A friend’s laptop was given to me yesterday. He changed his Administrator password and shortly afterwards forgot what it was. So how does one go about getting the password back? Offline NT password and Registry Editor. Boot from a floppy or cd drive and into a Linux OS thingy which allows you to modify the accounts and passwords on your Windows NT, 2000 and XP.
So I did this and it bitched and complained that it did not do it right. I tried again and again. It seemed to work but when I tried to log into the pc with the reset (blanked) password it failed. It did however allow the amount of retries to enter the password to be unlimited, instead of 3. I tried a few more times, setting the password to blank or to something else. I set it to domino and tried logging in. No dice. I then decided I probably had to get the SAM file (where the passwords are stored) and crack it using LophtCrack, a password cracker that was developed by white hat hackers who started working for AtStake who were acquired by Symantec. That application disappeared after that. Bless BitTorrent for providing it to me.
To get the SAM file I created a boot disk using NtfsFloppySetup.exe, booted in and copied the SAM file onto the floppy. Copied it on to the computer, ran LophtCrack and started it cracking. It told me SAM files from XP are more than likely protected using SYSKEY. Shit. I tried it anyway and it cracked the password in a few minutes. Password was: diablo. Arghhhhh. I went to the laptop and tried this again and it would NOT let me in.
So, rebooted again and loaded the Offline NT password and Registry Editor disk. Changed the password to blank. Rebooted into XP and it logged me right into the system. Thank god.
One thing. After rewriting the password file XP complained on next bootup that the contents of the harddrive had changed and it needed to scan and fix any issues. I allowed it on some reboots and didn’t on others. This time I did not allow it to run diskcheck.
Other tools that may be of use are: Windows Password Renew 1.1 but you have to be logged into the system to reset the password here. I also found this interesting but difficult to use password cracker called Project Rainbow Crack.
Just delete the SAM file using NTFSDos, reboot you’ll get an error, load up that registery entry, change a key which I can’t exactly remember at the moment, reboot again, change key back and voilla blank Administrator password. Even deletes all the accounts and renames the admin account back to what it should be.
Try searching for net user. Another war of resetting the PW.