Tools you will need:

• 1GB or bigger USB key (or a CD and CD burner)
• Another any size USB key
• Any distribution of Linux. I used Pendrive Linux and a USB key but any combination will work.
• A computer on which to do all the installing and other work
• The computer for which you want to retrieve the password
• Rainbow table program Ophcrack
• A 700MB rainbow table (if the password is more complex you can use a bigger one. More on that a bit later)

I will write this tutorial as if you are using Pendrive Linux and USB, but you can easily port this method to CD/DVD or other variants. Below is the step by step tutorial on what exactly you need to do.

• Format your USB stick and set the filesystem to FAT32 while formattting. If the Linux won’t work with FAT32 try FAT.
• Download Pendrive Linux from HERE
• Using Winrar or another extraction program, extract the contents of Pendrive Linux into the root of your newly formatted USB drive
• When it finishes extracting, open the USB directory, and open the file makeboot.dat. This will make your USB drive bootable
• Your USB is ready for booting. Plug it into the computer you want to find the password for. Reboot/Start the computer
• When booting, make sure you select USB as the boot device. This is different for every BIOS, so you will just have to figure it out yourself. It’s sometimes F9, F8, or Del key, but it could by something else
• Wait for Pendrive linux to finish booting. You will arrive at the main screen.
• Open the window that allows you to see all storage devices on the computer. One of the them will be the hard drive, open it and navigate to C:\Windows\system32\config/
• Stick your other USB key into the computer, and copy all the files from this directory onto another directoy on your USB key. You can ignore the systemprofile directory, you don’t need it.
• Just to be safe and make sure you have the files you need, you can also copy the contents of C:\Windows\repair to another folder on your USB Key. This is just in case the other files don’t work, but most likely they will.

OK, you are now finished with copying the system files. What’s stored in the /config/ directory is all the passwords that are saved on the current computer, but they are encrypted, so we need a way of decrypting them. It would take forever to bruteforce, so what we will use is Rainbow Tables. These are pregenerated hashes, so what the computer will do is check the hashed version of the password from the file and compare it with the table. Of course, the bigger the table the more possibilities it has, and also it’s faster. Now it’s password-cracking time

• Download Ophcrack. It will allow us to crack the passwords.
• Download this 700MB rainbow table
• If the password is not alpha-numeric and contains special characters, you will need a bigger table. What I recommend is to download a 35 GB rainbow table from a torrent. The torrent is available from HERE. Make sure you download the right now, or otherwise that’s a lot of bandwidth wasted!
• Open up Opcrack and click the Tables icon. Point to your tables directory and click Install
• Click the Load icon, and select “Encrypted SAM”. Now point the tree view to the directory to which you dumped all the files from the system32\config directory
• Click crack and wait a little. If the passwords are complicated it might take longer. After it finishes, it presents you with all the passwords stored for this computer!

If it didn’t work, it might be because you are using the alphanumeric table and the password has non alphanumeric characters. If you Download the 35 GB table there is a much higher chance you will be able to crack the password! Also, it might be possible that the passwords are salted, in which I think you are out of luck, since a salt makes it really hard to decrypt the hash. Still, try the method and see what you come up with! You now have administrator access to the machine! I hope you enjoyed reading, and that you learned something. Also, remember that this is for educational purposes only, don’t use it for criminal activities! Also, sorry for no pics, maybe I”ll come up with some a bit later!

Schools in certain states in America want to introduce fingerprint scanners in cafeterias to increase the lunch period. Using a 6 digit number was troublesome for a lot, and it shortened the lunch break which in some schools is only 20 minutes long. The schools’ idea is that by using a fingerprint scanner lines would move more quickly and the students could enjoy a longer lunch break.

The information system here is biometric devices and their use. At the beginning of the year, all the children would have their fingerprints scanned and put into the school system. Then, when in a lunch line, what a child would have to do is just put their index finger on a small biometric reader. The picture of the person and other personal data would be pulled from the school server and would pop up on the cashier’s screen.

This development raises the ethical issue of privacy. Even though schools have a legal binding with the government that they can’t release any personal data, a lot of parents are infuriated by this new idea. One of them commented it as being Orwellian, and that he believes that this data might be compromised by 3rd parties. While the schools believe that this would be a great improvement, parents are scared about their children and no one should blame them. No one would want the personal data of their children seen by people who were never meant to see it.

A possible area of impact of this is the education system along with the children in it. If the system is not implemented, the children will have to stand more time in a line, have less free time during lunch which could possibly demoralize them for the next class. The impact on the school would be such that everything would be much more simplified, and no one would have to go through the trouble if they forgot their student ID. They would have their fingerprint with them for payment. Other stakeholders apart from the children and schools include the parents who are terribly nervous about their children’s privacy, and the biometrics companies, for which schools are slowly becoming good customer of.