How To Break Into A PC (And Prevent It From Happening To You)

If you're trying to break into a Windows computer — whether you've forgotten your password or are hatching an evil plan — you have quite a few options. Here's how to do it, and how to keep your own computer protected.

There are a few methods to breaking into a computer, each with their own strengths and weaknesses. We'll go through three of the best and most common methods, and nail down their shortcomings so you know which one to use — and how to exploit their weaknesses to keep your own computer secure.

The Lazy Method: Use a Linux Live CD to Get at the Files

If you don't need access to the OS itself, just a few files, you don't need to go through much trouble at all. You can grab any Linux live CD and just drag and drop files onto a USB hard drive, as you would in any other OS.

[image url="http://cache.gawkerassets.com/assets/images/17/2011/10/ubuntu_1010_splash.png" size="legacy" align="right" How It Works: Just download the live .iso file for any Linux distribution (like the ever-popular Ubuntu) and burn it to CD. Stick it in the computer you want to access and boot up from that CD. Pick "Try Ubuntu" when it comes up with the first menu, and it should take you right into a desktop environment. From here, you can access most of the hard drive just by going to the Places menu in the menu bar and choosing the Windows drive. It should see any NTFS drives just fine.

Note that depending on the permissions of some files, you might need root access. If you're having trouble viewing or copying some files, open up a terminal window (by going to Applications > Accessories > Terminal) and type in gksudo nautilus, leaving the password blank when prompted. You should now have access to everything.

How to Beat It: This method can give you access to the file system, but its main weakness is that the malicious user still can't access any encrypted files, even when using gksudo. So, if the owner of the computer (or you) has encrypted their files (or encrypted the entire OS), you won't get very far.

Sneaky Command-Line Fu: Reset the Password with the System Rescue CD

If you need access to the operating system itself, the Linux-based System Rescue CD is a good option for breaking in. You'll need to do a bit of command line work, but as long as you follow the instructions closely you should be fine. Hat tip to our friends at the How-To Geek.

How It Works: Just download the .iso file for the System Rescue Live CD and burn it to disc. Boot from the disc and hit the default option when the blue screen comes up. After everything loads and you're presented with a command-line interface, type fdisk -l to see the drives and partitions on your computer. Pick the Windows partition (usually the largest NTFS partition) and note the name, e.g. /dev/sda3.

Then, run the following command:

ntfs-3g /dev/sda3 /mnt/windows –o force

Make sure to replace /dev/sda3 with the partition you noted earlier. Next, cd to your Windows/System32/config directory with this command:

cd /mnt/windows/Windows/System32/config

We want to edit the SAM file in this folder, so type the following command to get a list of users:

chntpw –l SAM

Note the username you want to access, and then type the following command, replacing Whitson Gordon with the username in question.

chntpw –u "Whitson Gordon" SAM

At the next screen, choose the first option by typing the number 1 and hitting Enter. This will clear the user password, making it blank. When it asks you to write hive files, hit y and press Enter. It should say OK, and then you can type reboot to reboot the computer. When you boot into Windows, you'll be able to log in to that user's account without a password.

How to Beat It: Once again, the weakness of this method is that it still can't beat encryption. Changing the password will disallow you access to those encrypted files, which, if the user has encrypted their entire OS, makes this method pretty useless. If they've only encrypted a few files, though, you'll still be able to access all the unencrypted stuff without a problem.

Brute Force: Crack the Password with Ophcrack

Where the other two methods are vulnerable to encryption, this method will give you full access to everything the user can access, including encrypted files, since this method relies on finding out the user's password instead of bypassing it.

How It Works: All you need to do is download and burn the Ophcrack Live CD (use the Vista version if you're cracking a Windows 7 PC) and boot from it on your computer. It'll take a little bit of time to boot, but eventually it will bring you to a desktop environment and start attempting to crack passwords. This may take a while. You'll see the passwords pop up in the top pane of the window, though, when it finds them (or, if it doesn't find them, it'll notify you). You can then reboot and log in to Windows using those passwords.

How to Beat It: While this method works on encrypted OSes, it can't crack every password out there. To increase your chance of having an uncrackable password, use something complicated and greater than 14 characters. The stronger your password, the less likely Ophcrack will be able to figure it out.

There are a lot of methods to break into a Windows computer (in fact, we've featured some of them before), but these are a few of the best and most widely useful. Apart from encryption, very little can stop the first two methods, and on those occasions you have Ophcrack to possibly fall back on. Got your own favorite method for getting into your computer without a password? Share it with us in the comments.

