Here is the Tutorial how recover forgotten password of xp,vista, win 7?

(1)First you have to boot from another O.S like ubuntu, back track or any other which come in live cd format.Run O.S from cd.( you can also run O.S from pendrive ,it`s faster than cd)

(2)Copy "sam" & "system" file from this location C:/WINDOWS/SYSTEM 32/CONFIG (this files contain your password in NTML hash form) and save it in your pendrive.

(3)Now  We Want to get hashes from this file , there are different types of software available based on O.S. For windows i recommended  you "sam inside" .It`s easy to use. Download from here.

(4)Now you need other computer to run this file ,because it`s windows compatible program, so copy this "sam" & "system" file &this program in pendrive.

(5)Now open pendrive in your friend`s computer who has windows . Unzip sam inside & run the program.

(6)Now Import sam & system file in this software. it will show you username & passwords in hashes  form.

(7)now next step is to crack hashes. for this purpose you can use tools or online hash cracker.HERE is the   LIST OF ONLINE HASH CRACKER.(please view NTML HASH CRACKER).If you cannot crack online you should use tools like john the ripper , cain & able etc.

BUT IF YOU CANNOT DO THAT , THEN EASY WAY IS DOWNLOAD Ophacrack iso file form here. Burn into a cd and reboot pc. IT will do automatically for you.
If you run a .exe file with wine and see The file '/home/[username]/example.exe' is not marked as executable. If this was downloaded or copied form an untrusted source, it may be dangerous to run.For more details, read about the executable bit.or anything like that then: This tutorial is for you!

EDIT: (Actually, this will work on any linux computer but in fluxbox when you right-click on the .exe file and go to the permissions tab there is no mark as executable checkbox [for me] So we have no other choice but to do it via terminal)

The only thing we have to do is mark it as executable. [which will be explained below]

I will take the example of example.exe

It is located in /home/[username]/Downloads

First, I will go to home/[username]/Downloads or whatever the folder is

If you did this (go to the folder) with a file manager then (after you are in the folder where the .exe file is present) right click on an empty space on the folder---> then click open in terminal.

A terminal should pop up.

in the terminal type ls

just to see if your file is there. If it isn't then you are not in the correct folder. NOTE: The file should NOT have any spaces. If it does then go back to the folder where it is and right-click it and click Rename then delete the spaces then continue:


chmod 544 example.exe

(Replace example.exe with your .exe file)

Now go to the .exe file with your file manager. You should see a lock on it. This means that it is executable.

Click on it. It will open! If it doesn't then either the file can't be opened by wine or you need to upgrade your wine version

And that's the end of the tutorial!

Nmap is a powerful scanner available in Unix/Linux system. It’s very usefull for network exploration and security auditing. It was designed to rapidly scan large networks, although it works fine again single hosts.

It’s very easy to install nmap in Ubuntu, just download from the internet.

sudo apt-get install nmap

In this practice, I used 2 computer.

PC-01, IP = (OpenSuse 10.1) with Kernel

PC-02, IP = (Ubuntu Feisty)

I run nmap from Ubuntu to scan PC-01.

IP Scanning with range – nmap -sP
Starting Nmap 4.20 ( ) at 2007-10-16 21:51 WIT

Host appears to be up.

caught SIGINT signal, cleaning up

IP Scanning With Range –

Sudo Nmap -SP

Starting Nmap 4.20 ( ) at 2007-10-16 21:53 WIT

Host appears to be up.

Host appears to be up.

MAC Address: 00:0D:88:B3:72:F3 (D-Link)

Nmap finished: 255 IP addresses (2 hosts up) scanned in 31.242 seconds

Port Scanning With Range Port 100 – Port 139

Sudo Nmap -P100-139

Starting Nmap 4.20 ( ) at 2007-10-16 22:06 WIT

Interesting ports on

Not shown: 38 filtered ports


113/tcp closed auth

139/tcp open netbios-ssn

Nmap finished: 1 IP address (1 host up) scanned in 24.914 seconds

For 40 ports, it took almost 25 seconds, so it will take much longer if you want to scan from 1-65535 (all ports in a computers).

