Offline NT/2000/XP/Vista/7 Password Changer



Section 0. Background Information
  1. What is Hiren’s Boot CD?
    • Hiren’s BootCD is a boot CD containing various diagnostic programs such as partitioning agents, system performance benchmarks, disk cloning and imaging tools, data recovery tools, MBR tools, BIOS tools, and many others for fixing various computer problems. It is a Bootable CD; thus, it can be useful even if the primary operating system cannot be booted.
    • http://www.hiren.info/pages/bootcd
  2. Lab Notes
    • In this lab we will do the following:
      1. Download the Hiren’s iso
      2. Boot Damn Vulnerable WXP-SP2 into the Hiren’s Environment
      3. Use the Offline Password Changer to clear the Administrator’s Password
  3. Prerequisites
    • Instructions:
      1. This will work on Windows NT, 2000, XP, Vista and 7
      2. This lab uses the Damn Vulnerable WXP-SP2 Virtual Machine.
  4. Legal Disclaimer
    • As a condition of your use of this Web site, you warrant to computersecuritystudent.com that you will not use this Web site for any purpose that is unlawful or that is prohibited by these terms, conditions, and notices.
    • In accordance with UCC § 2-316, this product is provided with “no warranties, either express or implied.” The information contained is provided “as-is”, with “no guarantee of merchantability.”
    • In addition, this is a teaching website that does not condone malicious behavior of any kind.
    • Your are on notice, that continuing and/or using this lab outside your “own” test environment is considered malicious and is against the law.
    • © 2012 No content replication of any kind is allowed without express written permission.
Section 1. Prerequisite
  1. Open A Firefox Browser
    • Notes:
      • Login to the machine that has VM Player Installed.
    • Instructions:
      1. Click on the Windows Start Button
      2. Type firefox in the search box
      3. Click on Mozilla Firefox

     

  2. Place Link in Firefox Browser

     

  3. Navigate and Save
    • Instructions:
      1. Navigate to your external USB hard drive.
      2. Create a directory call Hirens on your
      3. Click Save

     

Section 2. Configuring VMware to play Hiren’s
  1. Edit Virtual Machine Settings
    • Instructions:
      1. Click on Damn Vulnerable Windows XP
      2. Click on Edit virtual machine

     

  2. Configure CD/DVD (IDE)
    • Instructions
      1. Configure CD/DVD (IDE)
      2. Click the radio button “Use ISO image file:”
      3. Click the Browse button and Navigate to the location of the Hiren’s.BootCD.14.0.iso
      4. Click the Options Tab

     

  3. Configure Operating System Settings
    • Instructions
      1. Settings: General
      2. Guest operating system: Linux
      3. Version: Other Linux 2.6.x kernel
      4. Click on OK

     

  4. Start Damn Vulnerable WXP-SP2
    • Instructions:
      1. Click on Damn Vulnerable WXP-SP2
      2. Click on Play virtual machine

     

  5. Access the Boot Menu
    • Instructions
      1. Once you see the below vmware screen, (1) Left Click in the screen and (2) press the key.
    • Note(FYI)
      1. Beginners be patient, this might take a few times.  <Grin>

     

  6. Boot from CD-ROM Drive
    • Instructions
      1. Arrow Down to where CD-ROM Drive is highlighted
      2. Press <Enter>

 

Section 3. Starting up the Offline NT/2000/XP/Vista/7 Password Changer
  1. Select “Offline NT/2000/XP/Vista/7 Password Changer” (See Below)
    • Instructions
      1. Arrow Down to Offline NT/2000/XP/Vista/7 Password Changer
      2. Press Enter

     

  2. Linux Kernel Boot options
    • Instructions
      1. Press Enter.

     

  3. Partition Selection
    • Instructions
      1. Type “1
      2. Press Enter.

     

  4. Unclean File System Message
    • Instructions
      1. Do you wish to force it (y/n) [n] y
      2. Press Enter.

     

  5. What is the path of the registry directory?
    • Instructions
      1. [WINDOWS/system32/config] Just Press Enter

     

  6. Select which part of the registry to load
    • Instructions
      1. Type “1
      2. Press Enter.

     

  7. Select Hive
    • Instructions
      1. Type “1
      2. Press Enter.

     

  8. Type in the username that you would like to reset.
    • Instructions
      1. Type “Administrator
      2. Press Enter

     

  9. User Edit Menu
    • Instructions
      1. To clear the password, select 1.
      2. Press Enter
    • Notes(FYI)
      • You also have the ability to do the following
        1. Set a new password
        2. Promote a user to an Administator
        3. Unlock Accounts

     

  10. Reviewing Results
    • Instructions
      1. There will be a message that says “Password cleared!”
      2. To quit the application, type “!
      3. Press Enter

     

  11. Back to Loaded Hives Selection
    • Instructions
      1. Type “q” to quit.
      2. Press Enter

     

  12. Writing back changes selection
    • Instructions
      1. Type “y” to save changes.
      2. Press Enter

     

  13. New Run Selection
    • Instructions
      1. Type “n” to quit
      2. Press Enter

 

Section 4. Proof of Lab
  1. Proof of Lab Instructions
    • Instructions:
      1. date
      2. Press <Enter>
      3. echo “Your Name”
        • Replace the string “Your Name” with your actual name.
        • e.g., echo “John Gray”
      4. Do a PrtScn
      5. Paste into a word document
      6. Upload to Moodle

     

  2. Poweroff Operating System
    • Instructions
      1. Type “poweroff
      2. Press Enter

     

  3. CPU Disabled Message
    • Instructions
      1. Click OK

     

  4. Poweroff Virtual Machine
    • Instructions
      1. Virtual Machine –> Virtual Machine Settings –> Power Off
      2. Click Yes
Section 5. Configuring your original VMware back to play Windows XP
  1. Edit Virtual Machine Settings
    • Instructions
      1. Select Damn Vulnerable WXP-SP2
      2. Select Edit Virtual machine settings

     

  2. Configure CD/DVD (IDE) Settings
    • Instructions
      1. Select CD/DVD (IDE)
      2. Select the Use physical drive: Radio Button
      3. Select Auto detect
      4. Click on the Options Tab

     

  3. Configure Operating System Settings
    • Instructions
      1. Select General
      2. Guest operating system: Microsoft Windows
      3. Version: Windows XP Professional
      4. Click on the OK Button

     

  4. Start Damn Vulnerable WXP-SP2
    • Instructions:
      1. Click on Damn Vulnerable WXP-SP2
      2. Click on Play virtual machine

 

Section 6. Logging into Windows after password was cleared

 

  1. Login as user administrator (See Below)
    • Instructions:
      1. Remember you cleared the password, so leave the password field blank.
      2. Click on OK.

 

Section 7. Set Administrator’s Password

 

  1. Open Control Panel
    • Instructions:
      1. Start –> Control Panel

     

  2. Open User Accounts
    • Instructions:
      1. Click on User Accounts

     

  3. Open the Administrator Account
    • Instructions:
      1. Click on Administrator

     

  4. Select Create a password
    • Instructions:
      1. Click on Create a password

     

  5. Create a password for your account
    • Instructions:
      1. Type a new password:
      2. Type the new password again to confirm:
      3. Click Create Password
Advertisements

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s

%d bloggers like this: