If you're trying to break into a Windows computer—whether you've forgotten your password or are hatching a more sinster plan—you have quite a few options. Here's how to do it, and how to keep your own computer protected.
There are a few methods to breaking into a computer, each with their own strengths and weaknesses. Here, we'll go through three of the best and most common methods, and nail down their shortcomings so you know which one to use—and how to exploit their weaknesses to keep your own computer secure.
The Lazy Method: Use a Linux Live CD to Get at the Files
If you don't need access to the OS itself, just a few files, you don't need to go through much trouble at all. You can grab any Linux live CD and just drag-and drop files onto a USB hard drive, as you would in any other OS.
Note that depending on the permissions of some files, you might need root access. If you're having trouble viewing or copying some files, open up a terminal window (by going to Applications > Accessories > Terminal) and type in
gksudo nautilus
, leaving the password blank when prompted. You should now have access to everything.
How to Beat It: This method can give you access to the file system, but its main weakness is that the malicious user still can't access any encrypted files, even when using
gksudo
. So, if the owner of the computer (or you) has encrypted their files (or encrypted the entire OS), you won't get very far.Sneaky Command-Line Fu: Reset the Password with the System Rescue CD
If you need access to the operating system itself, the Linux-based System Rescue CD is a good option for breaking in. You'll need to do a bit of command line work, but as long as you follow the instructions closely you should be fine. Hat tip to our friends at the How-To Geek.
fdisk -l
to see the drives and partitions on your computer. Pick the Windows partition (usually the largest NTFS partition) and note the name, e.g. /dev/sda3
.
Then, run the following command:
Make sure to replace
/dev/sda3
with the partition you noted earlier. Next, cd
to your Windows/System32/config directory with this command:
We want to edit the SAM file in this folder, so type the following command to get a list of users:
Note the username you want to access, and then type the following command, replacing
Whitson Gordon
with the username in question.
At the next screen, choose the first option by typing the number
1
and hitting Enter. This will clear the user password, making it blank. When it asks you to write hive files, hit y
and press Enter. It should say OK, and then you can type reboot
to reboot the computer. When you boot into Windows, you'll be able to log in to that user's account without a password.
How to Beat It: Once again, the weakness of this method is that it still can't beat encryption. Changing the password will disallow you access to those encrypted files, which, if the user has encrypted their entire OS, makes this method pretty useless. If they've only encrypted a few files, though, you'll still be able to access all the unencrypted stuff without a problem.
Brute Force: Crack the Password with Ophcrack
Where the other two methods are vulnerable to encryption, this method will give you full access to everything the user can access, including encrypted files, since this method relies on finding out the user's password instead of bypassing it.
How to Beat It: While this method works on encrypted OSes, it can't crack every password out there. To increase your chance of having an uncrackable password, use something complicatedand greater than 14 characters. The stronger your password, the less likely Ophcrack will be able to figure it out.
There are a lot of methods to break into a Windows computer (in fact, we've featured some of them before), but these are a few of the best and most widely useful. Try it for yourself on your own machine—you'll be shocked at how easy it is for someone to get into your machine. The takeaway? Encrypt your data and use a long, strong password if you want to keep yourself protected, or you could be vulnerable to the above tricks.
0 comments:
Post a Comment