Throughout this article I will teach you how to use Lost Door, a Windows RAT, to control and monitor a victim’s computer remotely.

Disclaimer: Coder and related sites are not responsible for any abuse done using this software.

Follow the steps below to setup a server for Lost Door.

• Download Lost Door from here . (Update: In case the given download link doesn’t work, use this secondary download link. The password to unzip this file is “ehacking.nethungry-hacker.com” without double quotes.)
• On executing the download file, you will see the following screen. Accept it

• After it is open, right click on the window and click on create server

• Now enter your IP address and DNS here. Leave the rest of the field as it is.

• Now click on the ‘Options’  tab and choose the options as you want. To activate an offline keylogger is a good practice.

• Now go to ‘Advanced’ Tab. There will options related to spreading. This will be used in case you have more than 1 victim.

• Now just go to the ‘Create’ tab and click on create server. Your server is ready for use now and now send it to the victim.

Sending the server file to your victim

This is the most important thing after you have created your server file. If you want to take control on a single computer than you have to send this server file to the desired victim but if you want to affect more and more people than you have to use some spreading techniques.

• If you have physical access to the victim’s computer then take the server file in a pen drive and just double click on your server file once you have injected the pen drive into that computer.
• For those who don’t have physical access can use social engineering in order to get the victim execute that file on his computer.

Using Spreading to affect multiple victims

If you have more than one victim, then you have an option of using spreading technique. You might think that by creating multiple server files you can control multiple users. But here is a secret about spreading. When you select the spreading option, the server file will act as a worm which will spread itself across different computers via Email or any other channel. So your burden will be only to get one victim to execute that file on his computer, the remaining job of getting other victims will be done on its own.

About The Author

This post is written by an Irfan Shaeel An Ethical hacker and Penetration tester, Irfan blogs At his blog Ehacking.net

A lot of eyes have been on Adobe since last week, when yet another remote code execution vulnerability affecting Flash Player, as well as Adobe Reader and Acrobat, was announced. Worse yet, the bug was discovered in the wild, meaning it posed an immediate threat to users.

Earlier this week, the company revealed plans to release a patch by June 10, a promise it met yesterday by shipping the first stable version of Flash Player 10.1. This release marks the end of the 10.0.x branch, as well as the end of support for PowerPC G3, 10.1.53.64 being the last version to work on this architecture.

The Security Bulletin accompanying the release names no less than 32 security issues that the new Adobe Flash Player 10.1.53.64 addresses. The vast majority of these vulnerabilities can facilitate arbitrary code execution and affect Adobe AIR as well – for which a new version (2.0.2.12610) was also released.

The Adobe Flash Player update is only available for Windows, Mac and Linux operating systems, with the Solaris version being still in the beta stage of development. A new version for the 9.0.x branch, namely 9.0.277.0, has also been released, to accommodate scenarios where upgrading to 10.1 will break functionality.

Flash Player 10.1 has been a long-awaited release, mainly because it introduces GPU hardware acceleration, a feature that takes the load off CPUs during HD SWF playback, finally allowing for such content to be properly watched on netbooks and other low-performance devices. The video-streaming experience has also been improved, the player automatically adapting the stream quality in real time according to network conditions.

The latest version of Adobe Flash Player 10.1.53.64 can be downloaded from here.

The older version of Adobe Flash Player 9.0.277.0 can be downloaded from here.

The latest version Adobe AIR 2.0.2.12610 for Windows can be downloaded from here.

A new attack on a Flash bug has surfaced that would give attackers control of a victim’s computer after crashing it, reports PC World. Adobe put out a Security Advisory about this on June 4. It is categorized as a critical issue and all operating systems with Flash are vulnerable including Windows, Linux, and Apple and it is also found in the recent versions of Reader and Acrobat.

Affected Versions

The affected versions are Adobe Flash Player 10.0.45.2, 9.0.262, and earlier 10.0.x and 9.0.x versions for Windows, Macintosh, Linux and Solaris. Adobe Reader and Acrobat 9.3.2 and earlier 9.x versions for Windows, Macintosh and UNIX. The versions that avoided being affected are Flash Player 10.1 release candidate, link available in the Adobe security advisory, and Acrobat/Reader version 8.x.

Current Situation

The attack isn’t widespread in the wild yet, Adobe has only received two reports of online attacks. Of course the attack is new and may just be starting to ramp up. Adobe will update the advisory when a schedule has been determined for creating a fix.

