If you have forgotten your Windows password, be it a simple login password or the local administrator password for a Windows Server then there are a few approaches you can take, listed in order or difficulty/time-taken:
1. Guess the password
2. Use an alternative administrative account to reset the password
3. Try to crack the password
4. Try to clear the password
5. Enable a hidden administrative account and then reset the password
1. Guess the password, or guess the password of another user with administrator privileges some common passwords can be found here http://www.whatsmypass.com/the-top-500-worst-passwords-of-all-time
Of course try some themes which may mean something the person who owns the account.
2. In any version of Windows, if you have another account that is an administrator and you know the password then you can log-in with that account and use this method to reset any passwords. In Windows XP the administrator account is rarely used and often has a blank password. Access it by going in to safemode - press F8 just before the "Starting Windows" splash screen shows. Once you have logged on as administrator you can go to Start > Run: control userpasswords2
Select the user and then the "Reset Password" button.
3. Try to crack the password with Ophcrack http://ophcrack.sourceforge.net/. Password cracking will work in most cases for XP and a lot of cases for Vista. However, if you look through the tables page on the website you'll see that using this technique is virtual impossible for a password longer than 8 characters that includes upper and lower case letters, numbers and symbols.
Write the Ophcrack iso to a cd/dvd and reboot the computer from the CD.
If Ophcrack fails to run first time then it could be that it failed to mount the Windows partition. So you will need to figure out which partition it is. I did this with trial and error like so: (Open a terminal window)
a) mkdir /mnt/cdrive
b) mount /dev/sda1 /mnt/cdrive
c) ls /mnt/cdrive
In step c) you are looking out for a directory listing the same as your Windows C drive, the presence of a Windows directory is an obvious giveaway. If /dev/sda1 does not hold your C drive then try /dev/sda2, then try /dev/sda3. On older systems, i.e. with PATA (IDE) rather than SATA drives then you might find it is /dev/hda1 etc.
Once you have located and mounted your windows partition. Then you need to re-run the cracking utility:
d) /home/tux/launch.sh
If you get permission denied errors then you should run the command starting with sudo, e.g. sudo mount /dev/sda1 /mnt/cdrive
Check out the FAQ for more information http://sourceforge.net/apps/mediawiki/ophcrack/index.php?title=Frequently_Asked_Questions
4. Try to clear the password with chntpw
This method has worked for me on XP, 2003 and Vista installs and I have no reason to believe that it wouldn't work on Windows 7 or Server 2008. The caveat is that servers tend to have RAID disks and so you will need a Linux distro with RAID drivers, such as Ubuntu server.
a) mount the drive (see Method 3)
b) sudo apt-get install chntpw (at this step it failed, make sure you're connected to the Internet, in some cases you may need to first run sudo apt-get update)
c) cd /mnt/cdrive/Windows/System32/config
d) chntpw -u Administrator SAM
e) select option 1 to clear the password, choose "y" to write the hive file, then reboot.
In Vista, the built-in administrator account is disabled by default and perhaps it is someone else's account which you need to clear the password on so choose chntpw -u "Joe Bloggs" SAM.
The last time I tried this it failed to clear the password. So that's why I've written method 5.
5. Enable a disabled administrative account with chntpw then reset the password from that account. Note: if there is another administrator account in Windows which you do know the password for then you should use method 2.
You begin this one exactly the same as method 4 except at step e).
a) mount the drive (see Method 3)
b) sudo apt-get install chntpw
c) cd /mnt/cdrive/Windows/System32/config
d) chntpw -u Administrator SAM
e) select option 4 to unlock and enable, choose "y" to write the hive file, then reboot.
f) Log on to Windows using the Administrator account, then proceed as in Method 2.
g) Log-off Administrator and Log-on to the User who now has a new password.
h) Finally hide the Administrator account again start a command prompt, in Vista or 7 type cmd into the start menu then right-click on cmd.exe and choose "run as administrator"
i) type: net user administrator /active:no
No comments:
Post a Comment