bypass account admin diwindows

binun monulis apa nch..
oya gw mau bagi tips yg dach jadul ttg bypass password admin di windows. cuman karena keterbatasan waktu nanti mungkin akan gw tulis dalam bbrp tahap. soalnya capeknya juga nich ternyata nulis ntu.
cara paling gampang tuk bypaas password admin di windows adalah menggunakan apliaksi pihak ketiga. yg paling umum digunakan adalah tools yg ada diminipe, kalo mo tahu lebih detil ttg minipe, bisa coba lgsg download disitus minipe.org. ntar password buat buka filenya adalah thecavern.
aplikasi yg lainnya yg patut dicoba adalah aplikasi yg berasal dari situs sourceforge.net yang bernama lophtcrack (free).
tuk detil lainnya ntar kita bahas lebih lanjut. tapi bagi yg sudah tahu, juga boleh langsung membahasnya disini

pertama yg dibutuhkan adl :

1.http://home.eunet.no/%7Epnordahl/ntpasswd/bd050303.zip > utk membuat bootdisk image

2.http://home.eunet.no/%7Epnordahl/ntpasswd/sc050303.zip > utk bootdisk image yg dipakai pd Hdd SCSI

3.http://home.eunet.no/%7Epnordahl/ntpasswd/cd050303.zip > utk membuat CD Image.

bbrp hal yg kudu diperhatikan disini sebelumnya adl:
1.file ato folder yg terenkripsi akan tidak bisa dibuka (EFS) dgn password yg baru !!!
2.kesalahan pd penghapusan file SAM akan menyebabkan hilangnya acces boot pd OS,utk itu anda bisa backup dulu NTLDR dan NTDETECT dan bisa di kopi kan ulang bila masalah tersebut timbul...

sebelum dimulai ada baiknya baca2 dulu pd

http://home.eunet.no/%7Epnordahl/ntpasswd/faq.html

http://home.eunet.no/%7Epnordahl/ntpasswd/

ok.anggap saja smua sdh terdonload dan terekstrak pd disket/cd dan kita mulai meload pd "target" dan pd tampilan akan timbul...spt ini,

OVERVIEW:
1.Disk select,menyatakan disk yg ada system windows terinstal,scr optional kadang dibutuhkan driver khusus utk mengakses disk tersebut,ini terjd pd disk SATA dan bbrp model SCSI disk,mk jangan lupa utk membawa disket driver kontroller disk tersebut.
2.PATH,dimana file system terinstal pd disk.
3.Password reset dan registry editor
4.writte back to disk (anda akan diminta konfirm ini pd akhir aplikasi)

JGN PANIK ! tanpa memilih pun anda akan dibawa pd "default" dr aplikasi ini yg bertanda [...] mk cukup tekan "enter/reurn" utk memulai aksi...

1.DISK SELECT : dimana kah OS file system berada...?

=========================================================
. Step ONE: Select disk where the Windows installation is
=========================================================
Disks:
Disk /dev/ide/host0/bus0/target0/lun0/disc: 2147 MB, 2147483648 bytes
NT partitions found:
1 : /dev/ide/host0/bus0/target0/lun0/part1 2043MB Boot

Please select partition by number or
a = show all partitions, d = automatically load new disk drivers

m = manually load new disk drivers
l = relist NTFS/FAT partitions, q = quit
Select: [1]

-bbrp mesin hanya mengintegrasikan 1 disk utk OS mk anda bisa pilih 1 scr default.
-atau bila terinstal bbrp disk bisa pilih pd tabel "partition select"
-apabila tidak ada sistem disk yg terload,pd SCSI drive / ato pd RAID mode,pilih [/b]d pd driver select menu utk deteksi auto probe.
-apabila auto probe tidak bekerja,anda harus memilih m utk melakukan.

2.MANUAL LOAD DRIVER DISK:

Select: [1] m
==== DISK DRIVER / SCSI DRIVER select ====
You may now insert or swap to the SCSI-drivers floppy
Press enter when done:
Found 1 floppy drives
Found only one floppy, using it..
Selected floppy #0
Mounting it..
Floppy selection done..
SCSI-drivers found on floppy:

1 BusLogic.o.gz
2 aic7xxx.o.gz
3 sym53c8xx.o.gz
[ ... ]

SCSI driver selection:
a - autoprobe for the driver (try all)
s - swap driver floppy
q - do not load more drivers
or enter the number of the desired driver

SCSI driver select: [q]

-select a dan akan mencoba meload smua drivers dan akan berhenti setelah selesai loading driver.
-apabila anda sdh tau lokasi drive tsb,bisa langsung pilih nomor drive yg terdeteksi.

SCSI driver select: [q] a
[ BusLogic.o.gz ]
Using /tmp/scsi/BusLogic.o
PCI: Found IRQ 11 for device 00:10.0

[.... lots of driver / card info ...]

scsi0: *** BusLogic BT-958 Initialized Successfully ***
scsi0 : BusLogic BT-958
Vendor: FooInc Model: MegaDiskFoo Rev: 1.0
Type: Direct-Access ANSI SCSI revision: 02

[ ... ]

Attached scsi disk sda at scsi0, channel 0, id 0, lun 0
SCSI device sda: 8388608 512-byte hdwr sectors (4295 MB)
Partition check:
/dev/scsi/host0/bus0/target0/lun0: p1
Driver BusLogic.o.gz loaded and initialized.

-and bisa menghentikan process load dgn command q utk mencoba meload bbrp driver
-apabila berhenti anda akan melihat pilihan spt diatas kembali.

***ok,sampai disini anda dianggap sdh nemuin "disk drive yg berisi OS windows" yg terinstal,tahap selanjutnya adl...***

3.PATH dan FILE SELECT: dimana OS system windows terinstal (target file !)

# winnt35/system32/config - Windows NT 3.51
# winnt/system32/config - Windows NT 4 and Windows 2000
# windows/system32/config - Windows XP/2003 and often Windows 2000 upgraded from Windows 98 or earlier.

ok,bila sdh mk secara default pilihan akan otomatis menemukan path file tersebut,disini cukup tekan enter aja,dan selanjutnya akan begini....

Selected 1
Mounting on /dev/ide/host0/bus0/target0/lun0/part1
NTFS volume version 3.1.
Filesystem is: NTFS

=========================================================
. Step TWO: Select PATH and registry files
=========================================================
What is the path to the registry directory? (relative to windows disk)
[windows/system32/config] :

-r-------- 1 0 0 262144 Jan 12 18:01 SAM
-r-------- 1 0 0 262144 Jan 12 18:01 SECURITY
-r-------- 1 0 0 262144 Jan 12 18:01 default
-r-------- 1 0 0 8912896 Jan 12 18:01 software
-r-------- 1 0 0 2359296 Jan 12 18:01 system
dr-x------ 1 0 0 4096 Sep 8 11:37 systemprofile
-r-------- 1 0 0 262144 Sep 8 11:53 userdiff

Select which part of registry to load, use predefined choices
or list the files with space as delimiter
1 - Password reset [sam system security]
2 - RecoveryConsole parameters [software]
q - quit - return to previous
[1] :

-apabila pilihan benar mk "spt diatas" akan tampak tp terkadang bervariasi pd bbrp pola disk yg ada.
-kemudian anda bisa memilih opsi apa yg akan anda lakukan (ketik nomor pilihan)
-pilihan password reset adl default dan itu emang yg dicari bukan...?
-pilihan 2 sebenernya bisa dipakai utk recovery console pd winxp,w2k,w2k3 dgn melewati "administrator password"
-ato apabila anda mau mengedit registry,pilih hives yg akan anda load.

ok kita pilih 1 yaitu "password edit"....

4.PASSWORD RESET: siap utk sesuatu yg baru....???

=========================================================
. Step THREE: Password or registry edit
=========================================================
chntpw version 0.99.2 040105, (c) Petter N Hagen

[.. some file info here ..]

* SAM policy limits:
Failed logins before lockout is: 0
Minimum password length : 0
Password history count : 0

<>========<> chntpw Main Interactive Menu <>========<>

Loaded hives: <sam> <system> <security>

1 - Edit user data and passwords
2 - Syskey status & change
3 - RecoveryConsole settings
- - -
9 - Registry editor, now with full write support!
q - Quit (you will be asked if there is something to save)


What to do? [1] -> 1

===== chntpw Edit User Info & Passwords ====

RID: 01f4, Username: <Administrator>
RID: 01f5, Username: <Guest>, *disabled or locked*
RID: 03e8, Username: <HelpAssistant>, *disabled or locked*
RID: 03eb, Username: <pnh>, *disabled or locked*
RID: 03ea, Username: <SUPPORT_388945a0>, *disabled or locked*

Select: ! - quit, . - list users, 0x<RID> - User with RID (hex)
or simply enter the username to change: [Administrator]

-disini anda dihadapkan pd pilihan reset utk bbrp username yg ada pd OS windows,usser name akan terlihat bervariasi tergantung banyaknya input usser/group yg anda punya dlm satu OS.
-pilihan pd ussername amat sensitip! tp anda bisa pilih RID yg ada utk antisipasinya,bila kita pilih RID "01f4" mk pilihan akan jatuh pd "ADMINISTRATOR"....!!!
-tp jangan kawatir,sbb pilihan default utk ini adl "administrator" yg mana akan punya banyak akses "menuju jalan ke Roma"...iya kan...?

RID : 0500 [01f4]
Username: Administrator
fullname:
comment : Built-in account for administering the computer/domain

homedir :

Account bits: 0x0210 =
[ ] Disabled | [ ] Homedir req. | [ ] Passwd not req. |
[ ] Temp. duplicate | [X] Normal account | [ ] NMS account |
[ ] Domain trust ac | [ ] Wks trust act. | [ ] Srv trust act |
[X] Pwd don't expir | [ ] Auto lockout | [ ] (unknown 0x08) |
[ ] (unknown 0x10) | [ ] (unknown 0x20) | [ ] (unknown 0x40) |

Failed login count: 0, while max tries is: 0
Total login count: 3

* = blank the password (This may work better than setting a new password!)
Enter nothing to leave it unchanged
Please enter new password: *

-bbrp informasi akan ditampilkan,jg bila account administrator terlock anda akan diminta utk "meng-unlock" sblm aksi yg sesungguhnya terjd.pd bbrp kasus account tersebut di lock utk menghindari "hil-hil yg mustahal"...!!!

-kita akan memilih blank password (*) utk seting ini,dan ini adl HIGHLY RECOMMENDED

Please enter new password: *
Blanking password!

Do you really wish to change it? (y/n) [n] y
Changed!

Select: ! - quit, . - list users, 0x - User with RID (hex)
or simply enter the username to change: [Administrator] !

-pilihan tersebut akan membawa kita ke menu selanjutnya...

<>========<> chntpw Main Interactive Menu <>========<>

Loaded hives:

1 - Edit user data and passwords
2 - Syskey status & change
3 - RecoveryConsole settings
- - -
9 - Registry editor, now with full write support!
q - Quit (you will be asked if there is something to save)

What to do? [1] -> q

5.WRITTING OUT THE CHANGE:...loginlah aku semau aku...!!!

Hives that have changed:
# Name
0 - OK

=========================================================
. Step FOUR: Writing back changes
=========================================================
About to write file(s) back! Do it? [n] : y

-pilihan terakhir,pd pilihan "y mk penulisan password baru akan terjadi.

Writing sam

NOTE: A disk fixup will now be done.. it may take some time

Mounting volume... OK

Processing of $MFT and $MFTMirr completed successfully.

NTFS volume version is 3.1.

