Picture of The USB Lockpick - Hack Any Password
Forgot your password? Obtained an old computer that was password-protected?
This simple, innocent looking USB drive will erase any Windows password, allowing you full access to an account. And best of all, it is 100% free! (assuming you already have an old flash drive)

Note: This Instructable is designed for password recovery only. The author is not promoting or responsible for the consequences of usage for other non-legitimate reasons. 
Also note: The software is provided by this website. I did not write this software. Use at your own risk. This is my first instructable, and I will do the best job I can. Constructive feedback is appreciated.

Step 1: What You Will Need

Material-wise, this is not complex, and you should not have a problem getting all of these things.
1. USB storage device (Size is not an issue, the files are less than 4 megabytes)
2. Windows computer with USB ports and internet access.
3. Administrative privileges. (Needed to make the USB drive bootable)

This is designed and works only for Windows. I have only tested it on Windows 7, but Windows 2000 or later should work just fine. Linux users, be happy that your operating system is more secure.
GregoryM17 months ago

I tried to download the data to my USB drive from http://pogostick.net/~pnh/ntpasswd/cd100627.zip and got a 404 Error, Page not Found.


Unless you wrote this software yourself, you are a script kiddie.
BinaryMage (author)  deusprogrammer4 years ago
If you had actually read the Instructable, you would know that I did not write the software. As for being a script kiddie, all I can do is point to what I clearly and concisely stated on the first step:

"Note: This Instructable is designed for password recovery only. The author is not responsible for the consequences of usage for other non-legit reasons."

This is not a tool for hacking into other people's computers. (There are much better tools for that.) It is a password recovery tool. Apparently I did not do a good enough job of making that clear.
*Puts foot in mouth* You are right. You did. I will go hang myself now.
BinaryMage (author)  deusprogrammer4 years ago
It's all good. My title was misleading anyway, I just wanted a title that would excite people. I probably should have chose something different.
Also, I like your username. I have used my username for years and have yet to see anyone with the same name =D. Yours seems rather unique too. If you didn't already have it, I would use it. Are you in the security field? I have my degree in CS with a focus in security. If you would ever like to learn more about security (assuming you don't already know a lot), I would be happy to share my knowledge =D.
Do you like HiPoweredHacker?
mnabil24 years ago
I also doing the same. System Boot from USB and take control to the login page... Middle step as you mentioned "Numbering will appear" is not appearing and control goes directly to the login page. Remember! No Issue BIOS and Boot from USB First.
syons mnabil23 years ago
Some computer can not use this method that mine also can work with it.
Finally I use a password tool calls "windows password rescuer",it also run form CD/USB drive,it is small just around 35 M.
Google for the name can find the instructions.
BinaryMage (author)  mnabil24 years ago
I'm sorry, I'm having a hard time understanding your problem. What motherboard do you have? Maybe I can give you some more detailed instructions.
carola234 years ago
it said "error:failed to copy registry files"
and i can't see the list of users either--can you please help me?
BinaryMage (author)  carola233 years ago
Try recopying the files to the USB drive.
gt111824 years ago
'syslinux.exe' is not recognized as a command. I am using windows 7, does that have do do with anything?
BinaryMage (author)  gt111823 years ago
Hmm. Make sure you're running cmd.exe as an administrator.
mnabil24 years ago
USB got boot able but no numbering appears as i bootup the system and windows runs fine and take to the logon page... As the mentioned the steps... They do not appear.
yea, and the best part is, now i have the actual administrator account at my fingertips!!!
TheGreatS4 years ago
Maybe I should get a Linux os soon, any ideas on a specific Linux?(I am NOT however get DVL, that would defeat the purpose)
BinaryMage (author)  TheGreatS4 years ago
Gentoo if you have experience and want speed/customization, Ubuntu if you've never used Linux before. Those are the two I have the most experience with, but other popular distributions include Debian, Mint, Fedora, OpenSUSE, Mandriva, and Slackware.
This is getting way off topic, but this needs a reply.

If you're a Linux noob, _don't_ get Gentoo. Even for an experienced Linux user it is just about the most difficult version to install and depending on hardware, can literally take days. At the moment I wouldn't go for Ubuntu either. The latest version (11.04) comes with a brand new desktop called Unity, which is unlike any desktop you have ever used.

My choice for new Linux users would be Mint 11 (not the Mint Debian version). Very simple install, easy menu and navigation and it will install most of what the average user would need, such as an office suite (libreoffice), powerful image editor (Gimp), multimedia creation and playback etc.

