hacking vista admin account

im attempting to hack a vista basics admin account, i only have access to a limited account. yes i have tried stuff like ophcrack (doest work with system) and offlin NT password & registry editor (fails to load SAM hive). yes i did all the cmd tricks with 'net user administrator password. yes i have tried doing the change normally. safe mode requires you to login as an admin first and i dont have the vista installation disk. someone asked me to hack this computer for them cuz the ppl who had it b4 wont tell her the password. it prompts me for admin password every time i try to do anything that requires administrative running. yes i tried desktop tools like cain and windows password recovery. I tried changing the registry, access denied. I even made some of my own ideas but still to no avail, can anyone help?

Do you care if you just reset the password as opposed to cracking it? If not http://trinityhome.org/

Though this only work for local logins not domains.

Can you get in the system's BIOS setup? Make sure USB/CD is above your HDD in your boot order. (This usually is the default case, so if BIOS setup is blocked by a password, you can still try this.) Then use a Linux Live USB/CD.

site of no help. and i dont have a password reset disk and cant make one without admin access.

… you shouldnt need the reset disk – that site houses a rescue kit that should reset it anyways.

do you need instructions too? http://www.walkernews.net/2007/08/26/how-to-reset-windows-vista-account-password/

most of the password recovery disks arent working. either not working with system at all or failure to load SAM

In case you were unaware, when cracking Vista passwords using Ophcrack, you must download Vista specific precomputed hash tables.

http://ophcrack.sourceforge.net/tables.php (Scroll down for Vista tables.)

1. Boot into Linux LiveCD
2. Copy over SAM hashes to USB
3. Crack using Ophcrack.

Worked at my school :p

In your school do you choose passwords or are you given them? Also is it the standard log in or do they have an extra security feature? And you do have the tables KvK explained?

You can also reset the password, I suggest: http://pogostick.net/~pnh/ntpasswd/

yes i have the table for ophcrack. and it just wont load on the system. and yes i have ntpasswd too, it has a problem loading the SAM files. but i will try copying the SAM to usb. do you know the location of the SAM files? oh and im not doing this to a school computer, I am hacking it FOR the police, its security is very tight.

i dont think this will be any help, but on XP i used SAMinside and got the hashed password and just cracked it that way, as i said i don't know if it will help at all due to the fact i was cracking a XP password and i don't know if it will work for vista, or a vista limited access account, worth a try though.

cruizrisner wrote: yes i have the table for ophcrack. and it just wont load on the system. and yes i have ntpasswd too, it has a problem loading the SAM files. but i will try copying the SAM to usb. do you know the location of the SAM files? oh and im not doing this to a school computer, I am hacking it FOR the police, its security is very tight.

copy everything from: C:\Windows\System32\config\SAM

to the USB, then in ophcrack select them.

Oh! And you can't copy them if you're IN windows, you have to boot linux from a USB, CD, or DVD.

well yea i know that. nevermind now i got it now. solution: boot into a Ubuntu LiveCD and replace C:\Windows\System32\sethc.exe by C:\Windows\System32\cmd.exe (don't forget to make a backup of sethc.exe to restore it later) After that you can boot back into windows and press shift 5 times at the login screen. You will get a shell with system right. You can try to do you net user tricks there.

Booting windows with a live linux cd is the oldest trick to remove passwords or recover data, It was suggested to you a few times in this thread, So it's nothing new. By the way the trinity rescue disk works great on vista, If you know how to use it.

well i didnt know the sethc.exe and the five shifts trick

what is isethc.exe?

Did you seriously not use Google? http://www.google.com/search?q=sethc.exe

Next time, please do so before posting such a simplistic question. :happy:

cruizrisner,you mean rename the cmd.exe to sethc.exe and delte the original sethc.exe?as both are in the same directory

silvercats wrote: cruizrisner,you mean rename the cmd.exe to sethc.exe and delte the original sethc.exe?as both are in the same directory

Okay, this is the second thread in less than a day you have unnecessarily necro'd. This thread is 4 months old, and your bringing it back up to ask a really dumb question. Googling this would probably answer the question right away, if it isn't obvious from common sense.

Please think about stuff before you do it. Seriously, apparently it can really be beneficial.

But, yes, the idea is that you should move sethc.exe to another filename (ex: sethc.exe.old) and copy cmd.exe to a new name of sethc.exe. Then, once booted up, pressing shift 5 times in a row activates the sticky keys configuration window, which is sethc.exe. Since sethc.exe is actually a command binary (cmd.exe), a command shell gets executed, instead of the configuration window. Then you can move sethc.exe.old back to sethc.exe to replace sticky-keys functionality.

thanks stealth ,:p sorry for asking a dumb question :)