How to Break Into a Windows PC (And Prevent It ...

http://lifehacker.com/5674972/how-to-break-into-a-...

LOGIN TOP STORIES LATEST STORIES SUNDAY, JAN 8, 2012

TIPS AND DOWNLOADS FOR GETTING THINGS DONE

7,621 HOW TO Open a Beer with Your Forearm

PASSWORDS

107,084 LIFEHACKER TOP 10 Top 10 Ways to Break Into and Out of Almost Anything BY WHITSON GORDON OCT 27, 2011 4:30 PM 686,112 552 2,452 WEBAPPS iKeepm is a Simple Free Inventory Webapp for All Your Stuff 17,111 HIVE FIVE Five Best Goal Tracking Services

How to Break Into a Windows PC (And Prevent It from Happening to You)

If you're trying to break into a Windows computerwhether you've forgotten your password or are hatching an evil planyou have quite a few options. Here's how to do it, and how to keep your own computer protected.

FOLLOW LIFEHACKER

WEEKEND PROJECTS13,423 DIY Garage Ceiling Storage System

There are a few methods to breaking into a computer, each with their own strengths and weaknesses. We'll go through three of the best and most common methods, and nail down their shortcomings so you know which one to useand how to exploit their weaknesses to keep your own computer secure.

ASK THE COMMENT 6,930 "Have any of you bought an iPad and found that you dont need/use your smartphone anymore?" WINDOWS DOWNLO 15,384 Movie Explorer Compiles Details for All Those Movies on Your Hard Drive WEEKEND PROJECT 37,386 Build a Jig to Cut Wine Bottle Drinking Glasses for $12 7,531 IKEA HACKS Hack an Ikea Lamp into an Adjustable Webcam Mount WEEKENDHACKER 63,120 Make Apartment Living More Bearable This Weekend 71,199 MACGYVER TIPS Convert an Orange Into a Candle with a Little Kitchen Oil 44,986 JAILBREAK The Best Jailbreak Apps for iOS 5

The Lazy Method: Use a Linux Live CD to Get at the Files

If you don't need access to the OS itself, just a few files, you don't need to go through much trouble at all. You can grab any Linux live CD and just drag-and drop files onto a USB hard drive, as you would in any other OS. How It Works: Just download the live .iso file for any Linux distribution (like the ever-popular Ubuntu) and burn it to CD. Stick it in the computer you want to access and boot up from that CD. Pick "Try Ubuntu" when it comes up with the first menu, and it should take you right into a desktop environment. From here, you can access most of the hard drive just by going to the Places menu in the menu bar and choosing the Windows drive. It should see any NTFS drives just fine. Note that depending on the permissions of some files, you might need root access. If you're having trouble viewing or copying some files, open up a terminal window (by going to Applications > Accessories > Terminal) and type in gksudo nautilus, leaving the password blank when prompted. You should now have access to everything. How to Beat It: This method can give you access to the file system, but its main weakness is that the malicious user still can't access any encrypted files, even when using gksudo. So, if the owner of the

1 of 6

01/08/2012 08:27 PM

How to Break Into a Windows PC (And Prevent It ...

http://lifehacker.com/5674972/how-to-break-into-a-...

computer (or you) has encrypted their files (or encrypted the entire OS), you won't get very far.

Sneaky Command-Line Fu: Reset the Password with the System Rescue CD
If you need access to the operating system itself, the Linux-based System Rescue CD is a good option for breaking in. You'll need to do a bit of command line work, but as long as you follow the instructions closely you should be fine. Hat tip to our friends at the How-To Geek. How It Works: Just download the .iso file for the System Rescue Live CD and burn it to disc. Boot from the disc and hit the default option when the blue screen comes up. After everything loads and you're presented with a command-line interface, type fdisk -l to see the drives and partitions on your computer. Pick the Windows partition (usually the largest NTFS partition) and note the name, e.g. /dev/sda3. Then, run the following command:

53,924 READING How to Boost Your Reading Comprehension by Reading Smarter and More Conscientiously FOR WHAT IT'S WOR29,641 Remains of the Day: Microsoft Stores Selling Computers Without Bloat 15,317 MIND HACKS Replace Compulsive Shopping with Exercise to Save Money and Get Healthy BEST TIME TO BUY 32,257 The Best Days of the Week to Buy Almost Anything 32,584 MIND HACKS Why Placebos Work, and How You Can Use the Placebo Effect to Accomplish Your Goals 3,746 TRAVEL Pack Shoes in Hotel Shower Caps to Keep Your Luggage Contents Clean 23,983 SOPA Stay On Top of the Fight Against SOPA/PIPA with These Tools

Make sure to replace /dev/sda3 with the partition you noted earlier. Next, cd to your Windows/System32/config directory with this command:

We want to edit the SAM file in this folder, so type the following command to get a list of users:
ANDROID ROOTING 35,723 Unlock Root Roots Nearly 250 Android Devices in One Click

Note the username you want to access, and then type the following command, replacing Whitson Gordon with the username in question.

