Breaking Passwords

logisticalstyles

I have a question. I do PC repair work on the side and I ocasionally get asked about forgotten passwords. In most circumstances they don't have any of the discs that came with the computer and can't get past the logon screen. I always end up having to pass on these calls because the only thing I know to try to do is back up the user's data and reinstall Windows. The client usually does not want to repurchase Windows so there's not much I can do for them.

Am I forgetting or missing something? I've googled this topic and the only suggestions I can see are for software which most likely doesn't work. I'm A+ and Net+ certified and am currently working on my 70-680, but this is making me feel like a beginer all over again. Any suggestions?

slinuxuzer

Start with Hirens boot disk for XP, I am not sure about vista and 7 cause I've never done this procedure on them. This disk and others like it will boot into a alternate OS and blank the local admin passwords, this is getting harder to do with the new OS's, but thats where most people will start.

A lost password can mean a reload of OS but usually shouldn't mean repurchase windows, look for the COA sticker on the PC, it should have the license key and you can use that to reinstall, sometimes you will have to call MS and explain to them this was a reload and they will let you reload the license key.

My suggestion, stick with the MS track for now and get MCITP:EA, also try to find a job doing this full time.

kriscamaro68

Ophcrack can do this as well. It will try and crack the sam database and from what I have seen it works every time. Depends on the password complexity though.

Tackle

I use OPHCRACK in these situations. It works very well, up to 14 character passwords. Works with XP, Vista and 7.

It will display the password once cracked. It is quick, it cracked my password in less than 30 seconds.

kriscamaro68

Here is another thread to check out that might help: http://www.techexams.net/forums/windows-7-exams/65654-windows-7-password-recovery.html

Whiteout

slinuxuzer wrote: »

Start with Hirens boot disk for XP, I am not sure about vista and 7 cause I've never done this procedure on them.

Just confirming that Hirens does work with Vista and 7, use it all the time.

humdingy02

As everyone else has said, Ophcrack works great for recovery. I use Offline NT Password & Registry editor if that doesn't work, or if I don't need the password recovered - it only blanks the password. I think this is the option that everyone is talking about when they mention Hirens.

themagicone

There is a lot of tools to use to break the password on Windows. You can crack it or just change it. Only problem with changing it is that if they are using bitlocker to encrypt the hard drive you loose everything. I always run into the problem is that I can get into the computer just fine, what I need those it the local admin account. And no one never remembers that dang password.

whatthehell

Tackle wrote: »

I use OPHCRACK in these situations. It works very well, up to 14 character passwords. Works with XP, Vista and 7.

It will display the password once cracked. It is quick, it cracked my password in less than 30 seconds.

Ophrack is great! I believe it uses rainbow tables right?

logisticalstyles

Thanks for the replies! I will definitely be looking into OPHCRACK. I'll try using this tonight at home. Now I can stop turning potential customers away. Hopefully the person that called me this morning will still need my help.

I actually work on the help desk at my day job, but whenever someone forgets a password we just change it in AD.

colemic

Look for ERD Commander as well, like others, changes the local admin password to one of your choosing.

Slowhand

I'm going to toss in another vote for Hiren's Boot CD, there are lots of tools worth learning about on it, not the least of which is the Offline NT Password Changer, which can modify local passwords of every version of Windows from NT 4.0 to Windows 7. Hiren's can also run hardware tests, such as memory testers and hard drive diagnostics, among quite a few other things. Recently, the Mini-XP feature saved my butt when I was trying to recover data from a machine with some bad virus infections.

shaqazoolu

logisticalstyles wrote: »

Thanks for the replies! I will definitely be looking into OPHCRACK. I'll try using this tonight at home. Now I can stop turning potential customers away. Hopefully the person that called me this morning will still need my help.

I actually work on the help desk at my day job, but whenever someone forgets a password we just change it in AD.

If you want to have any type of success with Ophcrack, you're going to need some respectable tables to go with it and you don't really just "get" those. The ones I have are old and they are 8GB. They have some that are over 100GB now and they are not cheap. Doing pen tests, I never ran across a password that the 8GB tables didn't crack but that could still take a little while to download.

Also, If you have any type of AV installed on your machine that you will be using (I hope you do), I would recommend creating a folder that you will install Ophcrack into and make exceptions in the AV for that folder. Otherwise the AV will nuke your install immediately.

