Removing Windows 8/8.1 Password With CHNTPW

[Update] If you want to recover Windows 8/8.1 passwords instead of removing them see this tutorial

Cracking Windows 8/8.1 passwords with Mimikatz

So we are back. About a Year ago I wrote a post on how to remove Windows Password using CHNTPW but many readers complained that it was not working on Windows 8. I tried myself on many it worked but once I also got stuck. So I did a little work around. In this tutorial I'm going to show you how to remove Windows 8/8.1 passwords using CHNTPW. Well it's little bit tedious than the older one but believe me it's fun too.

Background:

Let's get started with a little bit background. Windows OSs have a User known as Administrator which is hidden by default. This user is there for security reasons (maybe it's the way around). Most of the users who use Windows are lame, sorry to say that but I'm not talking about you, they don't even know that such an invisible account exists so it is almost everytime without a password. But this Administrator user is a SU (Super User), that means you work wonders once you get access to this account. So our first task will be to make it visible and then we'll access it and using it's power privilages we'll remove password of other accounts (which is not really neccessary cuz you can access any user folder or file using Administrator Account).

Requirements:

1. Physical Access to the Victems computer.
2. A Live Bootable Kali/Backtrack Linux Pendrive or DVD.
    (You can downoad Kali Linux here)

Steps:

1. Plug in the Live Bootable Pendrive/DVD into to victim's computer and then boot from it.

2. After accessing kali linux (I'm using Kali Linux) from victim's computer open a terminal.

3. Now we have to mount the drive on which the victim's OS is loaded. In my case it is sda2. So in order to mount that drive I'll type the command:
mount /dev/sda2 /media/temp

this means that I'm mounting the drive in folder /media/temp if you haven't created a temp folder in /media then you must create one by typing these command:
cd /
mkdir /media/temp

4. After mounting the OS we need to access the SAM file and make visible Administrator account using chntpw. It's so simple lemme show you how.
first we'll navigate to /media/temp/Windows/System32/config:
cd /media/temp/Windows/System32/config

now we display the list of users on our victim's computer:
chntpw SAM -l

You'll see an Administrator User there which is disabled. Now we'll enable that:
chntpw SAM -u Administrator

now type 4 and hit return

press 'y' to save changes to SAM file.

OK voila! the hard part is done.

5. Now restart your Computer and take out your Pendrive/DVD from your computer and boot into windows 8 OS. You should be able to see Administrator User on Logon screen now. If not then look for a backward pointing Arrow besides the user Login Picture. Click on that Arrow and you should see an Administrator User. Click on the Administrator Account and wait for a while until windows 8 sets it up.

6. After a while you get Access to the computer and you can access anything. Enjoy :)

7. What you want to remove the password? I don't think it's a stealth mode idea, is it? OK I'll tell you how to do that but It's not a good hacker way of doing.
Open up the command prompt, simple way to do it is:

Press Ctrl + 'x' and then Press 'a' and if prompted click yes.
After that Enter following commands:

net user
(This command will display all users on computer)

net user "User Name" newPassword 
(This Command will change the Password of User Name user to newPassword).
OK you're done now logout and enter the new password. It will work for sure.

8. If you want to disable the Administrator Account again then type in command prompt:
net user Administrator /active:no

I tried it on Windows 8/8.1 all versions and it works. Guess what it works on all windows OSs.

Hope you enjoyed this tutorial. Don't forget to share it and yes always read the Disclaimer.