[UPDATED] 69,346 PRIVACY How to Find Out if Someones Secretly Been Using Your Computer 14,090 DOWNLOAD ROUNDU This Weeks Top Downloads 31,042 ASK LIFEHACKER What Appliances Are Worth Upgrading? 15,576 LINUX Get Linux Compiles Information, Screenshots, and more for Tons of Linux Distributions for Easy Reference 25,319 ASK LIFEHACKER How Can I Organize My RSS Feeds So Theyre More Manageable? 14,498 CLEVER USES Cover Furniture Scratches with Coffee Grounds

At the next screen, choose the first option by typing the number 1 and hitting Enter. This will clear the user password, making it blank. When it asks you to write hive files, hit y and press Enter. It should say OK, and then you can type reboot to reboot the computer. When you boot into Windows, you'll be able to log in to that user's account without a password. How to Beat It: Once again, the weakness of this method is that it still can't beat encryption. Changing the password will disallow you access to those encrypted files, which, if the user has encrypted their entire OS, makes this method pretty useless. If they've only encrypted a few files, though, you'll still be able to access all the unencrypted stuff without a problem.

Brute Force: Crack the Password with Ophcrack

Where the other two methods are vulnerable to encryption, this method will give you full access to everything the user can access, including encrypted files, since this method relies on finding out the user's password instead of bypassing it. How It Works: We've actually gone through this method before, but it doesn't hurt to have a refresher. All you need to do is download and burn the Ophcrack Live CD (use the Vista version if you're cracking a Windows 7 PC) and boot from it on your computer. It'll take a little bit of time to boot, but eventually it will bring you to a desktop environment and start attempting to crack passwords. This may take a

2 of 6

01/08/2012 08:27 PM

How to Break Into a Windows PC (And Prevent It ...

http://lifehacker.com/5674972/how-to-break-into-a-...

while. You'll see the passwords pop up in the top pane of the window, though, when it finds them (or, if it doesn't find them, it'll notify you). You can then reboot and log in to Windows using those passwords. How to Beat It: While this method works on encrypted OSes, it can't crack every password out there. To increase your chance of having an uncrackable password, use something complicated and greater than 14 characters. The stronger your password, the less likely Ophcrack will be able to figure it out. There are a lot of methods to break into a Windows computer (in fact, we've featured some of them before), but these are a few of the best and most widely useful. Apart from encryption, very little can stop the first two methods, and on those occasions you have Ophcrack to possibly fall back on. Got your own favorite method for getting into your computer without a password? Share it with us in the comments.
Lifehacker's Evil Week is all about topics such as password cracking, social hacking and other questionable tricks to make sure you're in the know. Knowledge is power, and whether you use that power for good or evil is in your hands.

You can contact Whitson Gordon, the author of this post, at whitson@lifehacker.com. You can also find him on Twitter, Facebook, and lurking around our #tips page.

Contact Whitson Gordon:

RELATED STORIES

EMAIL THE AUTHOR

COMMENT

FACEBOOK

TWITTER

When to Give Your Girlfriend Your Password GIZMODO Password Security Scanner Audits the Passwords Stored in Windows Programs Visual Hashing Makes Sure You Never Mistype Your Passwords

DISCUSSION THREADS

FEATURED

ALL

START A NEW THREAD

allenrotstein

28 Oct 2010 3:29 AM

Pop quiz: How can i find out a BIOS password? I mean, how to crack it.. Anyone?
promoted by kellanpan

okidokedork @allenrotstein

@allenrotstein: There is usually a cmos reset jumper pin on the motherboard that can accomplish this for you. I think taking out the cmos battery would probably work too, but I never bothered trying that, always just used the jumper.
kellanpan @allenrotstein

@allenrotstein: Simply removing the internal battery for a ~5 min resets it. You can also remove and replace the jumper on the motherboard that clears the CMOS.
tm36usa @allenrotstein

@allenrotstein: And if its a Dell it already has a password bypass jumper. Simply remove the jumper and the password will be disabled. It doesn't clear it but at least its a quick way around it in a pinch.
mumin @kellanpan

@kellanpan: whoa! the simplest solution ever! i mean... ever!! I will file this somewhere in the back of my brain. Might come in handy some time in the future. thanks!
verspasian @kellanpan

@kellanpan: Nice one :) That'll come in handy for some people I know.