BinaryMage (author)  aspir8or4 years ago
This is better advice than mine. Thank you!
Great Thanks!
I run Windows 7 (x64 Bit)

Wow. It's nice, but I ran into some trouble. I first unlocked the administrator account and explored that for a little bit. Then, when I rebooted, I changed MY password, and found for some reason I couldn't log in. I was getting worried so I just cleared the password the next time. And when that didn't work, I went into Administrator Control Panel for User Accounts, and changed my password, and EVERYTHING IS FINE HAHAHAHAHA.
But this is really ingenious, I feel like a kind-of n00by haxxor!! Thanks
BinaryMage (author)  headrocker074 years ago
Glad you enjoyed it. I'm not sure why that happened, though. You figured it out though, so no worries.
mbartolucci4 years ago
just wondering, would my usb still be able to work as a memory stick, even if I do this to it?
Gold wolf4 years ago
when i type syslinux.exe -m m: it says syslinux.exe -m m: is not reconised as a internal or external command, operable program or batch file
BinaryMage (author)  Gold wolf4 years ago
Type syslinux.exe -ma m:
i typed this multiple times, even copy and pasted but i still got the same error message as @Gold_Wolf
thanks so i did that and it said accessing physical drive: access denied. did not successfully update the MBR; continuing...
BinaryMage (author)  Gold wolf4 years ago
Run the command prompt as an administrator. (Right click, "Run as administrator")
spicy sex5 years ago
hi which type of software is recomended for facebook password stealing
Facebook password stealing is illegal. To recover YOUR password you can use a bunch of different things, including brutus, elcomsoft facebook password crack for you own computer, and a many other things. You should search Back Track.
SS, if you are trying to steal a facebook password from somebody, then nobody on this site will help you. That is a breach of security, an illegal act.

Instructables is not a site for criminals. It was not, is not, and hopefully won't be anytime soon. Instructablers are very careful about maintaining a good image for the site. It is comments like these that corrupt that image and risk getting the site taken down. You may think this is a remote possibility; It very well may be. But that's a gamble I'm not game to take on.

Your intentional may have been entirely innocent in posting the comment. But don't think for one second you can get help in breaking the law from instructables. It won't happen.

I hope that if you really intended to steal someone's password that you have since thought critically about that choice. Hacking is not a child's game. It is not a harmless and playful activity that you can teach yourself without consequences. It is, however, taken very seriously by those who make the laws and those who enforce them.

I agree. This has got to be the dumbest posting I've seen. The one's trying this are in for allot of trouble. Minimum is YOUR FIRED to Prison Time. You don't think that will happen? Just try it; I seen it happen.. Look up computer crimes laws for your state.
Also goes for another post about installing keylogger's or any other malware..
I don't need anything like this to access windows password or reset a cmos password....
BinaryMage (author)  spicy sex5 years ago
I am assuming you are doing this for legit reasons. The best way to do it is to put a keylogger on the victim's computer. It will record the username and password when they log in.
Well that will be sort of difficult if your like me and just click the "keep me logged in" box, but you could make a "virus" along with the keylogger that will delete the history and cookies.... that what i did, my friend hacked my facebook and put some stuff on there that wasnt true, soooo i got him back pretty nicely :)
the use of the words stealing, victim and virus does not suggest legit reasons
rwayman4 years ago
Im using windows xp and the format options are fat32 and exfat so i picked fat 32
and then i put the files like you said and everything and when i tried to boot off of it is said missing operation file whats wrong.
BinaryMage (author)  rwayman4 years ago
Try using this tool to format the drive as FAT.
rwayman4 years ago
and when i put this in syslinux.exe -ma m: with m for my usb drive (e) and it says usage something whats wrong with this too
pindoria4 years ago
dude i tried this everything worked like it is mentioned here but there is one error it shows after step 3 shows
device not accepting address 1, error 110
new high speed usb device using ehci_hcd using address 1

pls pls pls reply as fast as u can i forgot my new netbook password
Ok. Error 110 means that windows is "Unable to open the device". For some reason, your computer is rejecting the USB stick (It's unable to give it an address). Try it on another computer. It could just be a bad drive. Also, try plugging another stick into the same USB port that gave you the error. It could be as simple as a driver screw up or it could be hardware related.

Let us know
BinaryMage (author)  pindoria4 years ago
I haven't seen that error before. The first thing I'd recommend is just trying it again. If that doesn't work, try recopying all the files to the flash drive. If that too does not work, try something else like Ophcrack.
i tired it again and tried copying all file again still the same error
have u tried that on Windows 7 Professional ???
BinaryMage (author)  pindoria4 years ago
I haven't tried it on Win7 Pro, but I have successfully used it on Win7 Ultimate, and I don't know why it wouldn't work on Win7 Pro.
hey i didnt get this step in windows 7 what to do
tekkiekmo4 years ago
Great stuff! If I recall correctly, when you clear the password like this, if the user's Document and Settings are encrypted, you will not be able to access them.
twin2b256284 years ago
Will fat32 work???
BinaryMage (author)  twin2b256284 years ago
I don't know, but trying it certainly won't hurt.
amit sid4 years ago
I din get this step. I wana know what to do in XP with this step?
BinaryMage (author)  amit sid4 years ago
The exact same steps should work in Windows XP. Are you having a problem?
mselwood4 years ago
I extracted the files using http my UNIVERSAL EXTRACTOR and I got pretty much the image above, but when I try open the APP is does not open properly it just flashes up.
BinaryMage (author)  mselwood4 years ago
Are you trying to open a file off the USB drive, or are you booting off of it?
yes im trying to open it off the USB
BinaryMage (author)  mselwood4 years ago
That won't work. You have to boot off the flash drive as detailed in the instructions.
ilpug5 years ago
wish this would work on windows seven, i need to hack my moms computer sooo badly.
BinaryMage (author)  ilpug5 years ago
Did you try it? I used it on Windows 7 and it worked just fine.
Actually there is software called Ophcrack that shows you the password instead of removing it so the victim is none the wiser.
BinaryMage (author)  smtgr145 years ago
You are correct. I have used Ophcrack, and it can sometimes do this. But Ophcrack cannot crack long and complex passwords, and it is rather slow. It only works well with words on its list, and Ophcrack doesn't work on all versions of Windows. This hack is very fast and will work on any Windows system. And, honestly, if the password is erased, the victim is much more likely to think that it is just a computer glitch. There are documented cases of Windows accidentally erasing passwords. Thank you for you suggestion, and Ophcrack could sometimes be better. But this works every time, perfectly, and near-instantaneously.
first off, WRONG!!!

OPH CAN and DOES crack long and complex password...

Complex, as it DOES crack with all english letters, numbers and special chars.

LONG, yes, as in the last time i used it, it would do 14 chars...

versions...wrong again

it works on ALL versions of windows....

guess your only using the DEMO tables, which is only alpha-num based, and only LM hashes which previous to vista were stored in the SAM file, lm is no longer stored, it is created whe nyou log in, and deleted when you log out(which btw, oph dont use "WORDS ON A LIST")

you need to make the real tables to use the program to the fullest extent

before you decide to comment on a piece of software or the tech it uses, atleast have an idea what your saying....

btw your "word list" for oph, there called rainbow tables, precomputed encrypted hashes...hence the "time-memory trade off" it does, your word table is what is called brute force cracking....

and this works by chaning the password, which is great, does work all the time, but you lose two key features. 1. now the 'user' knows someone went in there files, and 2. IF someone happened to click "encrypt files" it is encrypted with the password hash, which is now invalid on there login, now NO ONE can access that data...

any questions?
BinaryMage (author)  Crossfire_softwarez4 years ago
As I have stated multiple times, the point of this hack is NOT to break into someone else's computer. It is designed as a recovery tool. It is also designed to be easy, simple, and mostly failproof. I agree with most of your points, but again, I must stress that this is designed as a password recovery tool ONLY. Please stop the disrespectful comments. I really do appreciate your opinion, but being ill-mannered doesn't contribute to a better experience and a positive community here at Instructables.
That was not disrespectful, just a correction of misinformation that was posted. and yes this is a recovery tool. but if you cannot recover the data because of the "changed" password then what is the point of changing it.

also this was stated as "HACK", not recover, and this does not RECOVER, it replaces the password.

none of what was said was ment to be disrespectful, as stated it was ment to CORRECT misinformation.

i have done file recovery, as well as audits on systems ranging from police use, to DoD. So i felt the need to stop the wrong information from being "taught"
BinaryMage (author)  Crossfire_softwarez4 years ago
Alright, and I do appreciate the information. Just try to be a little nicer in the future.
Well... Excellent point but you see, some people (brother/sister/friend/etc.) don't know about these documented cases and I'd rather have the password they probably use for everything than to simply erase it.
BinaryMage (author)  smtgr145 years ago
I entirely agree. Both tools are different and one or the other is usually better in a given situation.
nick884 years ago
Keep getting DEBUG path: windows not found DEBUG path: winnt not found DEBUG path: winnt35 not found....

what is the path to the registry directory? (relative to windows disk)
[windows/system32/config] :

So now what because I cant get anything to work...

Thank You!
BinaryMage (author)  nick884 years ago
Hmm... Can you give me a screenshot of your exact error message?
You could try doing this in Safe Mode, it might fix your problem.
Thank you but i actually figured it out!
After I start the computer from the USB it says something like there are no menus in the kernel. What do I do to fix that?
BinaryMage (author)  jordantallent4 years ago
The first thing I would try is redoing the procedure. The likely culprit seems to me that you're missing a file somewhere.
mdjo2984 years ago
mines skinny
Neil Bowman4 years ago
If you have Admin privileges....what do you need this for????