Scanning Operating System On Target IP

Sudo Nmap -O

Starting Nmap 4.20 ( ) at 2007-10-16 22:20 WIT

Interesting ports on

Not shown: 1693 filtered ports


80/tcp open http

113/tcp closed auth

139/tcp open netbios-ssn

445/tcp open microsoft-ds

MAC Address: 00:0D:88:B3:72:F3 (D-Link)

Device type: general purpose|specialized|WAP|storage-misc

Running (JUST GUESSING):Linux 2.6.X|2.4.X (97%), Atmel Linux 2.6.X (91%), Siemens linux (91%), Linksys Linux 2.4.X (89%), Asus Linux 2.4.X (89%), Maxtor Linux 2.4.X (89%), Inventel embedded (88%)

Aggressive OS guesses: Linux 2.6.13 – 2.6.18 (97%), Linux 2.6.11 – 2.6.15 (Ubuntu or Debian) (93%), Linux 2.6.14 – 2.6.17 (92%), Linux 2.6.17 – 2.6.18 (x86) (92%), Linux (X86) (92%), Linux 2.6.15-27-686 (Ubuntu Dapper, X86) (92%), Linux 2.6.9-42.0.2.EL (RedHat Enterprise Linux) (92%), Linux 2.6.9 – 2.6.12 (x86) (92%), Atmel AVR32 STK1000 development board (runs Linux (91%), Siemens Gigaset SE515dsl wireless broadband router (91%)

No exact OS matches for host (test conditions non-ideal).

Network Distance: 1 hop

OS detection performed. Please report any incorrect results at .

Nmap finished: 1 IP address (1 host up) scanned in94.942 seconds

Nmap Faster Execution

If you want to make faster scan, use-T4option on nmap command..

$Sudo Nmap -A -T4

Starting Nmap 4.20 ( ) at 2007-10-16 22:42 WIT

Interesting ports on

Not shown: 1693 filtered ports


80/tcp open http Apache httpd 2.2.0 ((Linux/SUSE))

113/tcp closed auth

139/tcp open netbios-ssn Samba smbd 3.X (workgroup: HOME)

445/tcp open netbios-ssn Samba smbd 3.X (workgroup: HOME)

MAC Address: 00:0D:88:B3:72:F3 (D-Link)

Device type: general purpose|WAP|specialized|storage-misc|broadband router

Running (JUST GUESSING) : Linux 2.6.X|2.4.X (97%), Siemens linux (93%), Atmel Linux 2.6.X (92%), Inventel embedded (89%), Linksys Linux 2.4.X (89%), Asus Linux 2.4.X (89%), Maxtor Linux 2.4.X (89%), Netgear embedded (87%)

Aggressive OS guesses: Linux 2.6.13 – 2.6.18 (97%), Siemens Gigaset SE515dsl wireless broadband router (93%), Linux 2.6.11 – 2.6.15 (Ubuntu or Debian) (93%), Linux 2.6.15-27-686 (Ubuntu Dapper, X86) (93%), Atmel AVR32 STK1000 development board (runs Linux (92%), Linux 2.6.14 – 2.6.17 (92%), Linux 2.6.17 – 2.6.18 (x86) (92%), Linux (X86) (92%), Linux 2.6.9-42.0.2.EL (RedHat Enterprise Linux) (92%), Linux 2.6.9 – 2.6.12 (x86) (92%)

No exact OS matches for host (test conditions non-ideal).

Network Distance: 1 hop

OS and Service detection performed. Please report any incorrect results at .

Nmap finished: 1 IP address (1 host up) scanned in 58.830 seconds
If you want to send email from your friend`s email address then you can use following services. keep in mind that it`s not actually send email from your friend`s mail address ,but the person who receive email  see your friend`s email address in sender

Above all  is my favourite because it provide some advance option like email-header, reply to,cc etc.

You can also send from your cmd ,but for that purpose you need S.M.T.P server name  of your I.S.P. so use above services only for fun .

Domain hijacking is a process by which Internet Domain Names are stolen from it’s legitimate owners. Domain hijacking is also known as domain theft. Before we can proceed to know how to hijack domain names, it is necessary to understand how the domain names operate and how they get associated with a particular web server (website).

The operation of domain name is as follows
Any website say for example consists of two parts. The domain name( and the web hosting server where the files of the website are actually hosted. In reality, the domain name and the web hosting server (web server) are two different parts and hence they must be integrated before a website can operate successfully. The integration of domain name with the web hosting server is done as follows.

1. After registering a new domain name, we get a control panel where in we can have a full control of the domain. 

2. From this domain control panel, we point our domain name to the web server where the website’s files are actually hosted.

