How to retrieve Window’s password using Pwdump7 and John the Ripper.

In Microsoft Windows user account password and information are stored in a file called SAM(Security Accounts Manager).The SAM file is stored in “%systemroot%\system32\config” and also a backup copy of the file is also stored in ”%systemroot%\repair”.

In Windows Sp3 and later versions the SAM file is by default locked with syskey enabled so we cannot open it as such and view its content so here in this post I will show you how we can crack it and retrieve the hash.


1.Pwdump7: (Download)

2.John the Ripper. (Download)


Step 1. You need to have the administrative privilege then open up command prompt window ,using command prompt go to the directory where pwdump7 is present and follow the on screen information as shown below.

Step 2. After all the hashes are being displayed on the command prompt screen right click on the title bar copy it then paste and save it in a text file .First right click and mark the screen before copying.Here I have saved it as pw-hash.txt

Step 3.Having downloaded John the ripper browse into the John’s root directory and use the command as shown in the image below.

Step 4.The command we have used above is “C:\JOHN\RUN>john-386 C:/pw-hash.txt –users=Administrator”,the format of the command is “john-386 [Hash file path] –users=[Username]”.Here the the hash file path is “C:/pw-hash.txt” and the username is “Administrator”,by using the above command then the John will search for the password of Administrator.

You can also use “C:\JOHN\RUN>john-386 C:/pw-hash.txt” so that John will search for the password of all the usernames available.

If you find this post useful then do drop a comment it will be appreciated.
Suggest Article

Subscribe to Posts....

Enter your Email-ID and get "Security Tips and Hacking Tutorials"alert in your inbox,we promise to keep your email private and safe.

comment 10 comments:

Usi@Hacking on October 28, 2010 at 9:01 PM said...

hey is there any solution if we don't have access to anything in pc, means no admin for any access?

Satyajit (Admins,a.k.a Satosys) said...

Yeah you can go for "Metasploit"...its a pretty good option... :)

Thanks for visiting.... :)

john on November 2, 2010 at 10:51 PM said...

just phenomenal,very usefull

Shabnam Sultan on November 19, 2010 at 9:42 AM said...

Very useful one :) will try it.

Satyajit (Admins,a.k.a Satosys) said...

@Shabnam Thanks that you liked it... :)keep visiting.

Sohbet on November 24, 2010 at 4:41 AM said...

Thx very usefull.

Jimmy on November 24, 2010 at 8:49 PM said...

nice tip...thnx for sharing it :-)

JT on May 24, 2012 at 12:47 PM said...

this is really useful thanks
for pointing me in the right direction - I had forgotten a lot of this - but needed a refresher for my CEH


Anonymous said...

Thanks a lot for the tutorial,
it helps me out for the CEH certification.
but i m stucked.....that how can i get hashes remotely

irfan ayub on August 28, 2013 at 12:08 PM said...

plz guid me

Post a Comment

This blog is "DoFollow",Use a "Real Name" rather than using "Keywords" otherwise comment will be rejected.

Delete this element to display blogger navbar

© 2018 SecurityHunk All Rights Reserved and Template by Fresh Blogger Templates