Chapter 2
Well as u noticed the account administrator does not display in the login screen, to make ur account invisible on the login screen (useful in schools and campuses also in office environments some times)
Go to start->run then type regedit. And press enter
Navigate by double-clicking in the names listed below
1. HKEY_LOCAL_MACHINE
2. SOFTWARE
3. Microsoft
4. Windows NT (not “windowsnt”)
5. CurrentVersion
6. Winlogon
7. SpecialAccounts
8. UserList
In the right hand side of the console window right click in a blank space and select NEW->DWORD value
Rename the new value to (New Value #1) to the name of the account u need to hide from the login screen.
For a example to to make the account name saman invisible rename the DWORRD value “New Value #1” to “saman”, restart and u will not see the account in the login screen. To access it use the presses in lesson one.(sane as accessing the administrator account).
II) Other functions in the user properties
Access the user folder in mmc as in lesson one. Ones u view the user properties u will find extra options in it. These are the meaning as uses of them.
1. change password at nest login- forces the user to change the password on next login
2. User cannot change password- forces the user to use the same password
3. password never expires- if not checked then the password will expire in 30 days
4. Disables and locked- can’t access the account
Member of tab- this is used to control limitations of the user, vary important in controlling a network (not much important in normal use), any way we will come to it later.
III) What is a SAM file & where is it?
Well windows keeps its user passwords in this file as hash values, in order to crack it u need the file called SYSTEM in the config dir….. (Both files are important)
This is located in C:\WINDOWS\SYSTEM32\CONFIG\SAM
And C:\WINDOWS\SYSTEM32\CONFIG\SYSTEM
This file has no extension, now what is the security for this file. Well u can’t copy this file normally, to do it add the debug user to the member of tab in the user properties. But it’s just a waste of time and u can’t do this if u doesn’t have admin (in school, campus, office). I will tell u the easiest way to get the sam and the system file from the hard under any condition admin or no admin. To do that u need a tool called Handy recover, this is not a hacking tool, actually this is made to recover lost data from a hard drive.
Windows has a great weakness that is when u recover a hard disk u can get any protected file, (u can even get any file in Documents and Settings\anyuser\folders), nothing will stop this method. I have uplpaded the file to the following location it’s cracked and guess what no need to install. Just run the HandyRecovery.exe. (COOL).
Link- http://www.MegaShare.com/130389
Password- san_apiit
1. Ones u run it select the drive that has windows and press analyze.
2. Ones analyzing is done expand the directories (left hand side) and go to windows\system32\config\ folder.
3. Click config folder in left hand side
4. Right click on the file SAM in right hand side and select recover,
5. Recover the file to any location (better if u select a folder in another partition)
6. Recover the file system in the same way
Well that’s all for today
In the next section
1. How to recover the password and tool to do it
Q/A session (Any problems)
---------------
Well as u noticed the account administrator does not display in the login screen, to make ur account invisible on the login screen (useful in schools and campuses also in office environments some times)
Go to start->run then type regedit. And press enter
Navigate by double-clicking in the names listed below
1. HKEY_LOCAL_MACHINE
2. SOFTWARE
3. Microsoft
4. Windows NT (not “windowsnt”)
5. CurrentVersion
6. Winlogon
7. SpecialAccounts
8. UserList
In the right hand side of the console window right click in a blank space and select NEW->DWORD value
Rename the new value to (New Value #1) to the name of the account u need to hide from the login screen.
For a example to to make the account name saman invisible rename the DWORRD value “New Value #1” to “saman”, restart and u will not see the account in the login screen. To access it use the presses in lesson one.(sane as accessing the administrator account).
II) Other functions in the user properties
Access the user folder in mmc as in lesson one. Ones u view the user properties u will find extra options in it. These are the meaning as uses of them.
1. change password at nest login- forces the user to change the password on next login
2. User cannot change password- forces the user to use the same password
3. password never expires- if not checked then the password will expire in 30 days
4. Disables and locked- can’t access the account
Member of tab- this is used to control limitations of the user, vary important in controlling a network (not much important in normal use), any way we will come to it later.
III) What is a SAM file & where is it?
Well windows keeps its user passwords in this file as hash values, in order to crack it u need the file called SYSTEM in the config dir….. (Both files are important)
This is located in C:\WINDOWS\SYSTEM32\CONFIG\SAM
And C:\WINDOWS\SYSTEM32\CONFIG\SYSTEM
This file has no extension, now what is the security for this file. Well u can’t copy this file normally, to do it add the debug user to the member of tab in the user properties. But it’s just a waste of time and u can’t do this if u doesn’t have admin (in school, campus, office). I will tell u the easiest way to get the sam and the system file from the hard under any condition admin or no admin. To do that u need a tool called Handy recover, this is not a hacking tool, actually this is made to recover lost data from a hard drive.
Windows has a great weakness that is when u recover a hard disk u can get any protected file, (u can even get any file in Documents and Settings\anyuser\folders), nothing will stop this method. I have uplpaded the file to the following location it’s cracked and guess what no need to install. Just run the HandyRecovery.exe. (COOL).
Link- http://www.MegaShare.com/130389
Password- san_apiit
1. Ones u run it select the drive that has windows and press analyze.
2. Ones analyzing is done expand the directories (left hand side) and go to windows\system32\config\ folder.
3. Click config folder in left hand side
4. Right click on the file SAM in right hand side and select recover,
5. Recover the file to any location (better if u select a folder in another partition)
6. Recover the file system in the same way
Well that’s all for today
In the next section
1. How to recover the password and tool to do it
Q/A session (Any problems)
---------------
