Forced Entry Software Company. Windows password reset and discovery

sesame Windows Password Recovery :: Introduction

sesame is a Windows based application that allows the user to change, reset or discover Windows passwords.

sesame allows you to load Windows registry hives and discover user account passwords stored in those hives. Password discovery can take a long time - depending on the length of the password and the types of characters used, discovery by trying every combination (brute-force) can take days.

Uniquely, sesame allows the user to inject a password of their own choice directly into the registry hive, thereby avoiding long discovery times as you can logon with a password of your own choice.

:: Method

Windows stores user names and passwords in the Windows registry. The registry is simply a few files on your hard disk, these are stored in your [windows]/system32/config folder; the files we are interested in are called SAM and SYSTEM.

sesame allows you to view and edit these files.

The SAM file stores the user names, password hashes (irreversibly encrypted) and other information about the users account.

The SYSTEM file contains information that sesame uses to remove the SYSKEY protection. SYSKEY was designed by Microsoft to try and prevent applications like ours from working. It adds a further layer of strong encryption onto the SAM file to make it harder to extract the hashes. We were one of the first companies to release a commercial, easy to use way of cracking SYSKEY.

Unfortunately while Windows is running, these files are not accessible. You will be able to see them but Windows will not allow you to open or modify them. There are several ways of overcoming this:

To aid evaluation we've included an example SAM and SYSTEM file with the trial download. Click 'Import from Registry Hives' and look in the \examples folder.
(Guaranteed results) remove the hard-disk from your target machine and mount it in a different PC. Use that PC to read off the above files and load them into sesame. Conveniently, some manufacturers supply USB to IDE converters that can simplify this task. (Try usb-ware's or the one's at direct usb store. Please note we take no responsiblity for the quality or content of sites out of our control).
(Requires local administrator rights) sesame can read the password hashes directly out of the registry. You can then use sesame to force the passwords or inject your own passwords.
We're working on sesame_seed. A linux based boot CD that you can boot your target machine from. You can then use sesame to remotely control the target via the supplied high-speed USB 2.0 link - including file recovery, password injection/discovery, and more.

:: Process

The process to break a Windows user account is as follows:

Obtain the SAM and SYSTEM file (see notes above).
Run sesame, go to 'File/Import from Registry Hives' and select the SAM file. If the SYSTEM file is in the same path it will be found automatically, if not you'll be asked to locate it. Alternatively, if you want to read the hashes from the local machine, select 'File/Import from Local Machine'.
A screen similar to the one below will appear. This shows all the user accounts on the system, whether the account has been disabled (for example, by someone entering the wrong password too many times), and password and hash information:

As far as passwords are concerned, you have three options. You can a) remove the password altogether, you can b) set the password to a password of your choice, or you can c) attempt to discover the existing password. to do this, click one of the '...' buttons on the account your interested in. the following dialog will appear:

Blanking and setting passwords occurs instantly and require you to select 'Apply Changes' when you go back to the main screen - this will write the new passwords back into the SAM file or the registry.

:: Password discovery

We have developed highly optimized hash routines - hand written in assembly for maximum performance. However, there are literally trillions of combinations for just medium strength passwords so it can takes days to find a match.

Our MD4 algorithm reaches speeds of up to 10 million password per second, depending on the PC hardware being used.

When sesame finds the correct password it will be displayed in plain text on the main screen.

:: Password reset (blank password or set password)

Password reset is preferable to discovery if possible as there are no delays. If all you need is to logon to the target machine then this is fine. If, however, the target machine contains EFS encrypted files (this is the built in Windows encryption, right-click a file->go to Properties->Advanced->click 'Encrypt contents to secure data') then these will be lost by resetting the password with sesame.

We are working on a solution to this, but at present the advice is to use password discovery in this situation.

:: Trial version

We recommend you download a trial version of sesame before considering a purchase.

The following restrictions exist on the trial version:

You can load files, blank and set passwords but you cannot save out the modified SAM file.
You can discover passwords but only the NT password (you can not discover the LAN manager password), and only up to seven characters in length.

download trial

Please take time to evaluate the software. You can contact us at info@forcedentrysoftware.com if you have any queries.

:: Full version

The full version has no limits. You can load, modify and save SAM files. You can discover both LAN manager and NT passwords up to 14 characters or 32 characters in length respectively.

This version costs only $99. Pay via the paypal link below and we'll email the software to you within 24 hours.

:: Awards

sesame has won many awards - some through download sites (as below) but many are from our customers.