How to avoid it?

Until the fix is ready, Adobe has advised the Flash users that they should use the 10.1 release candidate to avoid attack where as Acrobat and Reader 9.x users can downgrade to version 8 or deleting, renaming, or removing access to the authplay.dll file that ships with Adobe Reader and Acrobat 9.x mitigates the threat for those products, but users will experience a non-exploitable crash or error message when opening a PDF file that contains SWF content. The authplay.dll that ships with Adobe Reader and Acrobat 9.x for Windows is typically located at C:\Program Files\Adobe\Reader 9.0\Reader\authplay.dll for Adobe Reader or C:\Program Files\Adobe\Acrobat 9.0\Acrobat\authplay.dll for Acrobat.

Create a System Rescue CD

Use an uninfected computer and download the System Rescue CD ISO file (latest version) from sysresccd.org. Now burn this ISO to a blank CD.

Start the rescue

After the ISO is written to CD, take it out, pop the CD into the drive of the computer that’s busted. Set the BIOS to boot through the CD first, hard disk next. And allow it to reboot.

You should see this beautiful System Rescue startup screen. Type these options after the boot: prompt and press ENTER.

rescuecd docache dostartx dodhcp

The docache option allows you to remove the System Rescue CD after it boots up, so you can enter another blank CD/DVD and take backups.

The dostartx option starts GUI automatically.

The dodhcp opiton automatically configures the network and connects you automatically to the Internet after booting.

Load the appropriate keymap when prompted (or just select the default US keymap).

It should start GUI automatically. In case it doesn’t, type startx at the command line and press ENTER.

Your desktop should have a terminal with a yellow background. We need to mount the partition and then do the backup.

Your Windows partition will most likely be located in /mnt/sda1 or /mnt/sda2. To check the partitions, run this:

fdisk -l /dev/sda

It should show you the partition names.

Then, to mount partition 1, run this:

ntfs-3g /mnt/sda1 /mnt/windows

If it mounts correctly, you should be able to see the files in your C:\ directory when you type:

ls -al /mnt/windows

Backing up your data to a CD/DVD

Now, to begin backing up your data, type this:

xfburn

The Xfburn program will show you a list of your partitions. Browse to the Windows partition(s) using the Filesystem menu option on the top-left and select all the files you need. Click on New Data Composition. Insert a blank CD or DVD and allow to burn all your data to the CD/DVD.

Backing up your data to a remote location

This is easier if you love using the command line. First, make sure the network is up by pinging to google.com

ping google.com

If it throws up an error, you have to run this to configure your network interface:

net-setup eth0

If you want to transfer the files in the directory C:\work to your remote server myremoteserver.com as user hungryhackers

The directory C:\work would be located in /mnt/windows/work. This command will transfer the directory:

scp -r /mnt/windows/work hungryhackers@myremoteserver.com

Enter the password for user hungryhackers and the file transfer will begin.

I know that its been very long since I have posted anything for you. So first of all I am really very sorry this delay but I assure you that from now  on it won’t be like that. And to make up for this delay I am posting a nice tutorial which can help you secure your private stuff.

Do you have any private stuff that you would to hide from your friends and relatives? Would you want it to be Invisible so that it remains unnoticed by the normal users? But there are software which can display all the folders that are present on the Disk. So What if you can even  password protect your folder? I guess having your private folder password protected as well as invisible should be secure enough. But you might think that you may need to have a software for that. Well here is a way to do that without using any additional software and you can show off in front of your friends by making their folders invisible as well as password protected. Here is is step by step procedure to create a password protected folder.

How to create a Password Protected Folder

1. Create a new folder (Right-click -> New -> Folder) and give it any name of your choice. For instance I name it as ABC.

2. Now in this folder place all the important files, documents or any folders that you want to password protect.

3. Now Right-click on this folder (ABC) and select the option Send To -> Compressed (zipped) Folder.

4. Now a new compressed zipped folder gets created next this folder (ABC) with the same name.

5. Double-click on this compressed zipped folder and you should see your original folder (ABC) here.

6. Now goto the File menu and select the option Add a password.

ie: File -> Add a password

Now a small window will pop up and here you can set your desired password. Once the password is set, the folder will ask for the password every time it is opened. Thus you have now created the password protected folder.

