10 December 2008

Hacking WinXP

We all know WinNT's SAM file, the file where all the passwords are stored.
We also know how easy it is to crack that file and get accesss to all user accounts.

Thaught the problems were fixed in WinXP?
WRONG!!

Again, MS had shown us they are stupid. XP... whatever...

To get to the SAM file with the GUEST (!!!) account, all you have to do is to find the "System Restore" directory.
This is the directory where all of your computer registry, files you open and logs of stuff you do are being stored.

Since this place is being cleaned rarely (maybe never), it could get up to 500+ MB!
The name of the System Restore directory is not accessable by the "regular" methoods.

It should look like this: (i think its diffrent for every comp)

C:\System Volume Information\_restoreEFD2B458-5961-41F9-973B-04938D33D24E\

The "System Volume Information" dir is not accessable, even for an administrator, and even if you try accessing
the "_restoreEFD2B458-5961-41F9-973B-04938D33D24E" dir right away, you wont succeed (this was fixed in an update).

So what do we do? Back to the DOS ways!
Just enter drive C:\ (or whatever drive they installed it too).

Oh no! the files are hidden!! Is that suppose to scare someone???

Click there to view the files, and in the address bar, write:

C:\system~1\_resto~1\

You're in!
See these folders? each of them is a season that was preformed in windows.
Enter the most current one (the highest number), and then to the "snapshot" dir.
See this? _REGISTRY_MACHINE_SAM



Lifehacker