Picture of how to get a windows password with ophcrack
This is an instructable to teach you how to use the program Ophcrack  to get windows passwords. I am sharing this to give people the knowledge how to do this. I do not take any responsibility for what you do with this information.  I strongly advise you to not use this except on your own computer or to get permission prior to doing this.
Remove these adsRemove these ads by Signing Up

Step 1: Getting the SAM file

In windows XP (which I will be using this whole instructable) the Sam files that we need are located in C: (if thats the hard drive with the OS on it) in C/windows/system32/config. If you cant find the sam files just hit ctrl+F and search for *.SAM and you will hopefully get the location. Now that you know where it is you need to get on a live CD of some sort. Because you cant copy the SAM file when Windows is active. I advise the Ophcrack Live CD because it has the ophcrack program on it already. A live flash drive could also be used. Save the whole Config file. I recommend saving it on a flash drive.

Step 2: Get Ophcrack

Picture of get Ophcrack
You could use the Ophcrack OS which is easy. I am using Ubuntu with Ophcrack installed on it. To get Ophcrack on Ubuntu just type in on the terminal "sudo apt-get install ophcrack" (with out quotes of corse) this will install  the program. To open the program just type in "ophcrack" on a terminal.

Step 3: Tables

Now that you have the Sam files you need to open Ophcrack. If you don't have the tables you can get them at You might be able to get the password cracked with out the tables but it is very unlikely. If you have a super fast computer or super slow internet the faster (not really but if you have a supercomputer with out INTERNET this might work) way might be using winrtgen (but this is super slow but does let you add special symbols).
terryfrantz5 months ago

Ophcrack has a high success rate with Windows Vista and XP. But I have no luck with Windows 8 or 7. If you don't want to recover the original password, an alternate option is removing the password with PCUnlocker Live CD. The password removal process is instant.

yzi2 years ago

In fact, U can try more than a few times to enter a password. Of course, U can use one way to search password recovery tools in website.

You will found much of recovery tools, but I think Windows Password Recovery Tool 3.0 is a good choice, I know that is CHEAPEST and easy to use.

Anyway, you will login to my computer immediately.

octavian2344 years ago
I would imagine this would work with network users as well?
If you have a bootable USB drive,some password tools can be burn to it and you can boot your computer from USB to run the software,so that you can recover/remove WIndows system password from USB.
Such as Windows Password Rescuer,can launch from CD/USB.
thekid (author)  octavian2344 years ago
The way you could do that is find the Sams on the network mainframe that all the accounts are stored on. I haven't ever done this ( I don't have a server) but if you succeed you should write out the details :-)
A foreseeable problem may be not having access to the mainframe. Well maybe not. I do not know how the network is set up but it would make sense that you could access the mainframe without booting windows right?
thekid (author)  octavian2344 years ago
it would depend on how it was set up. if it needs authentication you could still see it but not access it without the password
BinaryMage4 years ago
For an easier way, go here.
thekid (author)  BinaryMage4 years ago
but that only works resetting not getting the pass.
Yes, I know, but if you want to get on to a computer fast, that is faster and easier. :)