Ubuntu Crack & Hack Win7 User Passwords & Files. Also how to prevent this
You can use this how-to for several purposes. The purpose intended here is to simply to recover a forgotten password and or access the user private files. NOT MY INTENT, this tutorial may also be used with the worse of intentions to crack, hack a win7 user password and or have illegitimate access to the user private files. The procedure is really easy and fast. Also included in the purpose of this article is ways to help users avoid these situations.
The fastest way and by far the easiest, is to use a Linux Live CD to access the user private files
In this case we are only going to access private files, access to win7 OS is not required. Download the latest Ubuntu iso file, burn it ti a cd or use the USB creator to make a bootable Ubuntu USB pen "stick".
Insert the live cd or USB pen into the win7 computer you want access to and boot with it. As the above screenshot shows, after booting and selecting the language you want to use, you should select the option "Try Ubuntu without any changes to your computer".
After fully loading the live cd, then it's just a matter of going to the top menu "Places". From there, and using Nautilus (file explorer), you will be able to see the win7 drive (NTFS) and or any other drives used by win7. Selecting any of those drives you will be able to see the files inside. THAT EASY.
If you get prompted, "You do not have permission to access this file" then, some of the files require ROOT access. Open a Terminal Window (Applications > Accessories > Terminal) and type gksudo nautilus. Leave the password blank when prompted. Now, a new Nautilus (file explorer) window opens and you have access to everything. THAT EASY.
How can you avoid this:
This can only be avoided by encrypting your private win7 files or just simply encrypting the entire win7 OS. The user trying to get your files will still be able to see them, but this time not even ROOT access will grant him permission to open them.
Another way is to use the command line FU. Reset the password with a linux System Rescue cd
Harder to implement but more effective, this way will give you access to win7 OS itself. For this end we will use the Ubuntu System Rescue CD. Most of the work will be done using the command line, please follow all the steps for success.
Again, you have to download the iso file and create a bootable CD or USB pen "stick". While booting with the CD or SUB pen, when the blue screen comes on, press the default option. Allow everything to load until you get presented with a command line interface, type fdisk -l to list all the drives and partitions on the win7 computer. Select the win7 partition, usually the largest partition marked with NTFS and write down it's name, i.e. /dev/sda2
Now let's start to run some commands and remember to replace /dev/sda2 with your correct partition, the one you wrote down:
ntfs-3g /dev/sda2 /mnt/windows –o force
Let's navigate to the win7/System32/config directory by issuing the following command:
cd /mnt/windows/Windows/System32/config
Let's edit the SAM file inside this folder, to list all users type:
chntpw –l SAM
Write down or remember the username you want to access, replace User Name with the correct name.
chnptw -u "User Name" SAM
At the next screen, choose the first option by typing the number 1 and hitting Enter. This will clear the user password, making it blank.
Next it will ask you to write hive files, press Y and then press Enter. The result should say OK.
Then just type reboot in order to restart the computer. Remove the live cd or USB pen.
Now Windows will start normally. Or almost, because this time you will be able to login to win7 with that user's account and without a password.
How can you avoid this:
Again, the above method will not avoid encryption. By changing the user password will disallow access to previous encrypted files, and if the user encrypted the entire win7 OS, this method will be useless.
Now let's try Ophcrack brute force methods
This method will grant you full access even to encrypted files. In the brute force method are are not trying to reset the password. We are actually going to recover, rescue the user original password, therefore having access to everything the user had access to... including encrypted files.
This time you need to download and burn the Ophcrack Live CD. Since win7 version is still not available, download and use the Vista version that works also for windows 7.
Boot your computer with it. It will take some time, allow it to fully load. Once it's done and you are presented with a desktop environment, you can start to crack passwords.
The cracking process might take a long time.
While the software is running you can see the passwords appear in the top pane of the window.
Once you have the password, write it down, reboot and remove ophcrack cd.
Let windows 7 boot and login with the users password. This time will will have access to encrypted files. THAT EASY.
How can you avoid this:
You can't. But you can surely make it harder or nearly impossible to crack.
The best way is to have complicated passwords. This will give ophcrack a very hard time to figure out your password, with very long execution times.
Password Recommendations "complicated password":
The following recommendations are basic security and apply to many ends, not only for ophcrack purpose:
Complicated password = (using a combination of letters, numbers and special characters).
The password should be more than 14 characters.
Do not use the same password for different ends.
Always change your password at least every 90 days.