Related news

• Pentest Tools Bluekeep
• Hack Tools For Games
• Underground Hacker Sites
• Hacker Tools For Ios
• Top Pentest Tools
• Usb Pentest Tools
• Pentest Box Tools Download
• Nsa Hack Tools
• Best Hacking Tools 2019
• Hacker Tools Github
• Hacker Tools For Pc
• Hacking Tools Pc
• Hacking Tools 2020
• Hack Tools For Pc
• Hack Apps
• Hack Tools
• Hacking Tools Kit
• Hacking Tools For Windows Free Download
• Android Hack Tools Github
• Best Pentesting Tools 2018
• Pentest Tools Open Source
• Hacking Tools 2019
• Pentest Tools Linux
• Pentest Tools
• Hack Tool Apk No Root
• Hack Tools Mac
• Hack Tools 2019
• Pentest Reporting Tools
• Black Hat Hacker Tools
• Pentest Recon Tools
• Ethical Hacker Tools
• Hacker Hardware Tools
• Hacker Tools For Ios
• Hacker Tools Apk
• Kik Hack Tools
• Hacker
• Beginner Hacker Tools
• Hacker Tools Windows
• Nsa Hack Tools Download
• Hacker Tools For Ios
• Hacking Tools Download
• Pentest Recon Tools
• Hacking Tools Usb
• Growth Hacker Tools
• Install Pentest Tools Ubuntu
• Hack Apps
• Hak5 Tools
• Hacking Tools Windows 10
• Hacker Tools Free Download
• Physical Pentest Tools
• Nsa Hack Tools
• How To Install Pentest Tools In Ubuntu
• Hack Tools Github
• Hacker Tools Apk Download
• Pentest Tools Open Source
• Pentest Tools Github
• Pentest Tools Windows
• Hacker Tools Mac
• Pentest Tools Tcp Port Scanner
• Hack Website Online Tool
• Best Pentesting Tools 2018
• Hack App
• Hacking Tools Windows
• Nsa Hack Tools
• Install Pentest Tools Ubuntu
• Hacker Tools For Pc
• Pentest Tools Apk
• Best Pentesting Tools 2018
• Hack Tools For Games
• Pentest Recon Tools
• Blackhat Hacker Tools
• Hack Tools Download
• Best Pentesting Tools 2018
• What Are Hacking Tools
• Hacker
• Nsa Hack Tools
• Easy Hack Tools
• New Hacker Tools
• Pentest Tools For Mac
• Hacker Tools Hardware
• Pentest Tools Website
• Hacking Tools 2019
• Pentest Tools Framework
• Hacking App
• Hacker Tools Windows
• Github Hacking Tools
• Nsa Hacker Tools
• Pentest Reporting Tools
• Hack Tools For Games
• Hacking Tools Windows 10
• Hack Rom Tools
• Hacker Hardware Tools
• Pentest Tools For Android
• Hacker Tools List
• Wifi Hacker Tools For Windows
• Pentest Tools Github
• Android Hack Tools Github
• Pentest Tools
• Pentest Tools For Ubuntu
• Hacker Hardware Tools
• Pentest Tools Website Vulnerability
• Hacker Tools Mac
• Hacking Tools And Software
• Hack Tools For Mac
• Hacker Tools For Mac
• Hacking Tools For Windows 7
• Game Hacking
• Hack Tools Download
• Nsa Hack Tools Download
• Pentest Tools Linux
• Hack App
• Hacker Hardware Tools
• Nsa Hack Tools Download
• Pentest Tools Free
• Hacking Tools For Pc
• Pentest Tools Kali Linux

Vsftpd Backdoor - Ekoparty Prectf - Amn3S1A Team

It's a 32bits elf binary of some version of vsftpd, where it have been added a backdoor, they don't specify is an authentication backdoor, a special command or other stuff.

I started looking for something weird on the authentication routines, but I didn't found anything significant in a brief period of time, so I decided to do a bindiff, that was the key for locating the backdoor quickly. I do a quick diff of the strings with the command "strings bin | sort -u" and "vimdiff" and noticed that the backdoored binary has the symbol "execl" which is weird because is a call for executing elfs, don't needed for a ftp service, and weird that the compiled binary doesn't has that symbol.

Looking the xrefs of "execl" on IDA I found that code that is a clear backdoor, it create a socket, bind a port and duplicate the stdin, stdout and stderr to the socket and use the execl:

There are one xrefs to this function, the function that decides when trigger that is that kind of systems equations decision:

The backdoor was not on the authentication, it was a special command to trigger the backdoor, which is obfuscated on that systems equation, it was no needed to use a z3 equation solver because is a simple one and I did it by hand.

