This is an instructable to teach you how to use the program Ophcrack  to get windows passwords. I am sharing this to give people the knowledge how to do this. I do not take any responsibility for what you do with this information.  I strongly advise you to not use this except on your own computer or to get permission prior to doing this.

Step 1: Getting the SAM File

In windows XP (which I will be using this whole instructable) the Sam files that we need are located in C: (if thats the hard drive with the OS on it) in C/windows/system32/config. If you cant find the sam files just hit ctrl+F and search for *.SAM and you will hopefully get the location. Now that you know where it is you need to get on a live CD of some sort. Because you cant copy the SAM file when Windows is active. I advise the Ophcrack Live CD because it has the ophcrack program on it already. A live flash drive could also be used. Save the whole Config file. I recommend saving it on a flash drive.

Step 2: Get Ophcrack

You could use the Ophcrack OS which is easy. I am using Ubuntu with Ophcrack installed on it. To get Ophcrack on Ubuntu just type in on the terminal "sudo apt-get install ophcrack" (with out quotes of corse) this will install  the program. To open the program just type in "ophcrack" on a terminal.

Step 3: Tables

Now that you have the Sam files you need to open Ophcrack. If you don't have the tables you can get them at ophcrack.sourceforge.net/tables.php. You might be able to get the password cracked with out the tables but it is very unlikely. If you have a super fast computer or super slow internet the faster (not really but if you have a supercomputer with out INTERNET this might work) way might be using winrtgen (but this is super slow but does let you add special symbols).

Step 4: Cracking

Ok now just open the tables by going in to tables, then select the directory where you unzipped them. Now the pictures will show what to press from here.
<p>Ophcrack has a high success rate with Windows Vista and XP. But I have no luck with Windows 8 or 7. If you don't want to recover the original password, an alternate option is removing the password with PCUnlocker Live CD. The password removal process is instant.</p>
I would imagine this would work with network users as well?
The way you could do that is find the Sams on the network mainframe that all the accounts are stored on. I haven't ever done this ( I don't have a server) but if you succeed you should write out the details :-)
A foreseeable problem may be not having access to the mainframe. Well maybe not. I do not know how the network is set up but it would make sense that you could access the mainframe without booting windows right?
it would depend on how it was set up. if it needs authentication you could still see it but not access it without the password
For an easier way, go <a href="https://www.instructables.com/id/The-USB-Computer-Lockpick/" rel="nofollow">here</a>.
but that only works resetting not getting the pass.
Yes, I know, but if you want to get on to a computer fast, that is faster and easier. :)

About This Instructable




More by thekid:How to dual boot Ubuntu 10.04 and Windows 7! how to get a windows password with ophcrack How to improve an old laptop! 
Add instructable to: