Hi!                                                                                                         Last Updated: 9-Jan-2005

Features

Tutorials-

Articles-

Hack Windows-

Downloads-

Forum

The Forum-

Post Question-

Post Reply-

Total Posts: 1

FunZone

Goodies-

Game Reviews-

Jokes-

Join us-

Information

Website Info-

About Me-

Feedback

Send Feedback-

Bypassing The Login Password

User Rating: ««««½ (by 1 user)

For Windows 9x

Almost all multi-user operating systems have some method of authorizing the different users. The common method is the username—password pair. For every username, there is a unique password.  These passwords have to be stored on the hard disk. We will exploit this.

The password is never stored in plain text form. It is “encrypted” so that is become unreadable. The algorithm which Windows 9x uses to encrypt the password is a very weak algorithm and is quite easy to crack. The encrypted passwords are stored in PWL files in the Windows directory. Here is a PWL file taken from a system running Internet Explorer 5.0:

ã‚…–ÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿR                                                    ¥K{h‚1ÉupTt*b¬‰®NDËcd5â%\nhôädÐ<p–<ï°ú4ÔÍ�((¯dR5¹¥± iÑž˜[X_fo¶pÄßn2ŠÕmùPèòL"üÒŒS­Š¶Ó®é

I don't know what the first line signifies. My guess is that it is the name to which the computer is registered to. The next four lines a unreadable. The last two lines are the real password. It is almost impossible to decipher it by just looking at it. You can download the Glide code from the downloads page. Use it and get the password, effortlessly.

But you cannot take Glide everywhere, on all computer. So, you need to know a method to remove the password manually. This is really simple. All you need to do is remove the correct PWL file. Here it is:

The first thing you need to do is reach the MSDOS mode. This can be done by two ways. 1) The first is simply click Cancel when windows asks for the password and then open MSDOS from the start menu. 2) But incase the Cancel option is disabled, restart the computer. As soon as the “Starting Windows 9x” windows message pops up, press F8. Then, select option 7. You will reach MSDOS.

Now you need to know which usernames exist on the computer. This is done by typing the following commands in DOS (type only the bold italic part):

C:\>cd windows\Profiles\
C:\Windows\Profiles\>dir

A list of folders will be displayed. These are the users. Note these names. Note: Application Data, All Users, etc are also displayed. You must ignore them. Now comes the real part. Now that you know the user names, you can easily locate the PWL files and delete them. Type the following:

C:\Windows\Profiles\>cd ..
C:\Windows\>dir *.pwl

This will list all the password files. The name of these files can be at most of 8 characters (for example, if the username is mademoiselle, then the password file will have the name mademois.pwl.) You can simply delete this file. By typing:

C:\Windows\>del [username].pwl

Where [username] is the username of the victim. If you want to prevent your hack from being discovered, you may rename the files to any other extension. This can be achieved by typing:

C:\Windows\>ren [username].pwl [username].xyz

When you are about shutdown the system, you must again rename these files to the original file name by typing:

C:\Windows\>ren [username].xyz [username].pwl

This way, when the user returns, he will not come to know what happened! The password will be restored.

Utkarsh

Click Here to download the password remover and restorer (1 KB).

Rate this hack:
Terrible Satisfactory Neutral Good Excellent

Illegal copying of this website, or any part of this, will be considered a crime and will be prosecuted to the maximum extent possible under law.

Copyright © Utkarsh Sinha, 2004-2005. All rights reserved.