(Hiren's: Boot CD)
{ Offline NT/2000/XP/Vista/7 Password Changer }
| Section 0. Background Information |
- What is Hiren's Boot CD?
- Hiren's BootCD is a boot CD containing various diagnostic programs such as partitioning agents, system performance benchmarks, disk cloning and imaging tools, data recovery tools, MBR tools, BIOS tools, and many others for fixing various computer problems. It is a Bootable CD; thus, it can be useful even if the primary operating system cannot be booted.
- http://www.hiren.info/pages/bootcd
-
Lab Notes
- In this lab we will do the following:
- Download the Hiren's iso
- Boot Damn Vulnerable WXP-SP2 into the Hiren's Environment
- Use the Offline Password Changer to clear the Administrator's Password
- In this lab we will do the following:
- Pre-Requisites
- Instructions:
- This will work on Windows NT, 2000, XP, Vista and 7
- This lab uses the Damn Vulnerable WXP-SP2 Virtual Machine.
- Pre-Requisites: Lesson 1: Download and Install Firefox
- Pre-Requisites: Lesson 2: Download and Install 7-zip
- Damn Vulnerable Windows XP: Lesson 1: How to create a Damn Vulnerable Windows XP Machine
- Instructions:
- Legal Disclaimer
- As a condition of your use of this Web site, you warrant to computersecuritystudent.com that you will not use this Web site for any purpose that is unlawful or that is prohibited by these terms, conditions, and notices.
- In accordance with UCC § 2-316, this product is provided with "no warranties, either express or implied." The information contained is provided "as-is", with "no guarantee of merchantability."
- In addition, this is a teaching website that does not condone malicious behavior of any kind.
- You are on notice, that continuing and/or using this lab outside your "own" test environment is considered malicious and is against the law.
- © 2012 No content replication of any kind is allowed without express written permission.
| Section 1: Prerequisite |
- Open A Firefox Browser
- Notes:
- Login to the machine that has VM Player Installed.
- Instructions:
- Click on the Windows Start Button
- Type firefox in the search box
- Click on Mozilla Firefox
- Notes:
- Place Link in Firefox Browser
- Instructions:
- Place the following address in the
Firefox Browser
- http://www.hirensbootcd.org/files/Hirens.BootCD.14.0.zip
- Click OK to download
- Place the following address in the
Firefox Browser
- Instructions:
-
Navigate and Save
- Instructions:
- Navigate to the directory of your
choosing.
- In my case, E:\Hirens
- Click Save
- Navigate to the directory of your
choosing.
- Instructions:
- Open Download Folder
- Instructions:
- Tools --> Downloads
- Right Click on Hirens.BootCD.14.0.zip
- Click on Open Containing Folder
- Instructions:
- Extract Hirens
- Instructions:
- Right click on Hirens.BootCD.14.0.zip
- Mouse Over on 7-Zip
- Click Extract Here
- Instructions:
- View Results
- Note(FYI):
- Among other files you should see the
Hiren's ISO File.
- Hiren's.BootCD.14.0.iso
- Among other files you should see the
Hiren's ISO File.
- Note(FYI):
| Section 2: Configuring VMware to play Hiren's |
- Edit Virtual Machine Settings
- Instructions:
- Click on Damn Vulnerable Windows XP
- Click on Edit virtual machine
- Instructions:
- Configure CD/DVD (IDE)
- Instructions
- Click Configure CD/DVD (IDE)
- Check Connect at power on
- Click the radio button "Use ISO image file:"
- Click the Browse button and Navigate to the location of the Hiren's.BootCD.14.0.iso
- Click the Options Tab
- Instructions
- Configure Operating System Settings
- Instructions
- Click on General
- Guest operating system: Linux
- Version: Other Linux 2.6.x kernel
- Click on OK
- Instructions
- Start Damn Vulnerable WXP-SP2
- Instructions:
- Click on Damn Vulnerable WXP-SP2
- Click on Play virtual machine
- Instructions:
- Access the Boot Menu
- Instructions
- Once you see the below vmware screen, (1) Left Click in the screen and (2) press the <Esc> key.