How to make it Invisible

1. Now Right-click on this password protected folder and select Properties.

2. At the bottom select the option Hidden and press OK. Now your folder gets invisible (hidden).

3. In order to unhide this folder go to My Computer – >Tools -> Folder options. Switch to View tab, scroll down and under Hidden files and folders you’ll see the following two options

• Do not show hidden files and folders
• Show hidden files and folders

Now select the second option and press OK. Now the invisible folder becomes visible in it’s location. To access it you need the password. To make it invisible again repeat step -1 through step-3 and select the first option and click OK. Now the folder becomes invisible once again.

I hope you like this post. Pass your comments!! Cheers

UNetbootin can be used on either Linux or Windows. In this article, we’ll be illustrating it for Both.

Note: Not all USB installations will work on all machines. This can be an issue with your BIOS or your USB drive. If you install an OS that doesn’t work, try another. But after all that work, you might wind up with a machine that simply won’t boot from a USB drive. You have been warned.

Using UNetbootin with Linux

1. The first thing to do is download a copy of UNetbootin. For our purposes we’ll download the Linux universal install binary (named unetbootin-linux-299). Once that has finished you will need to issue the Following command in order to make the file executable.
   

   chmod u+x unetbootin-linux29

2. Once the file is executable issue the following command (from the same directory unetbootin-linx-299 is stored) to see the application running.
   

   su ./unetbootin-linux-299

3. But you’re not ready just yet. Depending upon your distribution, you might come across an error involving p7zip-full. This might be in your distribution’s repositories. If you use Mandriva you can install p7zip but you will not have the full package. If you use Ubuntu you can get p7zip-full with the following command
   

   apt-get install p7zip-full

4. Before you run the application you will need to insert and mount your usb drive. Stick in your usb drive and then issue the following command to find out where your usb drive is located.
   

   dmesg

5. Mount that and then issue the following command. When you issue the command you will see the UNetbootin window.
   

   su ./unetbootin-linux-299

   

6. Once this window is up and running you are almost there. If you have very specific needs for your distribution you will most likely have an image file downloaded to use. If you do not you can select your distribution from the drop down list. First you select the distribution and then you select the version (or release). Note: Unless you have a very large USB drive you will most likely want to use a netinstall version of your distribution. If you do happen to have a large USB drive you can go ahead with a full distribution. If this usb drive is for rescue purposes, or just to have a version of Linux with you at all times, a distribution like PCLinuxOS Minime is a greate choice.
7. Once the process is done you will have two buttons to click, Reboot and Exit. Don’t bother with the Reboot button. Click the Exit button and UNetbootin will close. You can now unmount your drive and reboot your machine to see if the installation works.Note: When your machine boots you will need to make sure it first boots from the USB device.

Using UNebootin with Windows

1. Download UNetBootin for Windows.
2. Download your favorite Linux ISO (Don’t ask me from where just Google it).
3. Now Start the Unetbootin.



4. Click the Disk Image radio box and browse to select Linux ISO.
5. Now set your target USB drive and click OK to start the creation UNetbootin Live USB Creation from an ISO.
6. Once the UNetbootin installer has completed, click Reboot. Now UNetbootin installation is finished.
7. Set your system BIOS or boot menu to boot from the USB device and enjoy your favorite Live Linux on USB.

In simple language Ghosted Devices, commonly known as Hidden Devices, are those devices that were once connected to the system but are no longer connected. Windows however keeps a copy of them inside the Device Manager and tries to find these devices on system startup, thus reducing the startup speed(often negligible) in some cases.

As an example, lets consider a mouse that you borrowed from a friend, after using it you returned him the next day. When it was first connected, Windows installed the required drivers and when it was removed, Windows marked it as ‘Ghosted Device’. Now since you will probably never use this mouse again, it makes sense to remove it.

The common way of removing the device is to go to Device Manager, view hidden devices, right-click the device(s), hit Uninstall, and wait. Since it can be confusing at some times, this is where GhostBuster comes in. It is a portable tool that can list all Ghosted and Normal devices in one simple list and allows you to remove them in one click.

Please note that these “Ghosted Devices” can be useful as well and is one reason why Windows never looks for drivers every time you connect the device.

Suppose you connect a mouse after a few months after borrowing from a another friend and it turns out to be the same mouse that you borrowed from a friend before. Upon connecting it, you will be able to use the mouse instantly since Windows will not need to re-install the drivers. In layman’s term, the Ghosted device will become activated instantly and thus will not require driver installation again.

