[How To] Bypass Win7 Password, Decrypt Win7 Password HASH, & Lift Firefox Passwords

So, this took a while for me to put together, but it worked out good. Refer below for further resource. I will am tryin to get my hands on the v2.2 so I can post another Tut for Win8. Otherwise, this works good for Win7. Rock On!

Here, we will be bypassing the normal Windows 7 Password authentication and then extracting the SAM database password Hashes. We will also take a little scenic route and grab the saved passwords out of the Firefox browser.

Here are the items we will use:

-USB Drive (small is okay)
This will be the attack vector

This will write the Floppy image of Kon-Boot to the USB Drive.

-Kon-Boot Commercial Edition v2.0
I will not post illegal warez files, so you are going to have to find this one on your own. There be pirates.

-fgdump (fizzgig dump)
This will extract the SAM Password Hashes for Windows Users and we can take them with us.

-irongeek supplemental Kon-Boot files
We need these because of an issue v2.0 was having with booting on certain computers such as my own.

-Pre-Calculated NTLM Hash Tables:

Note: You can use the free version of 2.0, but it will only work on the following:
Microsoft Windows XP Home Edition (Service Pack 2+) 32/64Bit
Microsoft Windows Vista Home Basic 32Bit
Microsoft Windows Vista Home Premium 32Bit
Microsoft Windows Vista Business 32Bit
Microsoft Windows Vista Enterprise 32Bit
Microsoft Windows Server 2003 Standard 32Bit
Microsoft Windows Server 2003 Datacenter 32Bit
Microsoft Windows Server 2003 Enterprise 32Bit
Microsoft Windows Server 2003 Web Edition 32Bit
Microsoft Windows Server 2008 Standard 32Bit
Microsoft Windows Server 2008 Datacenter 32Bit
Microsoft Windows Server 2008 Enterprise 32Bit

  1. Put in your Thumb-Drive and format it to FAT.
  2. Disable your Anti-Virus.
  3. Start Unetbootin, make sure it is set on your USB Drive. Then choose the Kon-Boot Floppy disk image. Hit “OK”
  4. After unzipping, copy IronGeek files to USB and overwrite.
  5. Copy fgdump.exe to USB Drive.
  6. Boot victim PC with USB drive in.
  7. Go to BIOS settings and make sure it is set to boot from USB.
  8. Boot into Kon-Boot.
  9. Choose “1st Kon-Boot” (You may have to run this twice?)
  10. Then Choose “2nd Try boot from C: on HD1” (You may have to run “1st Kon-Boot” and then HD2, or HD3, etc if the first doesn’t work)
  11. Get to windows Login and you can put in any password, or leave it blank.
  12. When windows is done loading, open your USB drive, right-click on fgdump.exe and “Run as Admin” This will dump the Hash file into a file called
  13. Later on your own computer, you can open this with notepad and use the NTLM Hash Table Sites, or crunch your own Rainbow Tables.
Tagged , , , , , , , , , . Bookmark the permalink.

5 Responses to [How To] Bypass Win7 Password, Decrypt Win7 Password HASH, & Lift Firefox Passwords

  1. Serob says:

    Hi Peter.
    Tell me pls, is it possible to bypass win7 password without a restarting the OS in order to not closed the previously open programs, as Skype, webbrouser, etc.?


    • So… You want to get in to Windows… But you are already in Windows?
      I am guessing then, that you want to get into one of the other Users?
      Maybe you should just elevate your current User’s permissions… Or, extract the SAM Database?

  2. Serob says:

    It is not for mine. Yes I have hack Windows 7 with a Kon-boot on that computer, but it dropped all open programs before and I could not go on Skype for example. I want to extract the SAM code for obtain a password to gain access to that laptop after. Btw, I coulden’t extract SAM code on that laptop (ASUS K50AB), but on my laptop (ASUS K42J) I got it without problem. Both times I just used the fgdump only by reclick Run as administrator. Maybe I need to use second way (manual way, trough cmd), shown by you?
    And is there there some program that at hacking of windows did not close previously open programs on the computer (websites and Skype)?

  3. Serob says:

    Peter, finally I done it with Cain. Thanks for site. Good luck!

  4. Michaela says:

    Another software is PCUnlocker. It provides two options to access a locked machine: one is bypass the logon process like kon-boot, another is reset the password by modifying the SAM file.

Leave a Reply to Serob Cancel reply

Your email address will not be published. Required fields are marked *