Monday, September 14, 2009

How do you recover your Windows password if you forget it?

Ever wake up and decide that today you're going to beef up your digital security? Maybe you heard about all the scary crackers and identity thieves out there and decided to give your laptop a really strong password...except now you can't remember what it is and your locked out of your own computer. So, what do you do? Take it to a professional and pay $50.00 while waiting 24 hours? Not me...

All you need to do (if you're running Windows) is go to http://ophcrack.sourceforge.net/ and download the ISO file for either (or both) Windows Vista or XP in the LIVE CD version.

Check the hash with Winmd5sum which can be found here http://www.nullriver.com/products/winmd5sum by right-clicking the ISO file then:

  • Click Send To, then winMD5Sum.

  • Wait for winMD5Sum to load and finish the checksum.

  • Copy the corresponding hash from the source's website into the bottom text box.

  • Click Compare.

It's important to verify the hash after downloading the file because of the possibility of errors during the download process. It is a very good idea to run an MD5 hash comparison check when you have a file like an operating system install CD that has to be 100% correct.

Cryptographic hashes such as MD5 allow you to verify that the data you have downloaded is the original file and hasn't been altered, corrupted or poisoned in any way... (as long as the hash you use for comparison comes from a trusted source) you can verify the status of a file downloaded from anywhere.

After you have checked the hash and seen that the two hash files match go to Sourceforge at http://sourceforge.net/apps/mediawiki/ophcrack/index.php?title=Frequently_Asked_Questions#How_to_installl_the_LiveCD_on_a_USB_stick.3F and download tazusb by clicking on the link about halfway down the page under the heading “How to installl the LiveCD on a USB stick?” Then connect your USB, launch tazusb.exe and follow the directions.



Tazusb will create bootable usb media with a few simple commands. It can also compress and backup the entire current file system to the media, thus preserving all modifications for future use. You will also download SliTaz which is a free operating system, working completely in RAM and booting from removable media such as a cdrom or USB key.


Once this is finished just decompress the iso file you downloaded to the root of the USB stick with your favorite decompression software (like 7-zip). There should be two directories on your USB stick (boot and ophcrack).

  • Execute the script bootinst.bat that is in the boot directory.

  • Reboot your computer and make sure it boots from the stick.

Easy Peasy. Now all you need to do is plunk it in your computer, turn your computer on, log into the BIOS and change the boot order to boot from your USB drive and then continue the boot process. Slitaz will load automatically and you can even have Ophcrack run automatically.

Within minutes pwdump will have given you the password hashes and Ophcrack will be cracking away. (note: Vista is much, much harder to crack so use a dictionary attack not brute force)