pentesting, pci, red team

Change your password with sticky keys

August 18th, 2010 by admin in Privilege Escalation, windows

Forgot the administrator password? There are many ways to access a Windows installation if you forgot the administrator password. Today I’ll show you another procedure to reset the Windows password by replacing the Sticky Keys application. This program allows you to use the function keys SHIFT, CTRL, ALT, or the Windows key by typing one key after the other instead of pressing them simultaneously with the second key. The main advantage of this password reset method is that you don’t need third-party software; another plus is that it is easy to carry out because no Registry hack is required, as when you offline enable the built-in administrator.

Please note that resetting the password from an account other than the corresponding user account always means that the user loses the credentials stored in the Windows Vault, stored Internet Explorer passwords, and files that you encrypted with the Encrypting File System (EFS). Of course, if you have a backup of these credentials, you can restore them; likewise, if you have exported the private EFS key, you can import it again after you have reset the password.

Like with all other solutions that allow you to reset the Windows password without having an account on the corresponding computer, you have to boot from a second operating system and access the Windows installation while it is offline.

You can do this with a bootable Windows PE USB stick or by using Windows RE. You can start Windows RE by booting the Windows Vista or Windows 7 setup DVD and then selecting “Repair” instead of “Install Windows.”

By the way, you can’t use the Windows XP boot CD for this purpose because its Recovery Console will ask for a password for the offline installation. However, you can use a Vista or Windows 7 DVD to reset a forgotten Windows administrator password on Windows XP.

This works because Windows RE, which is based on Vista or Windows 7, will let you launch a command prompt with access to an offline installation without requiring a password.

How to own a Windows Domain 2.0

February 20th, 2010 by Dev Team in Privilege Escalation, windows

Back in October we showed you a video on how to own a Windows domain by passing the hash from the local admin account to the domain server to add a new domain admin account. This newer version makes the task much easier using Backtrack4 and metasploit.


Dumping Physical Memory to extract SAM Hashes

March 21st, 2009 by admin in Password Info, Privilege Escalation, windows

Tools Needed : MDD pyCrypto Volatility 1.3 Beta Volatility Plugin from Moyix ManTech Memory DD (MDD) ( is released under GPL by Mantech International. MDD is capable of copying the complete contents of memory on the following Microsoft Operating Systems: Windows 2000, Windows XP, Windows 2003 Server, Windows 2008 Server. After downloading MDD from the Mantech site you need to run (more…)

Change Vista Password From Install DVD

February 14th, 2009 by admin in News, Password Info, windows

Please take note that this handy tip is intended to recover/regain a forgotten Vista Administrator password. It is not intended to illegally hacking into a Vista system that’s not owning by users who refer this guide!! It is also intended to inform Vista users about the method by which anyone can access their private accounts by cracking passwords….Thus anyone can hack into administrator account and bypass guest user restrictions…. Lets start… Steps to hack Windows Vista Administrator account password: (more…)

Password to Uninstall Symantec Antivirus Client

November 12th, 2008 by admin in News, Password Info, Wireless

We all know Norton can’t protect you , but also Norton is sometimes a pain in the ass to uninstall , sometimes it has files you cant remove etc. But even before you get to that point you’re prompted for an uninstall passowrd? wtf? sometimes you were the person who installed it sometimes you’re not either  way you don’t know the password. Here’s a simple way to bypass that problem.

The default password that should work for most of the Symantec uninstallation is “symantec“. Duh.

If the default password doesn’t work do this:
1) Go to Start -> Run and type regedit

2) Navigate to: 

HKEY_LOCAL_MACHINE\SOFTWARE\INTEL\LANDesk\VirusProtect6\CurrentVersion\Administrator Only\Security\


3) Double click on the value name “UseVPUninstallPassword” and change the value from 1 to 0

4) Close the registry and retry the uninstall.

lm2ntcrack : NT Hash cracker from LM Password

October 19th, 2008 by admin in News, Password Info, windows

lm2ntcrack provides a simple way to crack instantly Microsoft Windows NT Hash (MD4) when the LM Password is known. lm2ntcrack is Free and Open Source software.
This software is entirely written in Perl, so its easily ported and installed.

Change MSSQL2005 Password from Command Prompt

October 17th, 2008 by admin in News, Password Info, windows

SA is the administrative login for the MSSQL. To Change the MSSQL SA password please use following steps:

Step 1. Go to the command prompt of the server ( Start >> Run >> Cmd ) and type in command

osql –L

This command will list all the MSSQL servers near you.

Step 2. Copy full name of required MSSQL server and type

osql -S copied_servername –E

By this command you’ll connect to MSSQL server using Server administrator account (Windows Authentication).

Step 3. To change sa password you should execute the following query:

1> sp_password NULL,’new_password’,’sa’
2> go

Here the new_password will be the password which you want to set.

Now try to login to MSSQL using new password.

Another quick way:

OSQL -S MyServer -E -Q "EXEC sp_defaultdb 'sa', 'master'"
OSQL -S MyServer -E -Q "EXEC sp_password NULL, 'NewPassword', 'sa'"

Google Clear-Text passwords

October 6th, 2008 by admin in Google, News, Password Info, windows

Chrome stores saves passwords in CLEAR TEXT.

1 ] Go to any site that allows you to sign in ex.

2 ] Enter your fake username. Enter a false (incorrect) password

3 ] Allow Chrome to save password ( It will prompt below the address bar)

4 ] Close Chrome

5 ] Locate and change directory using the command prompt to the path below

%:\Documents and Settings\%user name%\Local Settings\Application Data\Google\Chrome\User Data\Default\Current Session ( Path might be different in Vista )

6 ] Note that the “Current Session” file needs to be present in your
“\Application Data\Google\Chrome\User Data\Default\” directory

7 ] Type this command in cmd : find “&secret” “Current Session”

8 ] You can see that its stored in clear text.
C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\C
hrome\User Data\Default>find “&secret” “Current Session”


Need to secure your usb drive? Click Here!

Bypass Youtube Age Verification Signup

October 6th, 2008 by admin in News, Uncategorized

This firefox extension simply checks if the URL you’ve just opened contains YouTube’s VerifyAge-page. If it does, it’ll grab the video-ID of the video-clip you just tried to watch and open up a popup-window with that video – WITHOUT having to login / register.

How to Bypass BIOS Passwords

September 6th, 2008 by Dev Team in Apple, BIOS, Linux, Password Info, Uncategorized, windows

BIOS passwords can be add extra layer of security for desktop and laptop computers, and are used to either prevent a user from changing the BIOS settings or to prevent the PC from booting without a password. BIOS passwords can also be a liability if a user forgot their passwords, or if a malicious user changes the password. Sending the unit back to the manufacturer to have the BIOS reset can be expensive and is usually not covered in an a typical warranty. However, there are a few known backdoors and other tricks of the trade that can be used to bypass or reset the BIOS password on most systems.

Next Article »