For a clear understanding let me take up a small example.

John registers a new domain “” from an X domain registration company. He also purchases a hosting plan from Y hosting company. He uploads all of his files (.html, .php, javascripts etc.) to his web server (at Y). From the domain control panel (of X) he configures his domain name “” to point to his web server (of Y). Now whenever an Internet user types “”, the domain name “” is resolved to the target web server and the web page is displayed. This is how a website actually works.
What happens when a domain is hijacked

Now let’s see what happens when a domain name is hijacked. To hijack a domain name you just need to get access to the domain control panel and point the domain name to some other web server other than the original one. So to hijack a domain you need not gain access to the target web server.

For example, a hacker gets access to the domain control panel of  “”. From here the hacker re-configures the domain name to point it to some other web server (Z). Now whenever an Internet user tries to access “” he is taken to the hacker’s website (Z) and not to John’s original site (Y).

In this case the John’s domain name ( is said to be hijacked
How the domain names are hijacked

To hijack a domain name, it’s necessary to gain access to the domain control panel of the target domain. For this you need the following ingredients

1. The domain registrar name for the target domain.

2. The administrative email address associated with the target domain. 

These information can be obtained by accessing the WHOIS data of the target domain. To get access the WHOIS data, goto, enter the target domain name and click on Lookup. Once the whois data is loaded, scroll down and you’ll see Whois Record. Under this you’ll get the “Administrative contact email address”.

To get the domain registrar name, look for something like this under the Whois Record. “Registration Service Provided By: XYZ Company”. Here XYZ Company is the domain registrar. In case if you don’t find this, then scroll up and you’ll see ICANN Registrar under the “Registry Data”. In this case, the ICANN registrar is the actual domain registrar.

The administrative email address associated with the domain is the backdoor to hijack the domain name. It is the key to unlock the domain control panel. So to take full control of the domain, the hacker will hack the administrative email associated with it.

Once the hacker take full control of this email account, he will visit the domain registrar’s website and click on forgot password in the login page. There he will be asked to enter either the domain name or the administrative email address to initiate the password reset process. Once this is done all the details to reset the password will be sent to the administrative email address. Since the hacker has the access to this email account he can easily reset the password of domain control panel. After resetting the password, he logs into the control panel with the new password and from there he can hijack the domain within minutes.

How to protect the domain name from being hijacked

The best way to protect the domain name is to protect the administrative email account associated with the domain. If you loose this email account, you loose your domain.. Another best way to protect your domain is to go for private domain registration. When you register a domain name using the private registration option, all your personal details such as your name, address, phone and administrative email address are hidden from the public. So when a hacker performs a WHOIS lookup for you domain name, he will not be able to find your name, phone and administrative email address. So the private registration provides an extra security and protects your privacy. Private domain registration costs a bit extra amount but is really worth for it’s advantages. Every domain registrar provides an option to go for private registration, so when you purchase a new domain make sure that you select the private registration option.
Telnet: the Number One Hacker Tool

In this Guide you will learn:
·         What is telnet?
·         How to telnet
·         How to get telnet accounts <begin11c.shtml>
·         Why you might not want to telnet <begin11c.shtml>
·         How to install a telnet server on your home Windows computer <begin11c.shtml>
·         How to turn off a telnet server on your home Linux computer <begin11d.shtml>
·         How to explore computers using telnet <begin11d.shtml>
·         Why not use a portscanner instead? <begin11f.shtml>
·         How to break into web sites using telnet <begin11f.shtml>
"Where do I type that command?" People ask that all the time when they read my early Guides to (mostly) Harmless Hacking. I wrote those guides back when the Internet was in its infancy and almost everyone in cyberspace used telnet. However, nowadays you might never even hear about telnet, much less use it, unless you are a hacker. So if you are still wondering about telnet, today is your lucky day.

What Is Telnet?
Telnet is a protocol that is most commonly used to log into a remote computer. It also is the single most powerful hacking tool on the planet. With just a telnet client program, you can:
·         send email
·         download source code from web sites
·         send unexpected input to webservers that can give you amazing and sometimes illegal results
·         give arbitrary input to many other services on Internet host computers
·         probe the services offered by servers, routers and even people's home computers.
How to Telnet
Don't know how to telnet? Click the easy telnet links at and land in the middle of a real hacker wargame! This should work regardless of your computer operating system -- if you have an up to date browser, if your online service provider gives you a true Internet connection, and if your computer is able to telnet at all.
Did those links get you into a telnet session? Were you able to login to a remote computer? If yes, congratulations.
If not, how can you fix the problem? If no telnet program appeared on your monitor when you clicked these links, perhaps your browser is too ancient to allow telnet. Try installing the latest Netscape browser (<>). Or, perhaps your operating system does not include a telnet program. In that case, install or reinstall Windows 95 or 98. If you own a Mac, get the superb Mac OS X or Linux PPC (<>).
If a telnet program came up and failed to connect, possibly the computer you were trying to telnet into was down or just plain no longer in existence. Or, you may be using America Online (or a similar extremely poor online service). If so, your simplest solution may be to get a better online service provider. Determined to hack using AOL? See <../aol.shtml> for some ways to make AOL give you a true Internet connection.
OK, so you've managed to telnet for the first time. Presumably you don't want to limit yourself to telnet links on web sites. How do you telnet anywhere you want to go?
If you have Linux or any other type of Unix (BSD, SCO, Solaris, Sun OS, Irix, Ultrix, etc.) telneting is easy. Just bring up "console" or "shell" (or whatever your GUI calls the command line interface). At the prompt type:
telnet <hostname or IP address>
More on Telnet: the Number One Hacker Tool
Windows 2000 works pretty much like Unix. See Figure 1 for an example of a Win 2000 telnet login. Not shown on the screen was the command "telnet", which I gave at the Command (MS-DOS) prompt.
Figure 1: Telnet using Windows 2000
If you have Windows 95, 98 or NT, to telnet, bring up the MS-DOS prompt (Start --> Programs --> MS-DOS). 

Click "connect" then "remote system…". In the host name box place the host name or IP address of the computer to which you wish to telnet. Leave the Port and Term Type boxes alone for now.
Here is a really important point. Every day people email me complaining that some computer won't let them telnet into it. They ask what they are doing wrong. They aren't doing anything wrong:
·         Maybe the computer they are trying to reach no longer exists.
·         Maybe the computer they are trying to reach doesn't allow telnet logins. For example, no longer allows telnet logins on port 23 (the default port). Click here to learn how to telnet into on the right port for that particular server. <../whois.shtml>
·         Maybe a firewall is blocking them.
·         Or maybe they make a telnet connection and the remote computer asks for a user name and password they don't have. Then they email me asking for how to get a login name and password that will work.
Newbie note: The owners or administrators of any Internet host computer decide who gets user names and passwords. Believe it or not, about once a week someone emails me asking what user name and password their own online service provider has assigned them for a telnet login. That's why I'm telling people the obvious -- if you want to telnet into any computer, and you don't have a user name and password, you must ask the owner, administrator of tech support for that system for a user name and password. If they won't give that to you, they don't want you to have it!
You can go to jail warning: If you guess the user name and password, or use a computer breakin technique to get or create them, or if someone other than an owner or administrator or a legitimate user on that system gives you a user name and password, it is against the law to use them. Many computer criminals give out user names and passwords that they obtained illegally.
How to Get Telnet Accounts
OK, so you want to get legal user names and passwords so you can telnet into other computers. Here are some of the best ways:
·         See <../links2.shtml> for organizations that will give you free shell accounts. You can telnet into these.
·         Ask Internet Service Providers for shell accounts. Some offer them, although most don't.
·         Set up a telnet server on your own computer (see instructions below). Yes, once you are running a telnet server, you can telnet from your computer back into your computer. Simply give the command "telnet".
·         Make friends with people who run Internet computers with telnet servers.
Why you May Not Want to Telnet
If you love your shell account server, don't ever, ever telnet or ftp into it. I recommend Ssh or Openssh for logging into remote computers? The telnet (and ftp) protocol is a "clear text" transmission. That means that computer on the same LAN as either You or your destination computer, or any computer on any LAN or network path through which your connection passes can steal your login name, password or anything else that goes across your connection. Ssh and OpenSsh encrypt all communications so no one can snoop on you.
How to Install a Telnet Server on your Windows Computer
Usually you can't telnet into a Windows home computer. The reason is, they aren't running telnet servers. Here's how to get a telnet server on your home Windows computers so your friends and you can telnet in and play.
For Windows NT, the Options Pack includes a primitive telnet server.
For Windows 95/98/NT and 2000, you also can install shareware or commercial telnet servers. Check out, or do a web search.
Of course installing a telnet server makes your computer vulnerable to all sorts of trouble from hackers. It's your funeral, don't come crying top me if a telnet visitor destroys your computer
How to Turn off a Telnet Server on your Unix-type Computer
If you go online with Linux or other Unix-type computer, a telnet server is the easiest way to ensure you get destroyed by a malicious hacker. Here's how to prevent this. On most of these, the file /etc/inetd.conf launches most of your servers. Edit the file to put a "#" in front of the line that has telnet in it and either reboot your computer or kill and restart inetd.
If your computer doesn't use inetd to launch services, you should be able to find telnetd under /etc/init.d.
Install ssh instead and only use that to log into your shell account.
How to Explore Computers Using Telnet
Even if a computer doesn't have a telnet server, there are lots of fun and even legal things to do to it using telnet. The easiest thing to do is extract "banners" from a victim computer. A banner is a message a computer will often give when you telnet to a port that is running an Internet server of some sort.
For example, most mail sending servers use port 25. To telnet to port 25 from Win 2000 or a Unix shell, simply type:
telnet <hostname or IP address> 25
Windows 95, 98 and NT make it a tiny bit harder.
A quick search of the Bugtraq archives at <> revealed horrid things a criminal could do to that Mercur mail server. Since I think it is more fun to be nice, I told someone at the company using this mail server about the problems. He invited me to vacation at his beautiful Swiss home, where he and his wife keep horses and take long trail rides in the Alps. Golly, that is much more fun than breaking into a computer!
Right about now some elite ueberhaxorz are probably reading this and saying "What a lamer Meinel is! We can do the same thing by running nmap."
They are right, you can learn the same things by running a port scanning program such as nmap (available at <>). However, I am quite careful about under what circumstances I run any port scanner. In order to get information on what programs are running on what ports, you must run a port scanner in a mode that will probably convince the owner of the victim computer that you are a criminal. He or she may persuade your online service provider to cancel your account.
The other reason to analyze computers using telnet is that you learn more. It's the difference between eating at McDonalds and learning how to cook.
How to Break into Web Sites Using Telnet
You don't have to use a web browser to access files on a web site. All you need to do is:
telnet <victimcomputer> 80
Or specify port 80 in a Windows telnet.
If you are using Windows 95/98/NT, whenever you are NOT logging into a telnet account, you should enable local echo. Otherwise whatever you type in (unless you are in a telnet account) will not show on the screen. To enable local echo, click Terminal --> Preferences --> Local Echo.
So how do you send stuff back to the webserver? Try this:
GET / HTTP/1.0
<your command here>
What kinds of commands can you send? The book Hackproofing Your Network <../bookstore/general.shtml> (by Ryan Russell of and Stance Cunningham) suggests a fun and harmless hack. Create and store a bogus cookie in the location on your web browser that stores cookies. (Find it by searching for the file "cookies.txt".) Name your bogus cookie something like "MyBogusCookie." Then telnet to the victim webserver and give something like this command:
GET / HTTP/1.0
User-Agent: HaveABogusCookieThisIsAJoke 123.4
Cookie: /; MyBogusCookie
The Ãœberhacker! -- How to Break into Computers <../uberhacker/index.shtml> book details a number of serious attacks you can perform through sending funny input to a webserver. Basically, you need to learn how to write shell programs, and then find ways to get them to be run by the webserver. I'm not going to explain them here, however. These attacks, when carried out against a vulnerable webserver, are so easy that little kids could do them, and I don't want to be responsible for their behavior. It's much harder for little kids to get a hold of Russell's and my books than it is for them to read this GTMHH on the Happy Hacker website.
So are you dying to know what to send a webserver in order to break into it, without having to buy a book? Here are some hints. How to do this will depend on what webserver it is, what operating system it runs on, whether its security weaknesses have been fixed, and whether the web designer has used things such as Common Gateway Interface (CGI) or Server Side Includes (SSIs) that have weaknesses in them.
You will have to research these issues at Web sites that archive vulnerabilities and exploits such as <> and <>. You will need to study web site programming (HTML -- hypertext markup language, CGI and SSIs) and shell programming. You will need to learn webserver commands (documented at<>). You will have to use your brain and be persistent.
But at least if you come across a telnet exploit, now you know the answer to the question "where do I type that command?"