segunda-feira, 29 de maio de 2023

Removing Windows 8/8.1 Password With CHNTPW



[Update] If you want to recover Windows 8/8.1 passwords instead of removing them see this tutorial

So we are back. About a Year ago I wrote a post on how to remove Windows Password using CHNTPW but many readers complained that it was not working on Windows 8. I tried myself on many it worked but once I also got stuck. So I did a little work around. In this tutorial I'm going to show you how to remove Windows 8/8.1 passwords using CHNTPW. Well it's little bit tedious than the older one but believe me it's fun too.


Background:

Let's get started with a little bit background. Windows OSs have a User known as Administrator which is hidden by default. This user is there for security reasons (maybe it's the way around). Most of the users who use Windows are lame, sorry to say that but I'm not talking about you, they don't even know that such an invisible account exists so it is almost everytime without a password. But this Administrator user is a SU (Super User), that means you work wonders once you get access to this account. So our first task will be to make it visible and then we'll access it and using it's power privilages we'll remove password of other accounts (which is not really neccessary cuz you can access any user folder or file using Administrator Account).


Requirements:

1. Physical Access to the Victems computer.
2. A Live Bootable Kali/Backtrack Linux Pendrive or DVD.
    (You can downoad Kali Linux here)


Steps:

1. Plug in the Live Bootable Pendrive/DVD into to victim's computer and then boot from it.

2. After accessing kali linux (I'm using Kali Linux) from victim's computer open a terminal.

3. Now we have to mount the drive on which the victim's OS is loaded. In my case it is sda2. So in order to mount that drive I'll type the command:
mount /dev/sda2 /media/temp



this means that I'm mounting the drive in folder /media/temp if you haven't created a temp folder in /media then you must create one by typing these command:
cd /
mkdir /media/temp

4. After mounting the OS we need to access the SAM file and make visible Administrator account using chntpw. It's so simple lemme show you how.
first we'll navigate to /media/temp/Windows/System32/config:
cd /media/temp/Windows/System32/config

now we display the list of users on our victim's computer:
chntpw SAM -l



You'll see an Administrator User there which is disabled. Now we'll enable that:
chntpw SAM -u Administrator



now type 4 and hit return



press 'y' to save changes to SAM file.



OK voila! the hard part is done.

5. Now restart your Computer and take out your Pendrive/DVD from your computer and boot into windows 8 OS. You should be able to see Administrator User on Logon screen now. If not then look for a backward pointing Arrow besides the user Login Picture. Click on that Arrow and you should see an Administrator User. Click on the Administrator Account and wait for a while until windows 8 sets it up.

6. After a while you get Access to the computer and you can access anything. Enjoy :)

7. What you want to remove the password? I don't think it's a stealth mode idea, is it? OK I'll tell you how to do that but It's not a good hacker way of doing.
Open up the command prompt, simple way to do it is:

Press Ctrl + 'x' and then Press 'a' and if prompted click yes.
After that Enter following commands:

net user
(This command will display all users on computer)

net user "User Name" newPassword 
(This Command will change the Password of User Name user to newPassword).
OK you're done now logout and enter the new password. It will work for sure.

8. If you want to disable the Administrator Account again then type in command prompt:
net user Administrator /active:no

I tried it on Windows 8/8.1 all versions and it works. Guess what it works on all windows OSs.

Hope you enjoyed this tutorial. Don't forget to share it and yes always read the Disclaimer.
Related news

Vsftpd Backdoor - Ekoparty Prectf - Amn3S1A Team

It's a 32bits elf binary of some version of vsftpd, where it have been added a backdoor, they don't specify is an authentication backdoor, a special command or other stuff.

I started looking for something weird on the authentication routines, but I didn't found anything significant in a brief period of time, so I decided to do a bindiff, that was the key for locating the backdoor quickly. I do a quick diff of the strings with the command "strings bin | sort -u" and "vimdiff" and noticed that the backdoored binary has the symbol "execl" which is weird because is a call for executing elfs, don't needed for a ftp service, and weird that the compiled binary doesn't has that symbol.





Looking the xrefs of "execl" on IDA I found that code that is a clear backdoor, it create a socket, bind a port and duplicate the stdin, stdout and stderr to the socket and use the execl:



There are one xrefs to this function, the function that decides when trigger that is that kind of systems equations decision:


The backdoor was not on the authentication, it was a special command to trigger the backdoor, which is obfuscated on that systems equation, it was no needed to use a z3 equation solver because is a simple one and I did it by hand.



