[CentOS] Re: Breaking Windows XP user password?

Thu Jan 24 17:25:07 UTC 2008
John Plemons <john at mavin.com>

I have used a free password cracking service that was found in Google...

It is a free service if you want to wait the 72 hours for the password, 
if you need it ASAP, they do that for a fee..  ($29.95)

http://www.loginrecovery.com/

You create a boot disk that retrieves the info from the machine you are 
trying to recover the password from, then you upload to the 
http://www.loginrecovery.com site and wait...

There is also a neat trick that I found on the web again by searching, 
you will need the install CD and will start a install in the machine, at 
one point there is a Window where you hit Alt F10 if my memory is 
correct and it takes you into the machines user utility where you can 
reset and change passwords as you wish...  Sorry did it about a year ago 
and don't remember the specifics, but it too was found in a google search...

john plemons








Scott Silva wrote:
> on 1/24/2008 6:10 AM Scott Ehrlich spake the following:
>> Granted this is not a UNIX system, but in case there is a UNIX tool 
>> to accomplish the goal...
>>
>> I am looking for a bootable CD/DVD (or application to be placed on a 
>> CD/DVD to be made bootable) that can let me mount a Windows XP 
>> drive/partition (SP1 or SP2), and force-crack the admin password 
>> (even if admin account name has been changed, but I know what it has 
>> been changed to).  The application cannot write to the hard drive - 
>> only mount it read-only, read the password file into ram, and show 
>> the cracked password.
>>
>> I know I can use the pnordahl utility to try and force-change the 
>> password, but I actually want to crack it.
>>
>> The utility should be free.
>>
>> This is a legal request.
>>
>> Thanks for leads.
>>
>> Scott
> XP passwords are stored as hashes. You need to brute-force guess and 
> compare the created hashes to the stored ones.
> If the user has the same password stored in programs like outlook 
> express, that is much easier.
>
> But forensically, changing the password to gain access is usually 
> sufficient.  Knowing the original password is not that valuable in a 
> legal scenario, as you will need a warrant anyway to access anything 
> else that might be protected by that password.
>
> If it is that critical, find a certified PC forensics specialist. One 
> misstep on your part will make the evidence worthless in court.
>
> ------------------------------------------------------------------------
>
> _______________________________________________
> CentOS mailing list
> CentOS at centos.org
> http://lists.centos.org/mailman/listinfo/centos
>   
> ------------------------------------------------------------------------
>
> No virus found in this incoming message.
> Checked by AVG Free Edition. 
> Version: 7.5.516 / Virus Database: 269.19.10/1240 - Release Date: 23/01/2008 5:47 PM
>   
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.centos.org/pipermail/centos/attachments/20080124/d92856a3/attachment-0005.html>