Setting required flags on partition... OK

Going to empty the journal ($LogFile)... OK

NTFS partition /dev/ide/host0/bus0/target0/lun0/part1 was processed successfully.
NOTE: Windows will run a diskcheck (chkdsk) on next boot.
NOTE: this is to ensure disk intergity after the changes

***** EDIT COMPLETE *****

You can try again if it somehow failed, or you selected wrong
New run? [n] : n

-selesailah sudah,mk skrg tinggal pake jurus "3 jari sakti" (ctrl+alt+del) utk mengakhiri dan REMOVE floppy atawa disk yg ada sebelumnya...bila login sdh mulai,pilih administrator dan jangan isikan apapun sbg password[b] tekan aja "enter" mk...tuing...tuuuiiing....masuklah dikow pd windows mu tersayang...! n jangan lupa ama password lagi yah,atawa buat nakal yah....



OK...tips ini br saja datang dr seekor temen yg "katanya" ndak isa ngreset paswordnya dgn cara diatas...

1.set bios boot dr cd dan masukkan CD winxp
2.pilih opsi "repair"
3.biarkan apa adanya sampai setup melakukan "copying files"...
4.ssdh selesai mk akan ada pilihan reboot selama 15 detik...biarkan saja.
5.apabila logo "instaling device" muncul gunakan kesempatan itu sebaik mungkin,mk pencetlah "SHIFT + F10" yg mana INI ADL SEKURITI HOLE !!! setelah pencet maka akan muncul command prompt dan segera ketik kan "NUSRMGR.CPL" dan ketik "enter"...dan seketika itu anda akan membypass semua proses dan "MASUK LANGSUNG KE KONTROL PANEL" naaah ssdh itu mudah saja utk merubah,mendelete smua akoun2 yg ada disitu....
6.ssdh anda keluar dr proses epair tsb mk anda akan bebas login sbg apa saja,with or without passwords!!!

silahkan coba.....

<thank's to original poster which is kang MAS)

oh ya ada satu cara lagi jebolin admin pass tanpa program apapun caranya gini deh....


It does not require any 3rd party software, simply a bootable floppy/cdrom. It involves renaming the WINDOWS user database file (SAM) effectively resetting all authentication.

To get access into a locked out system, simply follow these steps. It will work on Windows NT/2000/XP including server editions, becuase of the way authentication is handled by windows.

1> change the boot sequence of your system and set it to boot from the floppy/CD drive.

2> insert the Bootable floppy or CD and power on your system.

3> after the system boots from the drive and halts at a prompt, type the following

cd c: (or wherever your windows partition is located)
cd C:\WINNT\system32\config ( replace c:\WINNT with your windows folder)

now rename the SAM file. The file has no extension so your command can be something like this :

C:\WINNT\system32\config>ren sam sam.bak

Now the next time when you boot, all your passwords will be resetted to blank,as windows rebuilds the user database and the SAM file. Possibly all the users you have defined and any domain aaffiliations may be lost as well.

So use this at your own risk and preferebly on standalone machines which you want to gain access to.

<originally posted from oprekpc>

bagi yang mau recovery password bios...

CmosPwd decrypts password stored in cmos used to access BIOS SETUP.
Works with the following BIOSes

* ACER/IBM BIOS
* AMI BIOS
* AMI WinBIOS 2.5
* Award 4.5x/4.6x/6.0
* Compaq (1992)
* Compaq (New version)
* IBM (PS/2, Activa, Thinkpad)
* Packard Bell
* Phoenix 1.00.09.AC0 (1994), a486 1.03, 1.04, 1.10 A03, 4.05 rev 1.02.943, 4.06 rev 1.13.1107
* Phoenix 4 release 6 (User)
* Gateway Solo - Phoenix 4.0 release 6
* Toshiba
* Zenith AMI

With CmosPwd, you can also backup, restore and erase/kill cmos.

AWARD 4.50 have a backdoor, a generic password : AWARD_SW SOYO motherboard have "SY_MB" as master password for Award 4.51. CmosPwd give equivalent passwords for Award BIOS, not original one

link: http://www.cgsecurity.org/cmospwd-5.0.zip