DigitalZeroOne

Trinity Rescue Kit (just google it). You can set passwords to blank, unlock accounts, and more.

Akaricloud

shaqazoolu wrote: »

If you want to have any type of success with Ophcrack, you're going to need some respectable tables to go with it and you don't really just "get" those. The ones I have are old and they are 8GB. They have some that are over 100GB now and they are not cheap. Doing pen tests, I never ran across a password that the 8GB tables didn't crack but that could still take a little while to download.

Why not make your own? It's not difficult, it'll just require leaving a computer on for a while. I used to make/sell them back when they first started being used.

tru504187211

One thing past the technical side that should be considered...how do you know the machine is not stolen? I also do business 'on the side', and require proof, such as a receipt, that the machine is indeed theirs before unlocking a PC. If I suspect they are asking me to work on (for any problem) a stolen machine, I refuse the work.

Money is not everything...

Ch@rl!3m0ng

Will say Ophcrack is good. Also If you are doing this on the side you may want to look at Passware Enterprise Kit for the Zip folders and Excel Documents people like to password protect and then forget their passwords! Good luck dude.

shaqazoolu

Novalith478 wrote: »

You can boot of Ophcrack using a Live-CD. That's how I cracked the local admin password on my high school computers

Probably take a performance hit though. Probably not big enough of one to matter if you just need to do this one time, but I am stuck in the mindset of doing it all the time for my job. When I think of cracking passwords I want maximum power dedicated to it with the most robust tables available. I am still waiting to get my hands on a couple of CUDA cards that I can put in SLI and see what some GPU cores can do for the speed.

Novalith478

shaqazoolu wrote: »

Probably take a performance hit though. Probably not big enough of one to matter if you just need to do this one time, but I am stuck in the mindset of doing it all the time for my job. When I think of cracking passwords I want maximum power dedicated to it with the most robust tables available. I am still waiting to get my hands on a couple of CUDA cards that I can put in SLI and see what some GPU cores can do for the speed.

Fair enough. I also recall there being a program called Cain and Abel oxid.it - Cain & Abel that has all sorts of features, including MS password recovery. Again, it's good for one time stuff, but if the password you're trying to crack is longer than 15 characters, you might have some trouble.

shaqazoolu

Novalith478 wrote: »

Fair enough. I also recall there being a program called Cain and Abel oxid.it - Cain & Abel that has all sorts of features, including MS password recovery. Again, it's good for one time stuff, but if the password you're trying to crack is longer than 15 characters, you might have some trouble.

Cain is excellent at a lot of things, but I use Ophcrack over it for grinding password hashes.

NewManSoon

Kon Boot is a great tool.. It allows you to log into machines without having to crack the password (Windows and some Linux).

Nobylspoon

shaqazoolu wrote: »

If you want to have any type of success with Ophcrack, you're going to need some respectable tables to go with it and you don't really just "get" those. The ones I have are old and they are 8GB. They have some that are over 100GB now and they are not cheap. Doing pen tests, I never ran across a password that the 8GB tables didn't crack but that could still take a little while to download.

Also, If you have any type of AV installed on your machine that you will be using (I hope you do), I would recommend creating a folder that you will install Ophcrack into and make exceptions in the AV for that folder. Otherwise the AV will nuke your install immediately.

I filled a 750GB external HDD with nothing but rainbow tables, both NT and NTLM of varying lengths and complexities.

Everyone

You don't have to crack the password if you have physical access to the machine, like you would in this case. Plenty of Linux based utilities out there that you can boot from to reset a Windows password with.

logisticalstyles

Wow, lot's of great info here. I guess I need to get some tables for OPHCRACK. I was able to unlock one test account that I created on an XP machine, but it could figure out the same password on a Vista or 7 machine. I'll also be trying some of the others that were mentioned as well. I guess Hirens is next.

I didn't get a chance to call back my original caller since I was so busy this weekend, plus I wanted to test it out at home before I wasted anytime going out to thier home. I trust that this computer isn't stolen. Her mother reffered her to me after I fixed her computer. The mother is a doctor and I would hope they don't need to steal computers, but you really can never be totally sure without documentation.

Once again thanks for the info.

RTmarc

Knoppix and ERD Commander have worked fine in my experience.

rsutton

Throwing in my vote for NT Offline editor. Quick, easy and works on most any Windows desktop OS.