The equation:
cmd[0] = 69
cmd[1] = 78
cmd[1] + cmd[2] = 154
cmd[2] + cmd[3] = 202
cmd[3] + cmd[4] = 241
cmd[4] + cmd[5] = 233
cmd[5] + cmd[6] = 217
cmd[6] + cmd[7] = 218
cmd[7] + cmd[8] = 228
cmd[8] + cmd[9] = 212
cmd[9] + cmd[10] = 195
cmd[10] + cmd[11] = 195
cmd[11] + cmd[12] = 201
cmd[12] + cmd[13] = 207
cmd[13] + cmd[14] = 203
cmd[14] + cmd[15] = 215
cmd[15] + cmd[16] = 235
cmd[16] + cmd[17] = 242

The solution:
cmd[0] = 69
cmd[1] = 75
cmd[2] = 79
cmd[3] = 123
cmd[4] = 118
cmd[5] = 115
cmd[6] = 102
cmd[7] = 116
cmd[8] = 112
cmd[9] = 100
cmd[10] = 95
cmd[11] = 100
cmd[12] = 101
cmd[13] = 106
cmd[14] = 97                    
cmd[15] = 118
cmd[16] = 117
cmd[17] = 125


The flag:
EKO{vsftpd_dejavu}

The binary:
https://ctf.ekoparty.org/static/pre-ekoparty/backdoor


More articles


  1. Hack Tool Apk No Root
  2. Ethical Hacker Tools
  3. Tools For Hacker
  4. Pentest Tools Tcp Port Scanner
  5. Hackers Toolbox
  6. Pentest Tools For Ubuntu
  7. Hack Tools For Pc
  8. Hack Tools For Pc
  9. New Hacker Tools
  10. Hack Tools
  11. Hacking Tools Pc
  12. Tools Used For Hacking
  13. Tools For Hacker
  14. Hack Tools Pc
  15. Hacker Techniques Tools And Incident Handling
  16. Free Pentest Tools For Windows
  17. Hacker Search Tools
  18. Hacking Tools Online
  19. Hacks And Tools
  20. Hacking Tools For Pc
  21. Pentest Tools Download
  22. Pentest Tools For Windows
  23. Hacker Security Tools
  24. Hack Tools For Pc
  25. Hack And Tools
  26. Hack Tools For Mac
  27. Pentest Tools Framework
  28. Hack Tools 2019
  29. Tools For Hacker
  30. Pentest Tools For Windows
  31. Pentest Tools Port Scanner
  32. Hack Tools
  33. Hack And Tools
  34. Hack Tools 2019
  35. Hacking Apps
  36. How To Install Pentest Tools In Ubuntu
  37. Best Hacking Tools 2020
  38. Pentest Tools Github
  39. Hacker Tools For Pc
  40. Hacking Tools 2020
  41. Nsa Hack Tools Download
  42. Tools For Hacker
  43. Pentest Reporting Tools
  44. How To Make Hacking Tools
  45. Hack Tools
  46. Kik Hack Tools
  47. New Hacker Tools
  48. Game Hacking
  49. Hacker Tools 2020
  50. Wifi Hacker Tools For Windows
  51. Tools 4 Hack
  52. Hacking Tools Name
  53. Bluetooth Hacking Tools Kali
  54. Hacking Tools 2019
  55. Hacking Tools For Beginners
  56. Pentest Tools Framework
  57. Hacking Tools
  58. Hacking Tools Pc
  59. Hacker Tools Windows
  60. Pentest Tools Free
  61. Best Pentesting Tools 2018
  62. Hacking Tools Online
  63. Hacker Tools Linux
  64. Hacking Tools Windows 10
  65. Hack Tools For Ubuntu
  66. What Are Hacking Tools
  67. Nsa Hack Tools Download
  68. Hack App
  69. Pentest Tools Free
  70. Hack Tools For Ubuntu
  71. Hacker Tools
  72. Pentest Tools
  73. Hacker Tools Mac
  74. Hacker Techniques Tools And Incident Handling
  75. Hack Tools Download
  76. Hacker Techniques Tools And Incident Handling
  77. Hacking Tools Windows 10
  78. Pentest Tools Website Vulnerability
  79. Hack Tool Apk No Root
  80. Hack Tools For Pc
  81. Hack Tools
  82. Pentest Tools Framework
  83. Ethical Hacker Tools
  84. Hacker Techniques Tools And Incident Handling
  85. How To Hack
  86. Tools 4 Hack
  87. Top Pentest Tools
  88. Underground Hacker Sites
  89. Hacking Tools Mac
  90. Game Hacking
  91. Pentest Tools Review
  92. Pentest Tools Download
  93. Hacks And Tools
  94. How To Make Hacking Tools
  95. Game Hacking
  96. Hack Tools For Ubuntu
  97. Pentest Tools Website Vulnerability
  98. Hacker Tools 2020
  99. Hacker Tools Windows
  100. What Are Hacking Tools