Articles/Computers/Security/Password Recovery in Windows

If you are trying to recover a password from windows, you are in luck since it isn't terribly difficult. The best case scenario is that the windows workstation is set up with a guest account or an account that you actually know the password to. In this case, you can log in using that account and employ some password cracking software.

Modern versions of the Windows software uses the secure hash standard, which is an algorithm used to encrypt passwords that are stored on the system. Without such encryption, it would be even easier to find the passwords. The easiest method to find out such passwords is to employ an application that brute force attacks it with character and number combinations. A brute force approach essentially tries every possible combination of characters and numbers until it finds a password that works. With today's computers, this process can typically be done within a day for short passwords, but can take significantly longer for long passwords. In any case, no Windows password cannot be cracked eventually with this approach.

Some cracking applications can be found in our downloads section. The easiest to use is LCP, although the Cain and Abel program has more features. To crack a password, load LCP and select Import/Import from local computer. A list of user accounts and hashes should appear. Now select the brute force attack button and select Session/Begin audit. Now all you have to do is wait for the program to find the right password!

If you aren't able to log in at all to the Windows workstation, don't worry. All you have to do is recover the SAM file by booting up an alternate operating system on the computer. The easiest way to do this is to burn a copy of Knoppix (a port of Linux) and perform a boot from the CD-ROM with this disk in the drive. Once you are in Knoppix, locate the SAM file in the Windows directory (usually C:\windows\system32\drivers\etc\lmhosts.sam) and either copy it to a USB thumb drive, floppy disk, CD, or the Internet. Alternatively, you could use a DOS boot disk.

Now that you have the SAM file, take it to another PC that has LCP running on it. Copy the SAM file into the LCP directory, boot up LCP and select Import/Import from SAM file. This will load the hashes and you will be able to execute a brute force attack on them.