Monday, July 18, 2011

How To Recover, Reset, Or Bypass Windows Passwords

There were times when you need to use a computer, only to be stumbled into a login screen which locks you out from getting into Windows. To make things worse, nobody else know the password. At this point, some people might already start considering to reformat and reinstall Windows.

Curse you.
But not all hope is lost. Given some knowledge, getting back access shouldn't take more than 15 minutes. And it doesn't really require a lot of computer skills. Any adventurous computer user should be able to do it themselves, provided they pay attention.

NOTICE: THIS LISTING IS PROVIDED AS-IS, AND SHOULD NOT BE USED FOR CRIMINAL PURPOSES. I DO NOT HOLD RESPONSIBLE FOR ANY DAMAGE YOU DONE WHILE USING THESE METHODS, BUT REPORTS ABOUT DAMAGES ARE EXTREMELY RARE IF THERE IS ANY, AND I'LL TRY TO HELP IF ANY DAMAGE WERE TO HAPPEN IN THE PROCESS. TRY TO MAKE A BACKUP WHENEVER POSSIBLE TO MINIMIZE DAMAGE.

Method 1: Bypass with Kon-Boot

Fun Fact: The name Kon refers to a character in the popular anime Bleach who took the form of a lion plushie.
Kon-Boot basically lets you bypass the password temporarily, leaving no traces behind. All you need to do is boot Kon-Boot first (via a bootable CD, floppy disk, or USB drive), then load Windows without restarting. Type any gibberish you want in the password field, hit Enter, and voila, you now have access. Restart the PC, and everything goes back to normal.

Kon-Boot comes in two flavors, the free version and the commercial version. The free version (maintained by Piotr Bania) is pretty much the older version, and only works with 32-bit Windows and some Linux distros. The commercial version (maintained by Kryptos Logic) works with both 32-bit and 64-bit Windows, but does not work with Linux distros.

You can get Kon-Boot here:

Method 2: Reset with Offline NT Password & Registry Editor

Okay, just take it slow and you'll be fine.
This small utility will let you reset the password, making it a blank password, or just change it without knowing the original password. However, the utility might seem overwhelming at first, as it was text based, but all the instructions and guides are there to help you. Read them carefully and you shouldn't encounter too many problems. You can see it in action:


Offline NT Password & Registry Editor can be downloaded here:
http://pogostick.net/~pnh/ntpasswd/

Method 3: Reset with PC Login Now

Finally! Something to click on!
If text-based applications aren't your thing, fear not, this utility have a Windows-like interface which is simple to use. Just select the relevant options and hit next. The only downside is that the file is pretty large (about 60MB) compared to Offline NT Password & Registry Editor (about 5MB).

You can download PC Login Now here:
http://www.pcloginnow.com/

Method 4: Recover with Ophcrack

This is why you need strong passwords.
Ophcrack analyses Windows files and lists out the passwords for you. It does a pretty quick job at it (supposedly under 5 minutes) but will most likely work on alphanumeric passwords under 9 characters. Longer and complex passwords might take longer and is not guaranteed to be able to find the password.

You can install Ophcrack in Windows and Linux, but since you're stuck outside Windows you will need to use their LiveCD instead. They're pretty big, about 415MB (for XP) and 495MB (for Vista/7).

You can download Ophcrack LiveCD here:
http://ophcrack.sourceforge.net/download.php?type=livecd

Extra: Merging all tools into a CD/DVD or USB drive with XBOOT

You can even put just about anything bootable here.
You can combine all the four tools mentioned above (and many more) into a bootable USB drive or a DVD using XBoot. You will be given options what to boot when you boot the USB/DVD drive. Even comes with a virtual machine (QEMU) to test out the bootable drive.

You can download XBoot here:
https://sites.google.com/site/shamurxboot/download

Just a small note, right after you load Kon-Boot, it will return to the XBoot menu. To proceed to booting Windows, hit Esc, then type (without quotes) "chain.c32 hd1" and hit Enter. If that fails, you might want to change "hd1" to "hd0", "hd2", "hd3", etc. This should work as long as you use syslinux for it's bootloader.

Hopefully this post has been educational for you, but more importantly, useful for you. Drop some feedback please!

3 comments:

  1. well done, very usefull information.
    need permision to share in my blog also.


    thanks,
    Toni
    www.te-comm.com/ver2

    ReplyDelete
  2. Feel free to share, just mention the source.

    ReplyDelete
  3. Wow. This is a great share. I can bypass my windows login. Thanks for sharing this! It will really help a lot of people experiencing this same problem I have :)

    ReplyDelete