I have tried all possible ways and solutions. in this text I'm only gonna write as short as possibly how to get your forgotten administrator password back. Of course you will only use this to get your own administrator password back... : ) If you get somebody else administrator password and mess up that computer the "real administrator" gets pretty pissed off! Trust me... :)
I will also include all the progs I use to get "my administrator" password. Ok, let's cut the bullshit.
First off all, there is no right and only way of doing this. It all depends on the situation. Let's begin with scenario one:
You can log in with an other user-name besides administrator. This is the most simple way. Once you are logged in, the rest is very simple. First, there are three programs we can use now: LC3, pwdump2 or sam dump. If you can install LC3 on the computer, everything is bueno. But lets assume that without administrator rights you won't be able to install anything (like in my case). Pwdump2 also needs administrator rights to be run so we won't use that one eighter. But samdump can be! Let's use that one. samdump is a very small and clever program that dumps the sam database to a text file. Use it like this from the dos prompt: samdump > hashes.txt Now we have the password hashes in a text file called hashes.txt. Alright, now we have the administrator password!! Yeah! Well, not quite. Instead do the following: copy hashes.txt to a floppy. Now we'll need another program, LC3. Install LC3 on a computer where available. Then when ready installed: new session > import PWDUMP file. Open the hashes.txt from your floppy. Run the program. LC3 will now use password lists AND brute-force on the samdump. Finally you will get the administrator password (all depends on your computer speed. With a 500-700mhz it should take from 5minutes to 20 hours.)
That was scenario one. Now to scenario two.
Let's assume that we can't log in to the computer and run samdump. Now it's a litle bit harder to get the samdatabase. Now you'll need a bootable windows 98 startup floppy. I'm not providing you with it. If you can't get or do one yourself, don't bother to get the
administrator password eighter. In that case there are more important things to do... Ok, now when you got the 98 floppy, put it inside the floppy drive. And if there is no floppy drive you can do a bootable 98 cd too, or just use the windows 98 cd. now when the computer has booted from your 98 disk, browse to %root%winnt/system/ There write:
copy sam a:\ (yees, of course.. put in a blank formatted floppy...) Now you can use the LC3 cracking program to get the administrator password. Like above but instead of
PWDUMP you take sam file.
Ok, what if %root% were windows is installed has NFTS??! Ok, don't panic. I have the solution for you. NTFSDOS! Boot with your windows98 floppy and when booted insert the floppy with NTFSDOS. Run NTFSDOS. Copy the samfile to a floppy...
There is also another program called NTFSDOSpro. It can write to the NTFS partition! If you are in a hurry you can simply remove the sam file. (don't do this on somebody elses computer, the administrator will notice it immediately!! And that is no good.) When sam is removed, simply log in with administrator and leave password blank. If any errors occure, just press ok.
Ok, what if I can't boot from floppy, CD or get into windows, then what??! Now we have to crack the bios to get the bios password so we can change the boot media. To do this, use known backdoors. Here is a link to a fairly new one for several bioses. If that doesn't work, try to download a bios flash disk and see if it boots from it (can't provide you with them because there are hundreds of them! use a search engine.) And if that doesn't work, try to remove the bios battery and see if it will reset the bios.
I will provide you with more stuff later on braking bioses!