This works wheder its windows 2000 or windows xp or windows xp SP1 or SP2 or windows server 2003. This works even if syskey encryption is employed.

If it is FAT filesystem

Just copy de sam file like stated in de first post to an empty floppy disk and take it home. I’ll tell you what to do with it later. DON’T DELETE THE ORIGINAL SAM FILE. Just remove its attributes. The sam file is a file called SAM with no extension. YOU MUST ALSO GET a file called SYSTEM which is in de same folder as SAM. Both files have no extensions.

If it is NTFS

You have to download a program called NTFSPro. It allows you to read from ntfs drives. The themo version allows read only. The full version is read-write. You use de program to create an unbootable disk (so u will still need anoder bootable disk and an empty disk) that has de required files to access NTFS.

Use de boot disk to get into dos, den use de disks created with ntfspro to be able to access de filesystem, den copy de SAM and SYSTEM files to anoder empty disk to take home.

AT HOME: You have to get a program called SAMInside. It doesn’t matter if it is themo version. SAMInside will open de SAM file and extract all de user account information and deir passwords, includin’ administrator. SAMInside will ask for de SYSTEM file too if de computer you took de SAM file from has syskey enabled. Syskey encrypts de SAM file. SAMInside uses SYSTEM file to decrypt de SAM file. After SAMInside finishes, you still see user accounts and hashes beside them. The hashes are de encoded passwords. Use SAMInside to export de accounts and deir hashes as a pwdump file into anoder program, called LophtCrack. It is currently in version 5, it is named LC5. The previous version, LC4 is just as good. You need de full or cracked version of de program. LC5 uses a brute force method by tryin’ all possible combinations of letters numbers, and unprintable characters to find de correct password from de hashes in de pwdump file imported into it from SAMInside. This process of tryin’ all passwords might take 5 minutes if de password is easy, up to a year if de password is lon’ and hard (really really hard). LC5 howver, unlike LC4, is almost 100 times faster. Both can be configured to try dictionary and common words before usin’ all possible combinations of everythin’. Once de correct password is found, it will display de passwords in clear beside each account, includin’ administrator.

I use this method so many times. I’ve compromised de whole school computer infrastructure. LC4 usually took between 1 second and 10 minutes to find de passwords because dey were common words found in any en’lish dictionary. I haven’t used LC5 yet.

Programs needed:
SAMInside (doesn’t matter which version or if themo)
LC4 or LC5 (lophtcrack)( must be full version)
NTFSPro (doesn’t matter if themo)
Any bootdisk maker

There are several occasions where you will be at a public terminal and need to bypass web filters, and require access to a particular website that is blocked for some reason or anoder. How to bypass dese restrictions is a very common question, and will be covered here.

Lets pretend for a moment that de Internet is made up of 26 websites, A-Z. The web filter blocks your browser from accessin’ sites X-Z, but not sites A-W. Simply make de browser think you’re goin’ to A- W. There are a variety of ways to do this:

Proxy Servers:
This is a list of http proxies. These sites may not be up forever, so you may need to search for “free http proxy” or “public proxy servers” or oder similar terms.

Proxy server lists:
www.aliveproxy.com
www.multiproxy.org
www.publicproxyservers.com/index.html
www.tehbox.com/proxy
www.proxz.com
www.proxy4free.com/index.html
free-proxies.com

Now that you have a list of proxies, you would open IE (internet explorer) and click on Tools > Internet Options > Connections > LAN Settin’s > Advanced. Enter de address and port of one of de servers from de list in de proper area (http) and make sure de “use a proxy server for your LAN” option is selected. Remember to replace de proxy and port at your terminal to de original when you’re done.

Note: Some proxies listed may not work, and this method may decrease your surfin’ speed. By tryin’ various entries, you’ll find one that works, or works faster.

The infamous translation trick:
Go to a web page translation site and use deir services to “translate a page to En’lish” thus accessin’ de blocked page through deir trusted site.

You’ll notice that several translation sites are blocked, but by usin’ less popular ones, this method can still be effective. Here is a list of some translation services. Again, dese sites may not be up forever, so you may need to search for them.

babelfish.altavista.com
world.altavista.com
translation.langenberg.com
freetranslation.com/web.thm

Url Scriptin’:
Url scriptin’ is de easiest method. It works on a select few web filters and is based on de same principal as de translation trick. By typin’ and address like “www.yahoo.com@www.restricted_site.com de filter will not go into effect as it recognizes de trusted site (in this case yahoo.com)

Oder tricks:
Simply open de command prompt and type:
Pin’ restricted.com, restricted.com obviously bein’ de restricted site. At this point you can take down de IP address (ex. 216.109.124.73) and enter it into de browser. If access to de command prompt is also restricted, see “How to bypass restrictions to get to de command prompt.” If this article has been taken from information leak, den know that it involves anythin’ from openin’ de browser, selectin’ view > source, den savin’ it as X.bat and openin’ it to openin’ a folder or browser and typin’ in de location of cmd.exe dependin’ on de OS. I will not go into furder, as this a completely different topic.

Use restrictedsite.com as referrin’ to it as a secured site may confuse de filter.

Note: These are ancient methods that many new filters defend against, but still may be applicable in your situation. If not, a little history never hurt anyone.

Web based Proxies:
Anoder one of de easier, yet effective methods include web based proxies. These are simple in de fact that you just enter de restricted address and surf! Some of dese have some restrictions, like daily usage limits, etc but you can also use anoder proxy (perhaps one that sucks, like a text only) to bypass deir restrictions as well. Here is a list of some:

proxify.com
www.anonymizer.com/index.cgi
www.guardster.com/
anonymouse.ws/anonwww.html
www.de-cloak.com/login.html
www.megaproxy.com/freesurf
www.anonymizer.ru
nadaily.com/cgi-bin/nph-proxyb.cgi
www.userbeam.de/cgi-bin/nph-userbeam.cgi
www.free2.surffreedom.com/nph-free.cgi

Proxy Programs:
There are many proxy programs that allow you to surf anonymously that are more or less based on de same topics we’ve covered here. I’ve added them just to cover de topic thoroughly:

www.hotscripts.com/Detailed/28480.html
www.inetprivacy.com/a4proxy/anonymous-grc.htm
www.oran\’atan\’o.com/home/index.ie.html
www.steganos.com
www.anonymization.net toolbar that requires admin rights to install

Makin’ your own CGI proxy server:
Makin’ your own proxy server may come in handy, but I personally find that simply uploadin’ a txt file with a list of proxies to a free host makes for a much easier and headache free solution. If you don’t know PERL, dere is code out dere to help you set it up. Check out dese sites for more info:

httpbridge.sourceforge.net
www.jmarshall.com/tools/cgiproxy
www.manageability.org/blog/stuff/open-source-personal-proxy-servers-written-in-java/view

Admin Access:
When all else fails, you can simply take over de PC and alter or delete de filter. This method varies accordin’ to de OS (operatin’ system) you are dealin’ with. Please see “Hackin’ Windows NT” for more information. If this tutorial has been taken from information leak, den I will go as far as to say it involves bootin’ de PC in anoder OS, copyin’ de SAM file and crackin’ it usin’ a program like saminside or LC5 rader than start a whole new topic within one.