existing password file. It searches a default dir for the file but also gives you the capability to search specific dirs. Also, I don't believe that it is possible to view the encrypted file, only rewrite it.

The site and documentation is pretty easy to understand WRT configuring the image of the disk. Utilities are also available to add/remove utilities on the boot disk.

http://ebcd.pcministry.com/

Hope it helps. Saved me from slicking my HDD.

The following depicted acts may be illegal in states/countries and is intented for informational use only


ok well as soon as i saw this i was going recommend www.thebroken.org but looks like someone allready did any way might aswell add my bit

start with a bootable linux cd. I like knoppix-std as do they it's full of cool security tools.

once you bypass the start up you need to run a program called ntpassword.

Like you said your after the password and all local windows passwords are stored in the windows/system32/config directory in the sam file.

now the password is encypted and stored as a hash.

ntpassword works by using password hash insertion. That means inserting a new password hash that you have created right into the sam.

now you simpley reboot choose the account to overwrite and type in the new password.

now doing that you can't read any files using the windows encypted file system (EFS)

for that your going to need the original password.

just back up the sam and sytem files and use the saminside program to extract the encypted hash.

then you can use l0phtcrack to use dictonary and brute force to crack the password. now this is the time consuming part deppending on your password it can take several minutes or several months to crack it.

now if it's windows xp it creates to password hashes an nt hash and an lm hash. lm hases where used for old OS like 98 95 and basically are a lot easier to crack

anyway i hope this help and also wish i could take credit for this but all credit to the guys at www.thebroken.org nice job guys

For future reference, Yes the is a way to crack your windows passwords using knoppix. Too much to explain here, go to www.thebroken.org and watch the videos, they will explain in detail how to crack an lmhash.

Oops, sorry for the rotundant info. I only saw the first page. my bad.

I don't think you can crack the password file. All the programs out there basically tell you that the sam files are not breakable yet. So if you are likely to reinstall windows you may try this as a last resort. You could back up your files using linux, then remove the password files that windows uses. Then boot to windows and see if it repairs the file for you on boot up. Windows does this with other files that get removed. Of course the flip side is that it may never be usable again and you still have to reinstall the OS. So...You got nothing to lose.

@stake works great

This URL will give you the tool to change (not recover) your XP password.
Good luck and be sure to read the fine print. You won't be able to recover any encrypted files unless you can remember the original PW.
http://home.eunet.no/~pnordahl/ntpasswd/