Note: Windows has some devices that are ghosted but should NEVER be removed(like devices in the sound, video and game controller class or system and non plug-n-play devices), GhostBuster marks them down as services. Make sure you know which device you are removing, consider this a warning.

It works on Windows XP, Windows Vista, and Windows 7. If you are using Vista or 7, go to Properties and run it in Windows XP compatibility mode.

Download GhostBuster

How does this work?

Before I tell you how to hack the software and make it run in the trial mode forever, lets understand how this software works

When these softwares are installed for the first time, they make an entry into the Windows Registry with the details such as Installed Date and Time, installed path etc. After installation every time you run the software, it compares the current system date and time with the installed date and time. So, with this it can make out whether the trial period is expired or not.

So with this being the case, just manually changing the system date to an earlier date will not solve the problem. For this purpose there is a small Tool known as RunAsDate.

RunAsDate is a small utility that allows you to run a program in the date and time that you specify. This utility doesn’t change the current system date, but it only injects the date/time that you specify into the desired application.

RunAsDate intercepts the kernel API calls that returns the current date and time (GetSystemTime, GetLocalTime, GetSystemTimeAsFileTime), and replaces the current date/time with the date/time that you specify. It works with Windows 2000, XP, 2003, Vista and 7. It works with 32 bit and 64 bit versions.

To Run your Software Forever follow these Steps Carefully

You have to follow these tips carefully to successfully hack a software and make it run in it’s trial mode forever.

1. Note down the date and time, when you install the software for the first time.

2. Once the trial period expires, you must always run the software using RunAsDate.

3. After the trial period is expired, do not run the software(program) directly. If you run the software directly even once, this hack may no longer work.

4. To avoid any chances of runnung the software program directly, you can delete its shortcut from the desktop and create a new shortcut using runasdate and place it on the desktop.

5. It is better and safe to inject the date of the last day in the trial period.

For example, if the trial period expires on jan 30 2010, always inject the date as jan 29 2010 in the RunAsDate.

Note: This software won’t work with Anti virus as they run in Background.

I hope this helps! Please express your experience and opinions through comments.

If you’re an avid Twitter user, chances are you’re using one of these Twitter Desktop Applications that basically allow you to receive and post Tweets from your desktop. Meaning, you don’t have to visit your Twitter.com page from time to time to find out  what’s new about your Twitter friends. If you haven’t used a Twitter desktop application before, well this might be the right time to do so. We’ve picked best of the Twitter Desktop Applications available for you to use.

Some of the Twitter clients mentioned here are based on Adobe AIR so you may use them on Linux and Mac as well. Let’s dive in.

1. Blu (Native Windows Twitter Client)

Blu in one word is beautiful. Powered by WPF, Blu showcases your Twitter timeline inside an animated and colorful interface. With Blu, you can reply to your Tweets inline so you don’t lose the current view. Then you can scroll unlimitedly so you can easily see older tweets without having to click anything. But the best part is this – if you see a message in your Twitter stream that is in reply to another tweet, you can click this message to see the original tweet that started the whole conversation. Few Drawback are it doesn’t support multiple Twitter accounts, you cannot follow your lists in Blu, there’s no option to search tweets yet it’s impressive.

2. Destroy Twitter

DestroyTwitter, an Adobe AIR powered Twitter desktop client, is again very popular for its minimalistic but innovative interface. The unique thing about Destroy Twitter is its support for themes – you can either download ready-made themes or use the online theme-builder to create one that matches your taste. DestroyTwitter uses impressive transitions when switching from one screen to another and it’s probably the only desktop client that lets you edit your own Twitter profile. Then there’s support for Twitter trends so that you can know what’s hot on Twitter without having to visit the Twitter site. Destroy Twitter is lightweight and extremely fast. You can also configure the application so that it always stays on top of other applications.

3. DigiTweet

An open source desktop Twitter applications for Windows.  Through Windows Presentation Foundation, DigiTweet provides Twitter functionalities with rich user interface. It’s notable features include search facility for finding other twitter users as well as Twitter contents, and a friends list for viewing  Twitter users you are following and who are following you.

4. Digsby

The beloved IM, email notification, and social networking application also does Twitter, but it’s only available for PCs at the moment. On the social networking side, Digsby pulls in Facebook, MySpace, Twitter, and LinkedIn so you can get a more complete view of what’s happening across your entire social presence.

5. Mixero

AIR powered Mixero is aimed at reducing noise and making it easier for you to keep track of updates that could be more important to you. It offers advanced filtering so you can hide spammers from your Twitter stream (based on usernames or even stop-words), and lets you arrange those you follow into groups that are integrated with Twitter lists. You can preview images from Twitpic, Flickr, YouTube video frames, etc. directly in your timeline. Another good feature in Mixero is “Conversations” – you can click the bubble (speech) icon next to any tweet to find all other previous tweets that may part of that conversation.

6. Mitter

Mitter is a simple crossplatform Twitter client with a clean and fully customizable interface. It supports  docking on systray. It can be easily  integrated with GNOME desktop. Additionally, it offers a console client.

7. PeopleBrowsr

The desktop version is just as complicated and feature-rich as the web app (you’ll need to log in to the website to find the download link in lower right-hand corner) only if you can afford it (But they are giving it for Free till 4th Jan 2010 so Hurry up!). With PeopleBrowsr you get a full-featured Twitter app that is bloated with features like export, sort by Twitter name or number of followers, map or gallery views, stats on stacks (which are like columns), an aggregate view of tweets across stacks, simultaneous posting to other services, quick access to a number of different filters, and so much more. And we haven’t even begun to discuss the integrations with every popular social site on the planet. Even though the light mode is a little easier, this app is better left to extreme power users. Plus all those features seem to really slow it down.

8. Seesmic Desktop for AIR

Seesmic Desktop is the original Adobe AIR powered Seesmic app, and it works with Twitter as well as Facebook (including Facebook Pages). With Seesmic Desktop, you can mark individual tweets as spam, follow new people and unfollow (or even block) other people from your timeline. When sharing images on Twitter, you can either upload images from the desktop or capture a picture right from your webcam. Although Seesmic Desktop will run on any operating system, it uses a Mac OS style UI which doesn’t look that good on a Windows desktop. The best part about Seesmic Desktop is its support for Facebook Pages – you can post new messages or even moderate comments on pages that you own.

9. Seesmic for Windows

Launched during Microsoft PDC ‘09, Seesmic for Windows is a beautiful desktop client for Twitter with a slightly translucent and tabbed interface. Seesmic for Windows can handle multiple Twitter accounts – you can get a combined timeline or look at your @replies, direct messages and sent messages for individual accounts separately. You can post the same update /link /photo to one or more Twitter account simultaneously. This is a native Windows application and doesn’t require Adobe AIR.

10. SharedMinds Desktop

The interface of SharedMinds Desktop for Windows is inspired by Outlook 2007 – you can even change themes from Sliver to Blue as in Microsoft Office. The similarity doesn’t end here – you navigate tweets just like you move across records in an Access database. What’s unique about SharedMinds Desktop is the integrated browser – if there’s a link inside a tweet, you can read the corresponding web page directly inside the Twitter client without having to launch a separate tab in your browser. However, you cannot share pictures and other files with this app.

11. Snitter

This is an Adobe AIR powered Twitter client compatible for Windows. Snitter offers auto updates tweet list, recent list of tweets, 20 most recent items in your timeline, 20 most recent replies,  20 most recent direct messages and more. Further, it has options for viewing and filtering the followers.

12. Sobees for Windows

Sobees offers a fresh interface and allows you to choose your own layout for different social services. Sobees includes an anti-spam feature that will let you block certain words from appearing in your Twitter stream. You can run Sobees on any Windows computer as long as it has .NET installed.

13. Spaz

Spaz is an free open source Twitter client with attractive design and high customizability. Some of its key features include directory listing of users, built in global search, short URL creation tool, markdown syntax support and user-defined CSS overrides. Spaz also offers multiple themes and supports the user defined themes. Additionally, Spaz comes with debugging and development tools.

14. TweetDeck

One of the most popular Twitter apps, TweetDeck is great for managing all your favorite social services including Twitter, Facebook, LinkedIn and MySpace from one place. Its multicolumn interface not only allows you to keep up with all your social accounts but also with Twitter lists and any custom searches that you may have saved inside Twitter. With TweetDeck, you can see a very detailed profile of any Twitter user, you can follow (or unfollow) users and even put them in any of your Twitter lists. TweetDeck supports inline translation so you can easily read foreign language tweets that may appear in your Timeline or search results. If you work across multiple computers, you can setup an account at TweetDeck and that will save you from the hassle of having to configure Tweetdeck on every single computer. And if you are no big fan of Twitter’s retweet function, you can opt for the classic version of “retweet” (RT).

