Sometimes, human being is a little weird. You won’t get the thing
that you urgently need. So have a coffee, take a snap or even come back
after a few days, you may found that you suddenly ‘remember’ your
Windows password.
Method 2: Try No Password Administrator Login Backdoor
In Windows XP (not Windows Vista, Windows 7, Windows 8, Windows 8.1,
Windows 10 or later, as in these new Windows OS, Administrator account
is not enabled by default), there is built-in Administrator user
account, that has administrative credentials, enabled by default, and
without any password to protect the account from been accessed. If you
didn’t change this Administrator’s password, then try to
sign in to Windows XP without password.
Method 3: Reset password from another user account with administrator credentials
If you cannot log on to Windows by using a particular user account,
but you can log on to another account that has administrative
credentials, follow these steps on how to do the trick:
- Log on to Windows by using an administrator account that has a
password that you remember. For Windows XP, you may need to start in
Safe Mode (initiate by pressing F8 during bootup).
- Click Start, and then click Run.
- In the Open box, type control userpasswords2, and then click OK.
- Click the user account that you forgot the password for, and then click Reset Password.
- Type a new password in both the New password and the Confirm new password boxes, and then click OK.
Method 4: LOGON.SCR password reset trick
LOGON.SCR changing administrator or domain admin password hack works
on Windows NT 4.0 and some versions of Windows 2000. The simple trick
uses Cmd.exe (Command Prompt) as screen saver that triggered by system
when idle, allowing users to
access to command prompt as screensaver to change password.
Method 5: Do-It-Yourself (DIY) third party recovery tool
There are a lot of tools and utilities that can be downloaded and
used to recover, reset, retrieve or reveal existing password. These
password reset or retrieval utilities, free or paid, are usually a Linux
boot disk or CD that able to comes with NT file system (NTFS) drivers
and software that will read the registry and rewrite the password
hashes, or can brute force crack the password for any user account
including the Administrators. The advantage is that there is no fear of
leaking your password to outsiders, while the process requires physical
access to the console and a floppy, DVD or CD drive, or USB port with
USB flash drive, depending on which tool you choose. And it’s not easy,
although it always work!
Offline Windows Password & Registry Editor
(also known as Offline NT Password & Registry Editor) – Available
as bootdisk or bootable CD or USB Drive image which contains things
needed to reset the passwords on most systems, Offline Windows Password
and Registry Editor works to change or reset password of any users on
32-bit (x86) and 64-bit (x64) Windows NT 3.51, Windows NT 4, Windows
2000, Windows XP, Windows Server 2003, Vindows Vista, Windows Server
2008, Windows 7, Windows Server 2008 R2, Windows 8, Windows Server 2012,
Windows 8.1, Windows Server 2012 R2, Windows 10, Windows Server 2016 or
possibly later. It can also detect and offer to unlock locked or
disabled user accounts.
Offline
Windows Password & Registry Editor does not support EFS encrypted
files. If password is reset on users that have EFS encrypted files, and
the system is XP or newer, all encrypted files for that user will be
UNREADABLE and cannot be recovered unless you remember the old password
again.
Download Links:
cd140201.zip (~18MB) – Bootable CD image and can be used to make bootable USB drive.
usb140201.zip (~18MB) – Files for USB install.
bd080526.zip (~1.1MB) – Bootdisk image for floppy disk
drivers1-080526.zip (~310K) – Disk drivers (mostly PATA/SATA).
drivers2-080526.zip – Disk drivers (mostly SCSI).
chntpw – Essentially the same Offline Windows
Password & Registry Editor as above, but compiled as package for
various Linux distributions such as ALT Linux, Arch Linux, CentOS /
RHEL, Debian, Fedora, Mageia, OpenMandriva, ROSA, Slackware and Ubuntu.
chntpw is useful if you already have a Linux live CD on hand, such as
Ubuntu Live CD, where you can boot up to a Linux desktop or terminal,
then edit or reset the password for user account with “chntpw -i sam”
where sam is the sam file copied from %WinDir%/System32/config folder.
chntpw is included in many Linux distributions, or available for repository. Alternatively, search for it
here.
Hiren’s BootCD
– Hiren’s BootCD is a boot disk utility that packs various utilities in
to a package, including the Offline Windows Password & Registry
Editor. If you have Hiren’s Boot CD, you can boot up with it, and enter
“Offline NT/2000/XP/Vista/7 Password Changer” to start resetting the
password.
Download Link:
Hiren’s BootCD 15.2:
Hirens.BootCD.15.2.zip
Trinity Rescue Kit
– Trinity Rescue Kit or TRK is a free live Linux distribution that aims
specifically at recovery and repair operations on Windows machines, but
is equally usable for Linux recovery issues. Similar to Hiren’s Boot
CD, Trinity Rescue Kit’s password resetting tool, winpass, is actually
just an automated script for the chntpw (Offline Windows Password &
Registry Editor) tool, which allows you to reset the passwords of any
local account in Windows 8, 7, Vista and XP.
