Mark of Cain

Cracking Windows 10 Password

Edited: October 26th, 2019

I had to crack the password of a Windows 10 machine and found that most of the information is so old on the internet (pertains to XP and VISA or Win 7 but not Windows 10) that it leads to confusion rather than solutions. I was able to crack this Windows 10 password in a few hours.

Boot the Windows machine with a live linux CD or USB.

copy the file /windows/system32/config/SAM to the USB

copy the file /windows/system32/config/SYSTEM to the USB

Now reboot the Windows 10 machine. We will need to download the program mimikatz from github. Windows defender will report mimikatz as a virus; so you will need to suspend real time detection in windows defender.

With real time detection suspended, download the zipped mimikatz from github and then unzip the files.

Locate the folder that contains the unzipped files. Navigate into the x64 folder and execute the file mimikatz. (mimikatz\x64\mimikatz)

In the resulting command prompt enter the following:
lsadump::sam /system:\path\to\SYSTEM /sam:\path\to\SAM

The above command will output a 32 character hash of the password for the account in question.

Load the 32 character hash into the following online service and select the NTLM algorithm:

This is an online service that has far greater computing power than you will have at your disposal and as a result they should be able to process the hash in short order. (My hash was cracked in a little over 2 hours).

I watched this video source.

Windows Command Line Reference

Edited: February 27th, 2015

Here is a handy reference over at Micro$oft for the windows command line:
How to slurp all images from a css file:
wget -r -P ./temp -A jpg,gif,png

Programming Tips and Reminders

Edited: March 28th, 2011

Here will be a collection of programming tips -- for myself.  If you can benefit from them too that would be great!

This post is a reminder for me on how to do wildcard selection in jQuery.  It comes up more than you think and for some reason, I can never remember it.

<div id='pnlUsers'>div>
<div id='pnlMessages'>div>
<div id='pnlStatus'>div>

I can easily hide all the divs up by doing a wildcard selection on elements with an id starting with “pnl”, like this:



You can even narrow it to only divs like this:

How to fix the alert problem of result - object Object

 for (key in testObj){      alert ("testObj["+key +"] = "+testObj[key]);     }



for (key in e) {

//alert(key + " " + e);

if (key == "srcElement") {

for (key2 in e[key]) {

for (key3 in e[key][key2]) {

if (key3 == "id") {

alert(key3 + " " + e[key][key2]);






The following should be escaped if you are trying to match that character

\ ^ . $ | ( ) [ ]
* + ? { } ,

Special Character Definitions
\ Quote the next metacharacter
^ Match the beginning of the line
. Match any character (except newline)
$ Match the end of the line (or before newline at the end)
| Alternation
() Grouping
[] Character class
* Match 0 or more times
+ Match 1 or more times
? Match 1 or 0 times
{n} Match exactly n times
{n,} Match at least n times
{n,m} Match at least n but not more than m times
More Special Character Stuff
\t tab (HT, TAB)
\n newline (LF, NL)
\r return (CR)
\f form feed (FF)
\a alarm (bell) (BEL)
\e escape (think troff) (ESC)
\033 octal char (think of a PDP-11)
\x1B hex char
\c[ control char
\l lowercase next char (think vi)
\u uppercase next char (think vi)
\L lowercase till \E (think vi)
\U uppercase till \E (think vi)
\E end case modification (think vi)
\Q quote (disable) pattern metacharacters till \E
Even More Special Characters
\w Match a "word" character (alphanumeric plus "_")
\W Match a non-word character
\s Match a whitespace character
\S Match a non-whitespace character
\d Match a digit character
\D Match a non-digit character
\b Match a word boundary
\B Match a non-(word boundary)
\A Match only at beginning of string
\Z Match only at end of string, or before newline at the end
\z Match only at end of string
\G Match only where previous m//g left off (works only with /g)

Contact Email me at:

This is a temporary email address. Once you contact me, a permanent email address will be sent to you.

Feedback System

Feedback system to be put here. In the meantime please email me.