Introduction: Window Password Recovery!

Picture of Window Password Recovery!

This instructable will show how to recover a Windows password and to show the weakness in Microsoft SAM. Warning: Do not use this for Illegal purposes like "Hacking". I and Instructibles will except no responsibility For your action's this is meant for educational purposes.

Step 1: What You Need

Picture of What You Need

1.You will need Back track to extract the hashes from SAM. You can get back track here Back Track is a free Live Linux distro that includes many tools that can run off a cd.
2.after you download Back Track You will need to burn the image file to a cd if you don't have any software that can burn images you can use this free one Deep Burn
3.Blank cd's
4. Burn IT

Step 2: Boot

After Back Track Boots up you will Come to a prompt that will ask you to log in the user name is root and password is toor.

Step 3: Getting to System Key

Picture of Getting to System Key

Open a terminal and run
bkhive /mnt/your drive/WINDOWS/system32/config/system key
In most cases your hard drive will be hda1

Step 4: Getting the Hashes

Picture of Getting the Hashes

1.After getting the system key run
samdump2 /mnt/your drive/WINDOWS/system32/config/SAM key
2.Then you will get a list of hashes
3.copy the hash you want to crack

Step 5: Decrypting the Hashes

Picture of Decrypting the Hashes

There are many ways of decrypting the hashes Dictionary attack,Brute force and Rainbow tables.
1.I am going to use a set of online Rainbow tables plain-text.info
2.click add hash
3.paste the hash
4.select the hash type Windows usually uses lm hashes
5.enter security code
6.submit
7.click search and paste your hash and click search
8.and your Done!

Comments

Jacqueline_Walker (author)2017-03-19

Please don't waste your time with these methods, the only one that has ever given me any results is this one here: http://passwordresetfix.blogspot.com/

Lebbronz (author)2015-12-25

Here is the way that successfully rest my windows admin password:

http://www.iseepassword.com/how-to-reset-windows-7-password.html

This is quite simple and it only takes a few minutes to recover the old password and set a new one.

Xiaoxiaoert (author)2012-04-11

Yeah, I think the Windows Password Recovery Tool 3.0 could help u get past the password on the pc, u can have a try.



And if you have a bootable USB drive, the password tools can be burn to it and you can boot your computer from USB to run the software,so that you can recover/remove Windows system password from USB.



u can follow these 4 steps with less than 5 minutes:



Step 1: Download Windows Password Recovery Tool 3.0


Step 2: Burn bootable CD/DVD or USB flash drive


Step 3: BIOS setting,set your locked computer to boot from CD/DVD or USB


Step 4: Reset Windows password by a few clicks



Good luck! Hope this helps you and save you time and the frustration!

middletonaustin95 (author)2009-08-25

the upgraded xp's have changed the encryption type but i forgot what it is ( i think it has a "N' in it but im not for sure) so you can just google it to find out

If I recall correctly, the two types are NTLM and MD4.

It's quite a bit simpler to just go get the OphCrack live CD. It can break most people's passwords all by itself, and, even if it can't, it will parse the sam file for you and put the hashes in a neat list on the screen for use with whichever list site you like.

alvin hckr (author)2008-03-23

when they ask for the account password just press ctrl-alt-del and there a dialog box will come.in that for user name type administrator and for password no need to type any thing contact me bip_ev@hotmail.com for any help god bless you

some people deactivate the admin account or change the password for it so you cant do that

ColinR94 (author)2008-07-28

You should put on there that you have to either get the backtrack cd or usb flash drive (you can do it both ways) in before windown starts to boot or you can crash your computer completely and, ironicaly, that's the program you need to get your computer info back. I recommend pressing F8 before window's loading screen kicks on (which takes you to BIOS), inserting the CD, and then restarting the computer with Backtrack in it. But DON'T PLUG IT IN before it starts or you won't be able to send a post saying it don't work like that. (I use Backtrack often, I know these things)

hinge (author)ColinR942008-08-23

Not necessarily,regarding pressing F8.On my machine ,pressing ANY key F1-F12 doesn't have any effect.It shows happily eMachines screen and promptly proceeds to log in .BIOS is somewhere there,but not accessible.Maybe booting from CD or floppy would help.

Gonazar (author)2007-10-17

you say copy but where do you copy it to? how do you save it? since the thing is running off a disc i wasn't able to get it to save to any hardrive. Also is there any more suggestions on different decryptors, possibly online?

Fayes (author)2007-09-01

How do you decrypt the hashes when you dont have access to internet on the computer? Like isn't there any software that you can boot along with the CD to do your decrypting instead of the website?

Punkguyta (author)2007-04-19

I just got a thinkpad r51 from my school for school work and it had some weird custom edition of xp school or something like that. It had a custom windows 98 like log in window. I just ended up wiping the hd (they're gonna be pissed off about that), would it work on that maybe?

fegundez1 (author)Punkguyta2007-08-07

what you need is data recovery software,every computer user should have some.one good one is undelete plus free fromcnet ormaximum pc downloads

Superdboy09 (author)2007-07-07

hey with windows xp home, im not shure about pro but you can just restart the computer and enter in through safe mode and remove the password. my brother did it on my church's computer. Or you could always just happen to have a copy of winternals too.it makes password removal super easy.

supernull (author)2007-05-13

Just click one thats like this
http://mirror.switch.ch/ftp/mirror/backtrack/bt2final.iso
make sure it says bt2final.iso that is the final release the other links are just other mirrors.

dasarp (author)2007-05-09

Try this instructable on getting Windows Passwords:
https://www.instructables.com/id/SAEPSY3F1B3RBOT/

HubmaN (author)2007-04-25

Unfortunately, this method takes a long time. But what if you could start the Explorer shell remotely while you are still on the logon screen (what user would you operate under?)? I suppose you'll get total access.

Head Crab Ned (author)2007-04-22

omg, never mind. I feel dtupid now:)

Head Crab Ned (author)2007-04-22

I feel noobish for asking, but how can I get to the screen in your tutorial? When I start up my computer, it only displays "boot:" lol please don't flame.

shark2514 (author)2007-04-14

Being able to recover a password IS THE SAME AS being able to change it. If you have the password, you can log in. If you can log in, you can change the password.

supernull (author)2007-04-14

It will Recover the password and I don't think it will give you a virus because it is a Linux operating system that just runs from a CD . Your not installing any thing on your hard drive except the burning software that you only need if you don't have any.

rockyt (author)2007-04-11

will this work on a win2k machine?

supernull (author)rockyt2007-04-11

yes it should work win2k

Danny (author)2007-04-11

on my comp i can just boot it in safe mode and change all the passes (i know the admin pass coz its the default)

whatsisface (author)2007-04-11

This is a good technique to use, i know ive lost a few passwords in my time ¬¬. Nice instructable

About This Instructable

29,707views

40favorites

License:

Bio: I am a Nerd lol.
More by supernull:Window Password Recovery!
Add instructable to: