Window Password Recovery!


Introduction: Window Password Recovery!

About: I am a Nerd lol.

This instructable will show how to recover a Windows password and to show the weakness in Microsoft SAM. Warning: Do not use this for Illegal purposes like "Hacking". I and Instructibles will except no responsibility For your action's this is meant for educational purposes.

Step 1: What You Need

1.You will need Back track to extract the hashes from SAM. You can get back track here Back Track is a free Live Linux distro that includes many tools that can run off a cd.
2.after you download Back Track You will need to burn the image file to a cd if you don't have any software that can burn images you can use this free one Deep Burn
3.Blank cd's
4. Burn IT

Step 2: Boot

After Back Track Boots up you will Come to a prompt that will ask you to log in the user name is root and password is toor.

Step 3: Getting to System Key

Open a terminal and run
bkhive /mnt/your drive/WINDOWS/system32/config/system key
In most cases your hard drive will be hda1

Step 4: Getting the Hashes

1.After getting the system key run
samdump2 /mnt/your drive/WINDOWS/system32/config/SAM key
2.Then you will get a list of hashes
3.copy the hash you want to crack

Step 5: Decrypting the Hashes

There are many ways of decrypting the hashes Dictionary attack,Brute force and Rainbow tables.
1.I am going to use a set of online Rainbow tables add hash
3.paste the hash the hash type Windows usually uses lm hashes
5.enter security code
6.submit search and paste your hash and click search
8.and your Done!



    • Water Contest

      Water Contest
    • Oil Contest

      Oil Contest
    • Clocks Contest

      Clocks Contest

    25 Discussions

    Yeah, I think the Windows Password Recovery Tool 3.0 could help u get past the password on the pc, u can have a try.

    And if you have a bootable USB drive, the password tools can be burn to it and you can boot your computer from USB to run the software,so that you can recover/remove Windows system password from USB.

    u can follow these 4 steps with less than 5 minutes:

    Step 1: Download Windows Password Recovery Tool 3.0

    Step 2: Burn bootable CD/DVD or USB flash drive

    Step 3: BIOS setting,set your locked computer to boot from CD/DVD or USB

    Step 4: Reset Windows password by a few clicks

    Good luck! Hope this helps you and save you time and the frustration!

    the upgraded xp's have changed the encryption type but i forgot what it is ( i think it has a "N' in it but im not for sure) so you can just google it to find out

    1 reply

    If I recall correctly, the two types are NTLM and MD4.

    It's quite a bit simpler to just go get the OphCrack live CD. It can break most people's passwords all by itself, and, even if it can't, it will parse the sam file for you and put the hashes in a neat list on the screen for use with whichever list site you like.

    when they ask for the account password just press ctrl-alt-del and there a dialog box will that for user name type administrator and for password no need to type any thing contact me for any help god bless you

    1 reply

    You should put on there that you have to either get the backtrack cd or usb flash drive (you can do it both ways) in before windown starts to boot or you can crash your computer completely and, ironicaly, that's the program you need to get your computer info back. I recommend pressing F8 before window's loading screen kicks on (which takes you to BIOS), inserting the CD, and then restarting the computer with Backtrack in it. But DON'T PLUG IT IN before it starts or you won't be able to send a post saying it don't work like that. (I use Backtrack often, I know these things)

    1 reply

    Not necessarily,regarding pressing F8.On my machine ,pressing ANY key F1-F12 doesn't have any effect.It shows happily eMachines screen and promptly proceeds to log in .BIOS is somewhere there,but not accessible.Maybe booting from CD or floppy would help.

    you say copy but where do you copy it to? how do you save it? since the thing is running off a disc i wasn't able to get it to save to any hardrive. Also is there any more suggestions on different decryptors, possibly online?

    How do you decrypt the hashes when you dont have access to internet on the computer? Like isn't there any software that you can boot along with the CD to do your decrypting instead of the website?

    I just got a thinkpad r51 from my school for school work and it had some weird custom edition of xp school or something like that. It had a custom windows 98 like log in window. I just ended up wiping the hd (they're gonna be pissed off about that), would it work on that maybe?

    1 reply

    what you need is data recovery software,every computer user should have good one is undelete plus free fromcnet ormaximum pc downloads

    hey with windows xp home, im not shure about pro but you can just restart the computer and enter in through safe mode and remove the password. my brother did it on my church's computer. Or you could always just happen to have a copy of winternals makes password removal super easy.

    Unfortunately, this method takes a long time. But what if you could start the Explorer shell remotely while you are still on the logon screen (what user would you operate under?)? I suppose you'll get total access.

    I feel noobish for asking, but how can I get to the screen in your tutorial? When I start up my computer, it only displays "boot:" lol please don't flame.

    Being able to recover a password IS THE SAME AS being able to change it. If you have the password, you can log in. If you can log in, you can change the password.