System Hacking - p.14

Lab 13

Password Recovery Using CHNTPW.ISO

CHNTPWISO is apassiwrd recovery too! 1hat mis on WindonsServer2003, WindonsSener 2008, and Windons 7 Virtual-Machine.

Lab Scenario
Nowadays, attacking the password is one o f die most straightforward hacking attacks. Passwords are the most common access control method used by system administers to manage the usage of network resources and applications. There are numerous feasible methods to crack passwords. To be an expert etliical hacker and penetration tester, you must have sound knowledge of footprinting, scanning, and enumeration. Tins process requires an active connection to the machine being attacked. A hacker enumerates applications and banners in addition to identifying user accounts and shared resources. in this lab, we show you how to erase or recover an admin password using CHNTPW.ISO.

Lab Objectives

Tlie objective of tins lab is to help students learn:
■ Recovering the Password of Windows Server 2008

Lab Environment

To earn* out die lab, you need:
■ CHNTPW.ISO located at D:\CEH-Tools\CEHv8 Module 05 System Hacking\Password Recovery Tools\CHNTPW.ISO\cd110511
■ CHNTPW.ISO is tool to recover/erase the administrator passwords for Windows Server 2008
■ A computer running with Windows Server 2008 as Virtual Machine

Lab Duration

Time: 15 Minutes

Overview of CHNTPW.ISO

ONTPWJSOis an offline NT password and registry editor, boot disk/CD.

Lab Task

1. Start Hyper-V Manager by selecting Start ^ Hyper-V Manager.
2. Before starting diis lab make sure diat Windows Server 2008 Virtual Machine is shut down.
3. Now select Windows Server 2008 Yiitual Machine and click Settings in the  right pane of Hyper-V..Hyper

FIGURE 13.1: CHNTPW.ISO Windows Server 2008 settings

4. Select DVD drive from IDE controller in die left pane of Settings tor Windows Server 2008.
5. Check the Image file option and browse for die location of CHNTPW.ISO, and select Apply->OK.

FIGURE 13.2: CHNTPW.ISO Windows Server 2008 settings

6. Now go to Hyper-V Manager and right-click Windows Server 2008. and select Connect to start Windows Server 2008 Virtual Maclune

FIGURE 13.3: CHNTPW.ISO Connecting to Windows Server 2008

7. Click the Start ^ button; Windows Server 2008 will start.

FIGURE 13.4: starting windows server 2008 O /S

8. After booting, Window will prompt you with: Step one: Select disk where the Windows installation is
9. Press Enter.

FIGURE 13.5: CHNTPW.ISO Step One

10. Now you will see: Step TWO: Select PATH and registry files; press Enter.

FIGURE 13.6: CHNTPW.ISO Step Two

11. Select which part of the registry to load, use predefined choices, or list the files with space as delimiter, and then press Enter.

FIGURE 13.7: CHNTPW.ISO loading registry request

12. When you see: Step THREE: Password or registry edit, type yes (y), and press Enter.

FIGURE 13.8: CHNTPW.I SO Step Three

13. Loaded hives: <SAM><system><SECURITY>
1 — Edit user ckta and passwords
9 — Registry editor, now with hill write support!
Q — Quit (you will be asked if there is something to save)
in What to do? the default selected option will be [1]. Press Enter.

FIGURE 13.9: CHNTPW.ISO loading hives

14. in chntpw Edit User Info & Passwords, press Enter to enter the user name to change

FIGURE 13.10: CHNTPW.ISO chntpw Edit User Info & Passwords

15. 111 the User Edit Menu:
1 — Clear (blank) user password
2 — Edit (set new) user password (careful with diis on XP or Vista)
3 — Promote user (make user an administrator)
4 — Unlock and enable user account [seems unlocked already]
q — Quit editing user, back to user select
The default option, Quit [q], is selected. Type 1 and press Enter.

FIGURE 13.11: CHNTPWJSO User Edit Menu

16. Type ! after clearing die password of die user account, and press Enter.

FIGURE 13.12: CHNTPWISO Password Cleared

17. Load hives: <SAM><system><SECURTTY>
1 - Edit user data and passwords
9 - Registry editor, now with full write support!
Q — Quit (you will be asked if diere is somediiiig to save) in What to do?, the default selected option will be [1]. Type quit (q), and press Enter.

FIGURE 13.13: CHNTPWJSO loading hives Quit option

18. In Step FOUR: Writing back Changes, About to write file(s) back! Do it?,
here die default option will be [n]. Type yes [y] and press Enter.

FIGURE 13.14: CHNTPW.ISO Step Four

19. Tlie edit is completed.

FIGURE 13.15: CHNTPWJSO Edit Completed

20. Now turn off die Windows Server 2008 Virtual Machine.
21. Open Hyper-V Manager settings of Windows Server 2008 and change die DVD drive option to None from IDE Controller 1 and then select click Apply ״>OK.

FIGURE 13.16: CHN1PW.ISO Windows Sender 2008 Setri!1gs

22. Go to Windows Server 2008 Virtual Maclune, and click the Start button

22. Go to Windows Server 2008 Virtual Maclune, and click the Start button

23. Windows server 2008 boots without requiring any password

FIGURE 13.18: Windows Server 2008 Window

Lab Analysis
Analyze and document die results related to the lab exercise.

Questions
1. How do y o u configure CHNTPW.ISO in Windows Server 2008 Virtual Machine Settings?