Need help with Knoppix STD

[hilowe]

OK, here's my problem. I have a Winblows 2000 machine that I have two administrator accounts setup on. One is mine, the other is my wifes. I encrypted two folders on my computer under my login. Now, for some reason, my password is not working. I cannot login under my account, but I can under my wifes account. I saw something a while back on The Screensavers about hacking your Winblows password. They suggested using Knoppix STD to load onto the computer, and use the "LinuxNTFS Shell" to get access to the physical harddrive. Once that's done, save the SAM file onto a removable disk, and then use a couple of other programs to brute force hack the winblows password.

My problem is, I have downloaded and burned Knoppix to a CD, and it boots, but I can't find anything called a LinuxNTFS shell. I tried viewing the C drive from one of the shells that I could find (don't remember which one), and it told me that there was no C drive installed.

So I need to know what the shell is called that I need, and the commands so that I can find and copy the SAM file onto a floppy disk. I know where the file is located in Winblows, but can't copy it in Winblows.

Any help would be greatly appreciated on this. I need the files that are in these folders for school.

Thank you.

 

[hilowe]

Thanks Oberjaeger, but I don't think that those are going to work for me. The first website you linked to has a warning that if anything is encrypted, then you won't be able to use it until you remember the password. The second one I don't quite understand how it works. It makes a iso image of your computer taht needs to be burned to a cd, is that right? If so, I think I would still need to remember my password because of the encrypted files that I need.

I also realized after I posted that I should be able to change the password on one administrators account from another administrator's account. Tried that, and after a little looking, realized I hadn't set my wife's account up as an administrator. Hers is a power users account.

 

[gruntwerk]

Have you tried CAIN, it maybe able to get the password for you...

see : http://www.oxid.it/cain.html
dont you have a regular administrator account on the machine.

 

[hilowe]

gruntwerk, I do have a regular administrator account. The one I typically logged in under, and can't get into now.

I'd never heard of CAIN before, but it looks like it will work. I'll give that a try. (Damn, knew I should have posted for help before trying it on my own.)

 

[Shakie]

I am going to assume that when you say you encrypted them, you used EFS and if that is the case, then you HAVE to have the orginal password.

You can use Knoppix STD/LinuxNTFS Shell to gain access to the *.pwl file and then "erase" the password, boot back up and make the password anything you'd like. But this will not work for the encrypted files because only the orginal password will be able to match the hash algorithim.

There are, however, software tools out there that can crack the *.pwl file and give you access to the original file, but, I can not (and will not- so don't PM me) give you that information. You need to do some "underground" searching. PS. The good software that can do this will take anywhere from 10 minutes to several weeks/months to crack the *.pwl file.