How to Recover a Windows XP / Vista Password

Posted at Sunday, April 12, 2009

How to Recover a Windows XP / Vista Password

It truly is possible to forget your Windows XP or Vista password, especially after you have just entered a new one. When that happens, you need to recover your password fast! Here’s how.

There is a class of utility known as the password recovery tool. Many are fairly expensive, but others are completely free. If you changed your password late last night before you went to bed, and now you can’t remember it, these utilities could be your salvation. We will just detail what seems to be the most effective utility.

The best-known free password recovery utility is named Ophcrack. One of the beauties of this utility is that you don’t need access to your specific Windows system in order to use it. But you will need to prepare for the lost password eventuality in advance, and save the media containing the solution, or have access to another computer, even if it is not yours, after the problem has occurred.

Ophcrack is an open source (GPL licensed) program that cracks Windows passwords by using LM hashes through rainbow tables. You don’t have to know what all that means to use the utility. The program includes the ability to import the hashes from a variety of formats, including dumping directly from the SAM files of Windows. These tables can crack 99.9% of alphanumeric passwords of up to 14 characters in usually a few seconds, and at most a few minutes.

Ophcrack does not require any direct access to the Windows OS on the machine from which you are recovering the password(s). All you need is the ability to boot from your CD drive, available on almost all modern systems. Ophcrack will handle the recovery from there. It will recover the passwords for all of the accounts on the system, including that of the administrator.

To get started, visit the Ophcrack site. There, you will find two different Ophcrack LiveCD downloads available, one for Windows XP and another for Windows Vista. Download the file that matches the system that you want to crack. What you are getting is an ISO file, which contains all of the data you will need to make the CD that will allow you to recover your passwords. It is a big file and may take a while to download.

Next, you will need to turn that ISO file into a CD, which is a bit different than burning a music or data CD. If you have never done this, you probably don’t have a tool that will do it. Worry not! All you need to do is download another utility: Free Easy CD DVD Burner. It is also a completely free utility. Follow the instructions in Free Easy CD DVD Burner for the burning of a CD from an ISO file, using the file that you downloaded from the Ophcrack site.

Take the Ophcrack CD to the computer from which you need to recover passwords. Insert it into the target computer’s CD drive and turn on the computer. It should boot from the CD, which contains a miniature operating system that contains everything needed to get your passwords back for you. It will look like your computer is starting normally at first, but it will not. If your computer boot’s into Windows, or does not boot at all, you will probably need to change the boot order in your Bios so that it can boot from the CD. If the CD was properly made, and your computer is set to it will boot from the CD as an option, your system should boot into the Ophcrack opening screen.

This opening screen will ask you to select a program mode. The one that is highlighted (Ophcrack Graphic mode) is the right one. You can either press enter at this point or wait a few seconds and the program will continue automatically. When the program continues, you will see a text window (like that used by DOS) and a number of lines will scroll by, showing the progress of the Linux operating system boot and the preparation to run the password recovery task. These may include a quickly flashed message saying that a hard disk partition with hash tables has been found, which is good since that’s where the passwords are.

Finally, the Ophcrack program itself will run and the recovery of passwords will begin. The program runs completely automatically.

The important results will be shown in the first column (User) and the last column (NT Pwd). The former is the name of the user account and the latter is the password for that account. There are some important things to remember about this information. If the password column says “empty” it means that the password for that account is blank. You can log on using that account without entering a password; just enter the account name, leave the password blank, and press enter.

If the account that you are looking for is not there, it means that Ophcrack did not find that password on the target computer. It may have been deleted inadvertently, which is another reason that you would not have been able able to log on in the first place. If the “NT Pwd” column is blank, Ophcrack has not yet found the password for that account.

When the program has competed, write down the user names and passwords that you were trying to recover. Then remove the CD from the drive and re-boot the system as usual. Use the desired name and password to log into the computer as you always do, and your problem is solved. If Ophcrack does not find a password, which is rare, you may have to move on to another solution. In this case, perhaps a program called Offline NT Password & Registry Editor, which erases the Admin password so that you can log in and make any other required changes, would be your best bet, though it requires a bit more admin work.