To get around it: disable "boot from USB" in the BIOS then put a password on the BIOS , so this won't work.

Even the program "Ophcrack" ( not spelt that way either) needs Admin privileges to run.
There are much, much easier ways to get into a PC (without deleting the users password and giving yourself away).

Don't bother asking.

There is so much BS here that I won't even begin to critique it.

It must be the high levels of fluride in your drinking water!!!!
just remove the cmos battery from the motherboard, put it back in and start the computer normaly. this will reset the bios back to default settings.
zahidpix4 years ago
I have tried this and ophcrack, and can say this one is faster and easier than ophcrack
account3r24 years ago
what if my FlashD is already FAT?
BinaryMage (author)  account3r24 years ago
Just reformat it as detailed in the instructions.
axeman9114 years ago
wildxat5 years ago
"Accessing physical drive: Access is denied. "Did not successfully update the MBR; continuing....." So, I temporarily disabled all my system security, still did not work. Then I looked to see if there were comments that might help here - didn't see any, need to look harder? Next, maybe I try booting into safe mode, or go see if I can use the XP machine, if the Vista isn't nice to me....
BinaryMage (author)  wildxat5 years ago
These steps should fix your problem on the Vista machine, but if they do not, try the XP one.
1. My first guess is that UAC (User Account Control) is denying you access. Turn it off by following the steps here.
2. Make sure your account has administrative privileges. (Start-Control Panel-User Accounts-Add or Remove User Accounts-Click on your account-Change the Account Type, checking Administrator, and clicking Apply)
3. Make sure you copied all of the files to the drive.
If none of these steps work, and your XP machine does not either, please specify the steps you went through, exactly, and I may be able to give you a more effective solution.

but isn't the point of this hacking a computer without the user knowing? how are you going to login and change those settings then log out and hack into the account? this is illogical.
Thanks, I'll have to try the UAC. I didn't think of looking for that. I did it the lazy way by rebooting into Safe Mode, Command Line only, and it worked just fine.
i got the same message :(
punkkapoika4 years ago
It has 8 viruses, so do not download these!
BinaryMage (author)  punkkapoika4 years ago
I can assure you this contains no viruses. It certainly may be flagged as unsafe by your virus-protection software, but it is not a virus. You can, however, use it to hack into somebody's computer...
jvpernis5 years ago
isn't there something like a file on the pc which contains the password(s)? or is it much more complicated and you can't just delete a file? this because maybe you could delete that file, so that you can enter, and that the password is restored afterwards so the user wouldn't notice it. or is there some way to automatize the lock pick? nice tutorial anyway, really helpful and easy steps to follow
BinaryMage (author)  jvpernis5 years ago
Glad you liked the tutorial. In response to your query, that is basically what this tool does. It edits the file(s) which contains the passwords. You can set a password within Windows. If you want to restore the original password, there might be a tool to do it, you can Google it. The point of this tool is to be fast and easy. The reason for all of the menu steps is that this tool could actually do different things, if you wanted it to. Look at the website I linked to at the start of the tutorial for more information. Hope that answers your questions.
oh i get it now, thanks.
BinaryMage (author)  jvpernis5 years ago
Glad to be of service.
mooner775 years ago
i clicked the link to download and it said save open or cancel i saved it and led me to a disc burning program and when i clicked open nothing happened
BinaryMage (author)  mooner775 years ago
Download 7-Zip, a free archive program here. Install it and use it to extract the archive as stated in the instructions.
maurinet5 years ago
It's simpler than you guys think, the reason it's giving you an "Access denied" error is because you're not running cmd.exe with Administrator permissions. To solve it, do the following: 1. Click on the "Start" button, and in the search button type "cmd" (without the " " of course). 2. Right click on "cmd.exe" and choose "Run as Administrator" Now follow the instructions of the tutorial and voila!
Tonyisme5 years ago
Hi, I was wondering if you could help. Basically I have a pc on windows xp, only since I got my laptop I never used it so I've forgotten the p\word. Anyway I've tried various things and none of them seem to work. What I wanted to ask was would I be able to use an old mp3(512mb) instead of a memory stick? Any help would be great as I've been at this for age's and getting nowhere. Cheers, Tony.
BinaryMage (author)  Tonyisme5 years ago
You should be able to - just follow the same steps. Make sure to format the mp3 player as listed in the instructions. Tell me if it works, and if not, I can try to provide more detailed help. Good luck!
Ophcrack may help you...just google it
BinaryMage (author)  smtgr145 years ago
Honestly, Ophcrack is much more complex than this. If this doesn't work, Ophcrack likely won't either. But you could certainly still try.
Then there is the windows exploit if that doesn't work either...
rowriver5 years ago
Great, easy to use method. Hack your Dad's account!