pentesting, pci, red team

Change your password with sticky keys

August 18th, 2010 by admin in Privilege Escalation, windows

Forgot the administrator password? There are many ways to access a Windows installation if you forgot the administrator password. Today I’ll show you another procedure to reset the Windows password by replacing the Sticky Keys application. This program allows you to use the function keys SHIFT, CTRL, ALT, or the Windows key by typing one key after the other instead of pressing them simultaneously with the second key. The main advantage of this password reset method is that you don’t need third-party software; another plus is that it is easy to carry out because no Registry hack is required, as when you offline enable the built-in administrator.

Please note that resetting the password from an account other than the corresponding user account always means that the user loses the credentials stored in the Windows Vault, stored Internet Explorer passwords, and files that you encrypted with the Encrypting File System (EFS). Of course, if you have a backup of these credentials, you can restore them; likewise, if you have exported the private EFS key, you can import it again after you have reset the password.

Like with all other solutions that allow you to reset the Windows password without having an account on the corresponding computer, you have to boot from a second operating system and access the Windows installation while it is offline.

You can do this with a bootable Windows PE USB stick or by using Windows RE. You can start Windows RE by booting the Windows Vista or Windows 7 setup DVD and then selecting “Repair” instead of “Install Windows.”

By the way, you can’t use the Windows XP boot CD for this purpose because its Recovery Console will ask for a password for the offline installation. However, you can use a Vista or Windows 7 DVD to reset a forgotten Windows administrator password on Windows XP.

This works because Windows RE, which is based on Vista or Windows 7, will let you launch a command prompt with access to an offline installation without requiring a password.

Hive Restore XP

February 28th, 2010 by Dev Team in Our Tools

When you try to start or restart your Windows XP-based computer,
you may receive one of the following error messages:

Windows XP could not start because the following file is
missing or corrupt: \WINDOWS\SYSTEM32\CONFIG\SYSTEM

Windows XP could not start because the following file is

Stop: c0000218 {Registry File Failure} The registry cannot load the hive (file): \SystemRoot\System32\Config\SOFTWARE or its log or alternate

System error: Lsass.exe
When trying to update a password the return status indicates that the value provided as the current password is not correct.

Sometimes this can be corrected using chkdsk /r /f from recovery console

other times you need to boot into the recovery console using the XP install CD
and use the directions here which involves typing a
whole bunch of commands into the console and hope that you dont make any mistakes typing.
Alot of people either lost or don’t have the XP install CD and if you do it’s a pain in
the ass to type all of that.

So the alternative would be to either:
1. boot from WindowsPE type disk and backup/copy the registry hive files to the folders
2. slave the drive to another computer and backup/copy the registry hive files to the folders

which is also tedious because you have to copy hive files over,back up old hives, and rename the new hives
This is where HiverestoreXP comes in handy because it automates the process for you.
It’s dead simple to use.

Download HiveRestoreXP

[downloadcounter(HiveRestoreXP)] downloads

If you are trying to use this on a slaved drive you may not have proper permissions to open the “System Volume Information” folder and the program wont show any restore points, use the instructions here to take gain access before running the program

most of the time you can run this command:
cacls "driveletter:\System Volume Information" /E /G username:F
then remove the permissions using this:
cacls "driveletter:\System Volume Information" /E /R username

Dumping Physical Memory to extract SAM Hashes

March 21st, 2009 by admin in Password Info, Privilege Escalation, windows

Tools Needed : MDD pyCrypto Volatility 1.3 Beta Volatility Plugin from Moyix ManTech Memory DD (MDD) ( is released under GPL by Mantech International. MDD is capable of copying the complete contents of memory on the following Microsoft Operating Systems: Windows 2000, Windows XP, Windows 2003 Server, Windows 2008 Server. After downloading MDD from the Mantech site you need to run (more…)

Change Vista Password From Install DVD

February 14th, 2009 by admin in News, Password Info, windows

Please take note that this handy tip is intended to recover/regain a forgotten Vista Administrator password. It is not intended to illegally hacking into a Vista system that’s not owning by users who refer this guide!! It is also intended to inform Vista users about the method by which anyone can access their private accounts by cracking passwords….Thus anyone can hack into administrator account and bypass guest user restrictions…. Lets start… Steps to hack Windows Vista Administrator account password: (more…)

Recover wireless network keys from external drive

December 22nd, 2008 by admin in Uncategorized

The new version of WirelessKeyView from Nirsoft now allows you to recover your wireless network keys from external instance of Windows XP operating system (Vista is not supported yet). This feature can be useful if you have a dead system that cannot boot anymore.