Lifehacker's Evil Week is all about topics such as password cracking, social hacking and other questionable tricks to make sure you're in the know. Knowledge is power, and whether you use that power for good or evil is in your hands.


Comments

    For resetting the system password, there's a handy tool called 'offline NT password & registry editor' that leads you gently through the process. It's available on UBCD, and pretty awesome.

    Ophcrack can also be installed locally. You can install it on your machine, grab the SAM file from the computer you need access to, and let the program take as long as it needs.

    Boot from Windows PE, Windows RE or Linux Live and access the command prompt.

    Change the drive letter on the following statements for those systems where Windows isn't on C:\

    Backup Sethc, then replace it with cmd;

    "backup c:\windows\system32\sethc.exe"
    "copy /y c:\windows\system32\cmd.exe
    c:\windows\system32\sethc.exe"

    Reboot the normal system and at the logon screen, press the SHIFT key five times.

    You should see a command prompt where you can enter the following command to reset the Windows password;
    "net user user_name new_password"

    If unsure of the username just type "net user" for a list of accounts.

    You can now log on with the new password.

    Your 'How to Beat It' section should actually read as follows:

    All these methods have one thing in common- they require booting the computer from a device other than the installed operating system. To safeguard against this method, modify your bios settings so that the following are true:

    -The only device that the computer is set to boot from is the hard drive with the OS installed
    -Disable booting from USB devices (probably redundant if you do the first step properly, but better safe than sorry)
    -Password protect the bios with a strong password
    -Prevent physical access to the inside of the machine (which would allow clearing of the bios settings via jumper or battery removal). Many computer cases have a spot where you could put a small padlock that would prevent the side panel from being removed, for example

    This will stop all but the most determined person from breaking in to your windows installation. Ultimately though if someone has physical access to the machine, its game over.

    Man, I should write for you guys.

      Hahahaha +1

      The best preventative solution to stop anyone hacking your box is to prevent them from having physical access to your box. So, don't have parties, housemates, family, or thieves. Check and mate.

        lol, well it doesn't have to be quite so drastic as that. Preventing people from gaining physical access can be done in many different ways. Other than preventing access to the insides of the case (which will stop most people anyway) you could always lock the actual computer case away in an under-desk cupboard of some kind. Not the best idea for cooling/airflow, but good luck trying to use any of the common 'hacking' tools mentioned if you can't change the bios to let you boot from them (or even access the machine to plug them in).

        The tone of my first post was probably a bit harsh actually- the methods in the article are valid. I'm just surprised that the whole issue of physical access wasn't mentioned.

        Else for casual system security I've usually found the the good old "delete mouse and keyboard from desk and/or power lead(s) from wall socket" tends to slow the bastards down... :)

      Excellent response. I'd put this at number one since, unless the OS is encrypted, booting up from a DVD, CD or USB means someone can install virus, key loggers or other malware. Of course if you forget that BIOS password....

        Nope - both this reply and article just makes people think that their data is more secure than it really is. You actually the nail on the head - simply encrypt your drives.

        No messing around with padlocks, jumpers, BIOS settings, user accounts etc. - it's a monumental waste of time and effort. Ocram's razor and all that.

      Actually the easiest and best prevention is just Truecrypt your whole drive - it's one install and about 10 clicks of a mouse. Folk can boot off discs/USBs, hack your BIOS, whip out your drive after opening your case but it's all irrelevant.

      Anything else mentioned in this article and with all due respect your reply, is more like just making you feel more secure than you actually are.

      If you're going to protect your data do it once and do it properly.

    so does windows 7 bitlocker drive encryption work well enough? (does bitlocker slow down pc?)

    I have Truecrypt full disc encryption so nobody is getting their hands on my data...

    If I wanted to access a system I'd just carry Konboot on a USB drive on my keychain...

    I'm surprised not to see this, as it's both the sneakiest and easiest method of them all. I'm unsure if it will unlock bitlocker encrypted files though.

    The tool is called kon-boot, when booted from a piece of media it allows you to type anything into the password field and gain access to the account. No changes are made to password files and you're in the native Windows GUI, perfect.

    http://www.piotrbania.com/all/kon-boot/

    Put on a pair of boots. Kick your computer. You have successfully booted your computer, regardless of encryption, OS and time. =)

Join the discussion!

Trending Stories Right Now