In Microsoft Windows user account password and information are stored in a file called SAM(Security Accounts Manager).The SAM file is stored in “%systemroot%\system32\config” and also a backup copy of the file is also stored in ”%systemroot%\repair”.
In Windows Sp3 and later versions the SAM file is by default locked with syskey enabled so we cannot open it as such and view its content so here in this post I will show you how we can crack it and retrieve the hash.
2.John the Ripper. (Download)
Step 1. You need to have the administrative privilege then open up command prompt window ,using command prompt go to the directory where pwdump7 is present and follow the on screen information as shown below.
Step 2. After all the hashes are being displayed on the command prompt screen right click on the title bar copy it then paste and save it in a text file .First right click and mark the screen before copying.Here I have saved it as pw-hash.txt
Step 3.Having downloaded John the ripper browse into the John’s root directory and use the command as shown in the image below.
Step 4.The command we have used above is “C:\JOHN\RUN>john-386 C:/pw-hash.txt –users=Administrator”,the format of the command is “john-386 [Hash file path] –users=[Username]”.Here the the hash file path is “C:/pw-hash.txt” and the username is “Administrator”,by using the above command then the John will search for the password of Administrator.
You can also use “C:\JOHN\RUN>john-386 C:/pw-hash.txt” so that John will search for the password of all the usernames available.
If you find this post useful then do drop a comment it will be appreciated.