The equation:

cmd[0] = 69

cmd[1] = 78

cmd[1] + cmd[2] = 154

cmd[2] + cmd[3] = 202

cmd[3] + cmd[4] = 241

cmd[4] + cmd[5] = 233

cmd[5] + cmd[6] = 217

cmd[6] + cmd[7] = 218

cmd[7] + cmd[8] = 228

cmd[8] + cmd[9] = 212

cmd[9] + cmd[10] = 195

cmd[10] + cmd[11] = 195

cmd[11] + cmd[12] = 201

cmd[12] + cmd[13] = 207

cmd[13] + cmd[14] = 203

cmd[14] + cmd[15] = 215

cmd[15] + cmd[16] = 235

cmd[16] + cmd[17] = 242

The solution:

cmd[0] = 69

cmd[1] = 75

cmd[2] = 79

cmd[3] = 123

cmd[4] = 118

cmd[5] = 115

cmd[6] = 102

cmd[7] = 116

cmd[8] = 112

cmd[9] = 100

cmd[10] = 95

cmd[11] = 100

cmd[12] = 101

cmd[13] = 106

cmd[14] = 97                    

cmd[15] = 118

cmd[16] = 117

cmd[17] = 125

The flag:

EKO{vsftpd_dejavu}

The binary:
https://ctf.ekoparty.org/static/pre-ekoparty/backdoor

More articles

1. Hack Tool Apk No Root
2. Ethical Hacker Tools
3. Tools For Hacker
4. Pentest Tools Tcp Port Scanner
5. Hackers Toolbox
6. Pentest Tools For Ubuntu
7. Hack Tools For Pc
8. Hack Tools For Pc
9. New Hacker Tools
10. Hack Tools
11. Hacking Tools Pc
12. Tools Used For Hacking
13. Tools For Hacker
14. Hack Tools Pc
15. Hacker Techniques Tools And Incident Handling
16. Free Pentest Tools For Windows
17. Hacker Search Tools
18. Hacking Tools Online
19. Hacks And Tools
20. Hacking Tools For Pc
21. Pentest Tools Download
22. Pentest Tools For Windows
23. Hacker Security Tools
24. Hack Tools For Pc
25. Hack And Tools
26. Hack Tools For Mac
27. Pentest Tools Framework
28. Hack Tools 2019
29. Tools For Hacker
30. Pentest Tools For Windows
31. Pentest Tools Port Scanner
32. Hack Tools
33. Hack And Tools
34. Hack Tools 2019
35. Hacking Apps
36. How To Install Pentest Tools In Ubuntu
37. Best Hacking Tools 2020
38. Pentest Tools Github
39. Hacker Tools For Pc
40. Hacking Tools 2020
41. Nsa Hack Tools Download
42. Tools For Hacker
43. Pentest Reporting Tools
44. How To Make Hacking Tools
45. Hack Tools
46. Kik Hack Tools
47. New Hacker Tools
48. Game Hacking
49. Hacker Tools 2020
50. Wifi Hacker Tools For Windows
51. Tools 4 Hack
52. Hacking Tools Name
53. Bluetooth Hacking Tools Kali
54. Hacking Tools 2019
55. Hacking Tools For Beginners
56. Pentest Tools Framework
57. Hacking Tools
58. Hacking Tools Pc
59. Hacker Tools Windows
60. Pentest Tools Free
61. Best Pentesting Tools 2018
62. Hacking Tools Online
63. Hacker Tools Linux
64. Hacking Tools Windows 10
65. Hack Tools For Ubuntu
66. What Are Hacking Tools
67. Nsa Hack Tools Download
68. Hack App
69. Pentest Tools Free
70. Hack Tools For Ubuntu
71. Hacker Tools
72. Pentest Tools
73. Hacker Tools Mac
74. Hacker Techniques Tools And Incident Handling
75. Hack Tools Download
76. Hacker Techniques Tools And Incident Handling
77. Hacking Tools Windows 10
78. Pentest Tools Website Vulnerability
79. Hack Tool Apk No Root
80. Hack Tools For Pc
81. Hack Tools
82. Pentest Tools Framework
83. Ethical Hacker Tools
84. Hacker Techniques Tools And Incident Handling
85. How To Hack
86. Tools 4 Hack
87. Top Pentest Tools
88. Underground Hacker Sites
89. Hacking Tools Mac
90. Game Hacking
91. Pentest Tools Review
92. Pentest Tools Download
93. Hacks And Tools
94. How To Make Hacking Tools
95. Game Hacking
96. Hack Tools For Ubuntu
97. Pentest Tools Website Vulnerability
98. Hacker Tools 2020
99. Hacker Tools Windows
100. What Are Hacking Tools