If you are unable to log into your computer, you can restore access to Windows by following few easy steps.
- First step should be downloading ISO image with Kali Linux distribution from http://www.kali.org/. It should be placed on USB memory stick. That way we can use it without installing it on your hard drive. Detailed steps how to do this can be found here or here.
- Put pendrive into Windows computer you lost access to. After booting it from Kali Linux memory stick we must open the console window. As default Kali Linux is started with Graphic User Interface, and you can find the console in top left screen corner. Just click the icon called „Terminal”.
- Probably Windows hard drive / partition contaignin hashed passwords is not mounted. To be able to read stored passwords you must make it browsable. For the purpose of this tutorial we assume that we do not know which partition/drive contains operation system, so we have to check all of them. Enter following command in opened terminal window: ls /dev/ |grep sd. You should get device list simillar to one pictured.
- In linux environment everything is a file, so we must create directory in whith mounted drive will show up. For the puropose of this tutorial we created directory “partitions” inside directory “media”. Remember to create different directory for every mounted drive. To create partition use commend mkdir /media/partitions
- Now we will mount all found devices. For example to mount sda2 disk you must enter mount /dev/sda2/ /media/partitions/.
If everything is ok. there will be no info, if anything goes wrong you will be notified.
- Execute cd /media/partitions to enter directory where device was mounted. You can list all files and direcotires inside by executing ls –a. If you find „Documents and Settings” or „Windows” directories inside you probably found system drive we were looking for.
- In order to recover hashed passwords from Windows files we will use tool named ophcrack. It have graphic interfase and is available in Aplications -> Kali Linux -> Password Attacks -> Offline Attacks -> ophcrack
- After starting the software go to Load -> Encrypted SAM, find directory where you mounted system drive and go to Windows/System32/config. It is most common place to store SAM file. Click Open and software should list all Windows user with their encrypted passwords.
- You can past found hash right into our service or save it as pwdump to be able to upload the file to our service. To save the file go to Save -> Save to file, and name it using .pwdump.
- Remember to open file in text editor (Windows Notepad or Linux Vi) and leave only one line of text containing user name and password you want to crack.