- Note(FYI)
- Beginners please be patient, this might take a few times. <Grin>
- If you are super frustrated, you can slow down the VMWare Boot Screen by completing the following lesson.
- Instructions
- Boot from CD-ROM Drive
- Instructions
- Arrow Down to where CD-ROM Drive is highlighted
- Press <Enter>
- Instructions
| Section 3: Starting up the Offline NT/2000/XP/Vista/7 Password Changer |
- Select "Offline NT/2000/XP/Vista/7
Password Changer" (See Below)
- Instructions
- Arrow Down to Offline NT/2000/XP/Vista/7 Password Changer
- Press Enter
-
- Instructions
- Linux Kernel Boot options
- Instructions
- Press Enter.
- Instructions
- Partition Selection
- Instructions
- Type "1"
- Press Enter.
- Instructions
- Unclean File System Message
- Instructions
- Do you wish to force it (y/n) [n] y
- Press Enter.
- Instructions
- What is the path of the registry directory?
- Instructions
- [WINDOWS/system32/config] Just Press Enter
- Instructions
- Select which part of the registry to load
- Instructions
- Type "1"
- Press Enter.
- Instructions
- Select Hive
- Instructions
- Type "1"
- Press Enter.
- Instructions
- Type in the username that you would like to
reset.
- Instructions
- Type "Administrator"
- Press Enter
- Instructions
- User Edit Menu
- Instructions
- To clear the password, select 1.
- Press Enter
- Notes(FYI)
- You also have the ability to do the
following
- Set a new password
- Promote a user to an Administator
- Unlock Accounts
- You also have the ability to do the
following
- Instructions
- Reviewing Results
- Instructions
- There will be a message that says "Password cleared!"
- To quit the application, type "!"
- Press Enter
- Instructions
- Back to Loaded Hives Selection
- Instructions
- Type "q" to quit.
- Press Enter
- Instructions
- Writing back changes selection
- Instructions
- Type "y" to save changes.
- Press Enter
- Instructions
- New Run Selection
- Instructions
- Type "n" to quit
- Press Enter
- Instructions
| Section 4: Proof of Lab |
-
Proof of Lab Instructions
- Instructions:
- date
- Press <Enter>
- echo "Your Name"
- Replace the string "Your Name" with your actual name.
- e.g., echo "John Gray"
- Do a PrtScn
- Paste into a word document
- Upload to Moodle
- Instructions:
- Poweroff Operating System
- Instructions
- Type "poweroff"
- Press Enter
- Instructions
- CPU Disabled Message
- Instructions
- Click OK
- Instructions
- Poweroff Virtual Machine
- Instructions
- Virtual Machine --> Virtual Machine Settings --> Power Off
- Click Yes
- Instructions
| Section 5: Configuring your original VMware back to play Windows XP |
- Edit Virtual Machine Settings
- Instructions
- Select Damn Vulnerable WXP-SP2
- Select Edit Virtual machine settings
- Instructions
- Configure CD/DVD (IDE) Settings
- Instructions
- Select CD/DVD (IDE)
- Select the Use physical drive: Radio Button
- Select Auto detect
- Click on the Options Tab
- Instructions
- Configure Operating System Settings
- Instructions
- Select General
- Guest operating system: Microsoft Windows
- Version: Windows XP Professional
- Click on the OK Button
- Instructions
- Start Damn Vulnerable WXP-SP2
- Instructions:
- Click on Damn Vulnerable WXP-SP2
- Click on Play virtual machine
- Instructions:
| Section 6: Logging into Windows after password was cleared |
- Login as user administrator (See Below)
- Instructions:
- Remember you cleared the password, so leave the password field blank.
- Click on OK.
- Instructions:
| Section 7: Set Administrator's Password |
- Open Control Panel
- Instructions:
- Start --> Control Panel
- Instructions:
- Open User Accounts
- Instructions:
- Click on User Accounts
- Instructions:
- Open the Administrator Account
- Instructions:
- Click on Administrator
- Instructions:
- Select Create a password
- Instructions:
- Click on Create a password
- Instructions:
- Create a password for your account
- Instructions:
- Type a new password:
- Type the new password again to confirm:
- Click Create Password
- Instructions:
