# PC Password ## Day1 學理(win) --- ## Part1 : Ｗindows ---- ## Hash - 與原文無關 - 一對一結果 - EX:MD5、SHA系列... ---- ## Advanced Encryption Standard ## (AES) - 對稱式加密 - 用於取代DES --- ## Windows帳戶 - Local User - AD Domain ---- ## Active Directory ## (AD) - 遠端認證 - 組織管理 ---- ## windows登入驗證 - Local - Remote --- ## Security Account Manager ## (SAM) - 是一個物件(object) - 資料庫、log檔 - 開機自動加密 - 需要特殊權限 ---- ## SAM資料庫 - SAM_ALIAS：本機群組 - SAM_GROUP：不是本機群組的群組 - SAM_USER：使用者帳戶 - SAM_DOMAIN：網域 - SAM_SERVER：電腦帳戶 --- ## HiveNightmare - CVE-2021-36934 - Non-admin - Not Patched ---- ## HiveNightmare - Access Control List (ACL) - Volume Shadow Copy Service (VSS) - [Github](https://github.com/GossiTheDog/HiveNightmare) --- ## Day 2 : 實作 --- ## 準備VM - windows x1 - kali .iso x1 - linux x1 - ??? ??? x1 --- ## Bios - (Legacy / UEFI) Bios - Bootstrap (from CD-ROM) - Change/Delete SAM Obj ---- ## What is Bios? - Basic Input/Output System - Hardware Check - Read and Load OS - etc... ---- ## Legacy Bios - 16 bit CPU - Base-on MBR --Support 2TB(max) & 4 Partitions (max) ---- ## UEFI - Unified Extensible Firmware Interface - Base-on GPT --Support > 2TB ,18ET(max) & 128 Partitions(max) - Securer boot - Booting Faster than Legacy Bios --- ## Windows - Set Boot priority ```CD-ROM``` to first - boot with kali - change directory to ```/media/root/XXX/Windows/System32/Config``` - ```shell= #chntpw -l SAM #chntpw -u username SAM Select : [q] > 1 ``` - reboot windows --- ## Linux - Press 'Left Shift' when booting - select ```ubuntu``` press 'e' - Find out ``` linux /boot/vmlinuz-X.XX.X``` - Add 'single' at end of line - ctrl+x / F10 reboot - ```shell= #passwd Enter new UNIX passowrd : [pwd] Retype new UNIX passowrd : [pwd] passwd:password update successfully #reboot ``` --- ## ??? ??? # [Lazesoft](https://www.lazesoft.com/forgot-windows-admin-password-recovery-freeware.html) ---