To start resetting password of Windows account in Trinity Rescue Kit,
choose “Windows password resetting” option after booting up with
Trinity Rescue Kit via CD/DVD, USB flash drive or over network via PXE.
Download Links:
Trinity Rescue Kit 3.4 Build 372 (iso format):
trinity-rescue-kit.3.4-build-372.iso
Trinity Rescue Kit 3.4 Build 372 (executable self-burning):
trinity-rescue-kit.3.4-build-372.exe
Password Renew
– Password Renew is a utility to set or reset the passwords of any user
which has a valid local account, create a new local user with
administrator rights, set administrator rights to existing user on your
NT system, or reset local administrator password on the PC that is in
domain, using NULL Administrator password feature.
In order to use Password Renew, you must create and boot with
WinPE/BartPE bootable live windows CD/DVD, which can be created by
downloading the
PE Builder.
Download Link:
Password Renew 1.1 Beta:
renew_1.1-BETA.cab
John the Ripper password cracker
– John the Ripper is a fast open-source password cracker based on
dictionary attack with a wordlist currently available for many flavors
of Unix (11 are officially supported, not counting different
architectures), Windows, DOS, BeOS, and OpenVMS. Its primary purpose is
to detect weak Unix passwords. Besides several crypt(3) password hash
types most commonly found on various Unix flavors, supported out of the
box are Kerberos AFS and Windows NT/2000/XP/2003 LM hashes, plus several
more with contributed patches.
Download link:
John the Ripper 1.7.9 for Windows
John the Ripper 1.8.0 (sources, tar.xz)
John the Ripper 1.8.x extra charset files archive (sources, tar.xz)
John the Ripper 1.7.9-jumbo-5 for Windows
John the Ripper 1.8.0-jumbo-1 (sources, tar.xz)
John the Ripper 1.7.9-jumbo-7 (sources, tar.bz2)
EBCD – Emergency Boot CD
– EBCD is a bootable CD, intended for system recovery in the case of
software or hardware faults. It is able to create backup copies of
normally working system and restore system to saved state. It contains
the best system software ever created, properly compiled and configured
for the maximum efficient use. Features are such as copy files from
unbootable volume, recover master boot record of HDD, recover deleted
file, recover data from accidentally formatted disk and floppy disk.
EBCD also includes function to change password of any user, including
administrator of Windows OS without the need to know the old password.
In short, the self-contained Emergency Boot CD bootable OS on live CD has the following features:
- File Manager: Backup and restore files without Windows (has full support for Unicode and NTFS)
- Windows Password Wizard: Restore access to your PC when you forgot the password for Windows user account
- Registry Tools: Registry Editor (edit Registry even if Windows is not bootable) and Registry
- Defragmenter (reorganize Registry in such way that logically
adjacent data is located physically nearby, so Registry works faster).
- Mount & Boot Center: Fix various boot problems and reassign drive letters outside of Windows.
- Partition Manager: Create, format, delete and wipe partitions;
backup partitions to image files, restore them back, and copy
partition-to-partition.
Note
Demo
version of EBCD can only read from fixed disks, it can’t write to them.
Although it can write to USB thumbdrives and other removable media.
Download link:
Emergency Boot CD 1.4g:
ebcd-latest-demo.zip
EBCD (Old Versions):
EBCD Lite 0.6.1 (free) |
EBCD Pro 0.6.1
Ophcrack
– Windows password cracker using time-memory trade-off on LM and NTLM
hashes based on rainbow tables and supports Windows 7, Windows Vista,
XP, 2003 and NT. This tool allows you to retrieve existing password.
RainbowCrack
– Crack Windows password using time-memory trade-off cryptanalysis
based on rainbow tables. Unless you already has dumped the hash for your
Windows password (by using PWDUMP utility), else this utility is for
hacker as it provides no way to retrieve the password hashes when you
unable to access to your computer.
L0phtCrack
– L0phtCrack (also known as LC5 when it’s version 5 or now LC6 for
version 6) is a password auditing and recovery application by using
dictionary, brute-force, and hybrid attacks. Originally produced by
Mudge from L0pht Heavy Industries, and was produced by @stake after the
L0pht merged with @stake in 2000. Support and sales has been
discontinued by Symantec from end of 2006, after it acquired @stake in
2004. However, in January 2009, L0phtCrack was acquired by the original
authors Zatko, Wysopal, and Rioux from Symantec, with L0phtCrack 6
announced on 11 March 2009 at the SOURCE Boston Conference. L0phtCrack
supports Windows XP, Windows Vista, Windows 7, Windows 8, Windows 8.1,
Windows 10, Windows Server 2003, Windows Server 2008, Windows Server
2008 R2, Windows Server 2012, Windows Server 2012 or later.
So you probably need a crack that lists below. If you unable to sign on to your computer, you probably can’t use this.