3 of 6

01/08/2012 08:27 PM

How to Break Into a Windows PC (And Prevent It ...

http://lifehacker.com/5674972/how-to-break-into-a-...

lcoursey @allenrotstein

@allenrotstein: If the drive is not married to the mobo, just remove it and boot it in another machine.
python2121 @kellanpan

@kellanpan: Funny story, my aunt (who I hated/hate) used to set a bios password to lock my cousin out of his computer. They were not happy when they found out that I showed him how to move the jumper, and the linux live cd for changing passwords. :-) I learned something too from the experience. Never help a snitch.
xillwillx @allenrotstein

@allenrotstein: this site has a few different methods depending on which model you have [www.whatsmypass.com] when all else fails just pay $10 and have them recover it for you [www.whatsmypass.com]
tw@t @allenrotstein

@allenrotstein: ummm.. Try BIOS manufacturer back door passwords first.

tw@t @allenrotstein

@allenrotstein: Maybe removing CMOS battery would help.

jddf @allenrotstein

@allenrotstein: Removing the battery will not work for everything there are other ways of finding out what the password is too. The link may help [www.elfqrin.com]
mrsayao @allenrotstein

@allenrotstein: If you've got a laptop, it's a little harder. Try [dogber1.blogspot.com]

coreynolds @allenrotstein

@allenrotstein: There may be a master BIOS password implemented by the manufacturer. Lots of password lists can be found with simple web searches.
coreynolds @kellanpan

@kellanpan: Set the BIOS to boot from hard disk only, use supervisor and user passwords to prevent it being changed, and lock the case shut to prevent the CMOS from being cleared.
capnsouth @allenrotstein

@allenrotstein: yea, just pop the battery out and back in. I literally learned this in the 3rd grade, when my dad used to password lock the bios on his 286. Take that dad!
allenrotstein @capnsouth

Yup, sounds really easy, but my board has a double BIOS feature that saves the password even if you pop the battery.. (duh, that was the first thing i tried.. haha). Short circuiting the mobo sens to work tho..

4 of 6

01/08/2012 08:27 PM

How to Break Into a Windows PC (And Prevent It ...

http://lifehacker.com/5674972/how-to-break-into-a-...

adml_shake @allenrotstein

Most PC makers have backdoor passwords, just google whoever made the tower
Brainy142 @allenrotstein

most bios passwords have a manufacturer password that will override any password a user has made
TechnicalBoy @allenrotstein

Sorry, most modern machines now don't allow the Jumper Reset or Battery trick any more. Article about it here: [www.experts-exchange.com] Think this will cost you $$$ for either the manufacturer or a third-party to fix.
habibjp @mrsayao

just take out the main battery, unplug it and hold the power button for 30secs. BIOS reset.
criostage @allenrotstein

In "regular" PC's Disconnect the it from the power, open the case take off the battery inserted into the board ([www.technibble.com]) wait between 5 to 30s. Insert the battery again connect the power supply and all BIOS Settings should be erased including password. In not "regular" PC's (ex: DELL or Lenovo brands) you will have to consult the manual how to perform an bios password reset, usually involves in using jumpers in an certain position to be able to do it ([www.tech-faq.com])
jasondraime @kellanpan

@kellanpan: You don't even need to wait 5 minutes. Short the positive and negative terminals for the CMOS battery and press the power button (all while the PSU is disconnected of course) to clear the charge out of the caps.
weezeee @allenrotstein

unplug, take out BIOS cell battery (might involve soldering), count to 30, re-insert battery
Mr.Gawn @okidokedork beat me to it

veeSix @allenrotstein

Someone did something like that on a laptop at our office (then got fired after a year and forgot his password) and our IT guys are stumped trying to crack it.
TomXP411 @allenrotstein

Wow. Turns out a lot of people replied to THAT one... :-) I have yet to meet a PC that doesn't respond to the battery-pull method, but there probably are some. Newer PC's use Flash memory for their BIOS, so the password can be hard-coded in such a way that a CMOS battery pull won't fix it. In that case, you've got to resort to other methods, already described above.
Edited by TomXP411 at 10/28/11 1:43 PM

TomXP411 @capnsouth

5 of 6

01/08/2012 08:27 PM

How to Break Into a Windows PC (And Prevent It ...

http://lifehacker.com/5674972/how-to-break-into-a-...

heh. Back in the '286 days, I used the keyboard lock to keep my brother and his friends from digging in to my computer. Worked most excellently.
StarControl @allenrotstein

remove the battery for a couple of minutes .. put it back in ... done-o. Some mobo-s have a jumper that you have to "short" but yeah. Ultimately "physical access" = "complete access". It's just a matter of how easy it is to get in (i.e. encrypted or not, password 4 characters or 564 characters and symbols).
JakeDaynesPPCA @mrsayao

Yeah, I've had to reset a Toshiba laptop's bios - you actually have to short a contact point on the mobo to do it - scary as shit.
ZenInsight @mumin My thought too.

About

Help

Forums

Jobs

Legal

Privacy

Permissions

Advertising

Subscribe

Send a tip

6 of 6

01/08/2012 08:27 PM