Change XP Password With Install CD

November 9th, 2008 by admin in News, Password Info, windows

If you forgot your Windows login password which contains your most valuable data with your all favorite setting and you fear about loosing all the data and settings? Then you don’t worry about this problem, if unfortunately you have this problem. Here is the best method to restore your Windows login password provided if you have the Windows installation CD.

1. Place your Windows XP CD in your cd-rom and start your computer (it’s assumed here that your XP CD is bootable – as it should be – and that you have your bios set to boot from CD)

2. Keep your eye on the screen messages for booting to your cd Typically, it will be “Press any key to boot from cd”

3. Once you get in, the first screen will indicate that Setup is inspecting your system and loading files.

4. When you get to the Welcome to Setup screen, press ENTER to Setup Windows now

5. The Licensing Agreement comes next – Press F8 to accept it.

6. The next screen is the Setup screen which gives you the option to do a Repair.

It should read something like “If one of the following Windows XP installations is damaged, Setup can try to repair it”

Use the up and down arrow keys to select your XP installation (if you only have one, it should already be selected) and press R to begin the Repair process.

7. Let the Repair run. Setup will now check your disks and then start copying files which can take several minutes.

8. Shortly after the Copying Files stage, you will be required to reboot. (this will happen automatically – you will see a progress bar stating “Your computer will reboot in 15 seconds”

9. During the reboot, do not make the mistake of “pressing any key” to boot from the CD again! Setup will resume automatically with the standard billboard screens and you will notice Installing Windows is highlighted.

10. Keep your eye on the lower left hand side of the screen and when you see the Installing Devices progress bar, press SHIFT + F10. This is the security hole! A command console will now open up giving you the potential for wide access to your system.

11. At the prompt, type NUSRMGR.CPL and press Enter. Voila! You have just gained graphical access to your User Accounts in the Control Panel.

12. Now simply pick the account you need to change and remove or change your password as you prefer. If you want to log on without having to enter your new password, you can type control userpasswords2 at the prompt and choose to log on without being asked for password. After you’ve made your changes close the windows, exit the command box and continue on with the Repair (have your Product key handy).

13. Once the Repair is done, you will be able to log on with your new password (or without a password if you chose not to use one or if you chose not to be asked for a password). Your programs and personalized settings should remain intact.

New Windows RPC Exploit

October 26th, 2008 by admin in windows

If you haven’t been auto-updated yet make sure you do. The vulnerability could allow remote code execution if an affected system received a specially crafted RPC request. On Microsoft Windows 2000, Windows XP, and Windows Server 2003 systems, an attacker could exploit this vulnerability without authentication to run arbitrary code. It is possible that this vulnerability could be used in the crafting of a wormable exploit.

Logon Automatically and lock computer

October 11th, 2008 by admin in News, Password Info, windows

So your the only user on your computer and you want to have the security of your own password, but you don’t want to have to wait for all your startup programs to launch when you first boot up. You wish there was just some way to have your computer startup, load all your programs, but be secure so that it does it all in the background of the login screen and you don’t have to wait for it.

Paying something like $50 for a program such as Tweak UI is just out of the question, wouldn’t you agree? Well, luckily for you, you can do this for free! Just follow the next couple of steps in this post and you will have your dream in no time.

OphCrack Live CD – Crack Windows Passwords

September 20th, 2008 by Dev Team in News, Password Info, windows
Ophcrack LiveCD is a free bootable Windows password cracking CD based on rainbow tables. It is a very efficient implementation of rainbow tables done by the inventors of the method. It comes with a Graphical User Interface and runs on multiple platforms.

» Runs on Windows, Linux/Unix, Mac OS X, …
» Cracks LM and NTLM hashes.
» Free tables available for Windows XP and Vista.
» Brute-force module for simple passwords.
» LiveCD available to simplify the cracking.
» Loads hashes from encrypted SAM recovered from a Windows partition, Vista included.

Create a Password Reset Disk

September 19th, 2008 by Dev Team in News, Password Info, windows

If you wanna backup your user password here is the best way:

For this you have to create a Password Reset Disk. If you are running WIndows XP Pro as a local user in a workgroup enviroment, you can create a password reset disk to logon to your computer when you forget the password. The way is depicted below:

* Click Start|click Control Panel and select User Accounts
* Click on your Account Name
* Under Related Tasks, click on Prevent a forgotten option
* Now follow the instruction in the wizard to create a password reset disk

Caution: Store this disk in a secure location as anyone can access your machine by this disk

Next Article »