Features of L0phtCrack:
- Runs On Windows XP and higher. Operates on networks with Windows NT,
2000, XP, Server 2003 R1/R2, Server 2008 R1/R2, on 32- and 64-bit
environments, as well as most BSD and Linux variants with an SSH daemon.
- Provides a password scoring metric to quickly assess password quality.
- Supports pre-computed password hashes dictionary for speedy password audits.
- Imports and cracks Unix password files.
- Has a built-in ability to import passwords from remote Windows,
including 64-bit versions of Vista, Windows 7, and Unix machines,
without requiring a third-party utility.
- Scheduled routine audit scans.
- Offers remediation assistance to system administrators on how to
take action against Windows accounts that have poor passwords. Accounts
can be disabled, or the passwords can be set to expire from within the
L0phtCrack 6 interface.
- Improved and updated Vista/Windows 7 style UI.
- Real-time reporting that is displayed in a separate, tabbed
interface. Auditing results are displayed based on auditing method, risk
severity, and password character sets.
- Displays password risk status in four different categories: Empty, High Risk, Medium Risk, and Low Risk.
- Displays the completion of all four methods L0phtCrack 6 uses: Dictionary, Hybrid, Precomputed, and Brute Force.
- Reports the completion of the various character sets being audited,
including, Alpha, Alphanumeric, Alphanumeric/Symbol,
Alphanumeric/Symbol/International.
- Reports the overall length distribution of the discovered password by account.
- Password statistics as Locked, Disabled, Expired, or if the password is older than 180 days.
- Audit summary for number of accounts cracked and the number of domains audited.
- Supports foreign character sets for Brute Force, as well as foreign
dictionary files. Pull down menus change for language and character set.
L0phtCrack 6 ships with several foreign dictionaries.
Download link:
L0phtCrack 6 (15 days trial):
lc6setup_v6.0.20.exe
Cain & Abel
– Cain & Abel is a password recovery tool for Microsoft Operating
Systems. It allows easy recovery of various kind of passwords by
sniffing the network, cracking encrypted passwords using Dictionary,
Brute-Force and Cryptanalysis attacks, recording VoIP conversations,
decoding scrambled passwords, recovering wireless network keys,
revealing password boxes, uncovering cached passwords and analyzing
routing protocols. The program does not exploit any software
vulnerabilities or bugs that could not be fixed with little effort. It
covers some security aspects/weakness present in protocol’s standards,
authentication methods and caching mechanisms; its main purpose is the
simplified recovery of passwords and credentials from various sources,
however it also ships some “non standard” utilities for Microsoft
Windows users.
This tool needs to be installed, so you must have another working
computer to recover your password remotely. Thus it’s likely to be
useful for system administrator only. Supports Microsoft Windows 2000,
Windows XP, Windows Server 2003, Windows Vista and possibly all later
Windows OS.
Hash Suite
– Hash Suite is a Windows program to test security of password hashes.
It’s primarily a tool for system administrators, security personnels and
security consultants to audit large sets of password hashes to identify
weak passwords but password recovery is a possible secondary use.
Hash Suite is able to import local and remote accounts with
administrator privileges without reliance on any additional tools.
However, the free version of Hash Suite does not support import of
remote accounts, but you can also use one of the many pwdump tools to
obtain the password hashes. This requires either administrator
privileges or reboot from a CD that will access the hard drive directly
(bypassing the installed copy of Windows).
Download links:
Hash Suite (free version):
Hash_Suite_Free_3_2.zip
Download links:
Cain & Abel v4.9.56 for Windows NT/2000/XP
Cain & Abel v2.0 for Windows 9x
PCLoginNow
– Bootable live CD with tool to reset local administrator and other
user accounts passwords or change security settings on Windows system.
Method 6: Third party password recovery service
Login Recovery
– Login Recovery is a service to reveal user names and recover
passwords for Windows NT, 2000, XP, 2003 and Vista. Free service is
available by waiting up to 48 hours and only one free request every
three months. For privacy matter people, there may be some
uncomfortability as service provider actually ‘know’ your password
before sending it back to you.
Method 7: Bypass Windows log on password with DreamPackPL
DreamPackPL
allows users to skip or bypass Windows login security in Windows XP or
Windows 2000, and log on to a password protected Windows user account
without a valid password or the need to change the existing password.
Warning: If you change or reset password by using any method above,
all EFS encrypted files in Windows Vista or Windows XP will be
unreadable and no longer recoverable unless you remember the old
password that used to encrypt the files. So if you have any encrypted
files, it’s best that you try to crack the password first in order to
retrieve and get back the existing password first, before you attempt to
reset the password to a new one.