15. Tweetr

A lesser known simple app, Tweetr is beautiful Adobe AIR based app that doesn’t support multiple accounts, and isn’t right for power users, but might be just perfect for lightweight Twitterers. You’re not going to get columns, groups, search, or filters, but you can share files and take photos with your web cam.

16. TweetyBot

This is most simplistic Twitter desktop application for Windows. TweetyBot includes some exquisite features. It features a number of tabs with options for tweet, replies, directs and more. In addition, this Twitter client allows you to manage the Tweets. One of its best features is the Alert list tab. It provides pop-up alerts when your favorite twitterers update their status.

17. Twhirl from Seesmic

Twhirl is a quick and easy-to-use Twitter client with a minimal yet beautiful UI. You can even choose your own color schemes and font styles for the UI. Unlike heavy-weights like Seesmic or TweetDeck, Twhirl doesn’t offer loads of features but if all you need is a way to quickly post status updates on your Twitter timeline, this could be a good choice. Twirl also offers integration with other less-common networks such as identi.ca and FriendFeed, and lets you cross-post updates to other social networks via Ping.fm. Twhirl is from Seesmic, the same company the develops previously mentioned Seesmic Desktop for AIR and Seemsmic for Windows.

18. Twitteroo

Twitteroo is a feature-rich Twitter client for Windows. This exclusive twitter client provides you with Twitter notifications, URL shortening and viewing friends timeline or public timeline. Browse to Twitter user page or personal websites.

19. Twunami

20. Witty

Witty is a free open source Twitter client for Windows. It is powered by Windows Presentation Foundation(WPF). This Twitter client allows you to view status updates, replies, specific user’s timeline, twitter status, response to direct messages and more. It provides the links to open the users default browser. The new messages are highlighted with yellow fade technique. The beta version is also available.

Its always useful to have a PC Inventory Software, to keep track of all my software keys.

Windows

Windows being very popular has a lot of programs available which can be used to hack the login password. One of the most successful  program is Ophcrack, and it is free. Ophcrack is based on Slackware, and uses rainbow tables to solve passwords up to 14 characters in length. The time required to solve a password? Generally 10 seconds. The expertise needed? None.

Simply download the Ophcrack ISO and burn it to a CD (or load it onto a USB drive via UNetbootin). Insert the CD into a machine you would like to gain access to, then press and hold the power button until the computer shuts down. Turn the computer back on and enter BIOS at startup. Change the boot sequence to CD before HDD, then save and exit.

The computer will restart and Ophcrack will be loaded. Sit back and watch as it does all the work for your. Write down the password it gives you, remove the disc, restart the computer, and log in as if it were you own machine.

You can download OphCrack from the following link:

http://ophcrack.sourceforge.net/

Linux

Linux is an operating system which is quickly gaining popularity in mainstream, but not so common that you’re likely to come across it. Though Mac and Linux are both based on Unix, it is easier to change the password in Linux than it is OS X.

To change the password, turn on the computer and press the ESC key when GRUB appears. Scroll down and highlight ‘Recovery Mode’ and press the ‘B’ key; this will cause you to enter ‘Single User Mode’.

You’re now at the prompt, and logged in as ‘root’ by default. Type ‘passwd’ and then choose a new password. This will change the root password to whatever you enter. If you’re interested in only gaining access to a single account on the system, however, then type ‘passwd username’ replacing ‘username’ with the login name for the account you would like to alter the password for.

Mac

Finally we take on Mac’s OS X which as we said earlier is based on Unix and is difficult to change password compared to Linux but nothing is  impossible to be hacked.

The easiest method would be to use Ophcrack on this also as it works with Mac and Linux in addition to Windows. However, there are other methods that can be used, as demonstrated below.

If the Mac runs OS X 10.4, then you only need the installation CD. Insert it into the computer, reboot. When it starts up, select UTILITIES > RESET PASSWORD. Choose a new password and then use that to log in.

If the Mac runs OS X 10.5, restart the computer and press COMMAND + S. When at the prompt, type:

fsck -fy

mount -uw /

launchctl load /System/Library/LaunchDaemons/com.apple.DirectoryServices.plist

dscl . -passwd /Users/UserName newpassword

That’s it. Now that the password is reset, you can login.