Recovering (Administrator) passwords Windows XP

Try No Password Administrator Login Backdoor

In Windows XP (not Windows Vista as Administrator account is not enabled by default), there is built-in Administrator user account, that has administrative credentials, enabled by default, and without any password to protect the account from been access. If you didn’t change this Administrator’s password, then try to sign in to Windows XP without password.

In password-protected Windows XP Home or Professional edition system, each user logs on to his or her own user name and password to have full access to the Windows computer. However, Windows user or administrator can still log in to the Windows XP machine without knowing the original password, if they have lost or forgotten the user ID or password, by using various bypass or crack method such as using DreamPackPL to bypass the need to logon using valid account or password, crack or brute force retrieve the Windows passwords for various user or administrator account with Ophcrack2, and using third party services such as Login Recovery to retrieval and recovery of Windows user name and passwords. However, there is one simpler method to hack into a Windows XP system, if the computer owner installed Windows XP, and forgot or not set the Administrator account password.

By default installation, Windows XP has a built-in Administrator account which equivalent to root or superuser privilege account in Linux or Unix that contains no password. In other word, hacker or any people can simply key in Administrator as user name at the Windows Logon Welcome Screen prompt with blank password (no password) and get full administrative access as superuser to the Windows PC. Worse, most computer owners don’t even know such an Administrator account is actually existed, don’t even mentioned they will create or set a password for Administrator user account.

So this security vulnerability flaw provides an easy way to hack into any Windows XP computer that the user forgets or simply does not set a password for the Administrator user ID. The problem is that in normal Windows XP Welcome Screen where you choose which user name you want to log onto, the Administrator user name is not displayed and is not shown. If you can’t choose or select the Administrator from the login screen, then how are you going to log-in with the Administrator account? The following video clip provides a simple hack and trick.

Basically, at Windows XP Welcom Screen, simply press Ctrl-Alt-Del keys sequence together twice, and you will be shown a Log On to Windows menu which you can specify User Name and Password. In the User Name text box, key in “Administrator” (without quote) and leave the Password field blank. Then press Enter or click on OK. If there is not password protects the Administrator account, or blank password is set, then you will be able to access the Windows with full administrative privileges as Administrator.

Note: You can unhide or show the Administrator account on the Welcome screen.

Reset password from another user account with administrator credentials

If you cannot log on to Windows by using a particular user account, but you can log on to another account that has administrative credentials, follow these steps on how to do the trick:

  1. Log on to Windows by using an administrator account that has a password that you remember. You may need to start WinXP in safe mode.
  2. Click Start, and then click Run.
  3. In the Open box, type “control userpasswords2″, and then click OK.
  4. Click the user account that you forgot the password for, and then click Reset Password.
  5. Type a new password in both the New password and the Confirm new password boxes, and then click OK.

Do-It-Yourself (DIY) third party recovery tool

There are a lot of tools and utilities that can be downloaded and used to recover, reset, retrieve or reveal existing password. These password reset or retrieval utilities, free or paid, are usually a Linux boot disk or CD that able to comes with NT file system (NTFS) drivers and software that will read the registry and rewrite the password hashes, or can brute force crack the password for any user account including the Administrators. The advantage is that there is no fear of leaking your password to outsiders, while the process requires physical access to the console and a floppy or CD drive, depending on which tool you choose. And it’s not easy, although it always work!

Offline NT Password & Registry Editor

– Available as bootdisk or bootable CD, Offline NT Password and Registry Editor works to change or reset password of any users on Windows NT 3.51, NT 4, Windows 2000, Windows XP, Windows Server 2003, Vindows Vista 32 and 64 bit. It can also detect and offer to unlock locked or disabled user accounts.

Download Links:

John the Ripper password cracker

– John the Ripper is a fast password cracker based on dictionary attack with a wordlist currently available for many flavors of Unix (11 are officially supported, not counting different architectures), Windows, DOS, BeOS, and OpenVMS. Its primary purpose is to detect weak Unix passwords. Besides several crypt(3) password hash types most commonly found on various Unix flavors, supported out of the box are Kerberos AFS and Windows NT/2000/XP/2003 LM hashes, plus several more with contributed patches.

Download link:

John the Ripper 1.7.0.1 for Windows

EBCD – Emergency Boot CD

– EBCD is a bootable CD, intended for system recovery in the case of software or hardware faults. It is able to create backup copies of normally working system and restore system to saved state. It contains the best system software ever created, properly compiled and configured for the maximum efficient use. Features are such as copy files from unbootable volume, recover master boot record of HDD, recover deleted file, recover data from accidently formatted disk and floppy disk. EBCD also includes function to change password of any user, including administator of Windows NT/2000/XP OS without the need to know the old password.

Download link:

Both contains necessary NT password recovery feature.

Ophcrack

Ophcrack Windows password cracker using time-memory trade-off on LM and NTLM hashes based on rainbow tables and supports Windows Vista, XP, 2003 and NT. This tool allows you to retrieve existing password.

RainbowCrack

RainbowCrack Crack Windows password using time-memory trade-off cryptanalysis based on rainbow tables. Unless you already has dumped the hash for your Windows password, else this utility is for hacker as it provides no way to retrieve the password hashes when you unable to access to your computer.

L0phtCrack (LC5)

– L0phtCrack (now known as LC5) is a password auditing and recovery application by using dictionary, brute-force, and hybrid attacks. originally produced by Mudge from L0pht Heavy Industries, and was produced by @stake after the L0pht merged with @stake in 2000. Support and sales has been discontinued by Symantec from end of 2006, after it acquered @stake in 2004. So you probably need a crack that lists below. If you unable to sign on to your computer, you probably can’t use this.

Download link:

lc5-setup.exe (14 days trial) Link 1 Link 2 Key Generator for LC5: Link 1 Link 2

Cain & Abel

– Cain & Abel is a password recovery tool for Microsoft Operating Systems. It allows easy recovery of various kind of passwords by sniffing the network, cracking encrypted passwords using Dictionary, Brute-Force and Cryptanalysis attacks, recording VoIP conversations, decoding scrambled passwords, recovering wireless network keys, revealing password boxes, uncovering cached passwords and analyzing routing protocols. The program does not exploit any software vulnerabilities or bugs that could not be fixed with little effort. It covers some security aspects/weakness present in protocol’s standards, authentication methods and caching mechanisms; its main purpose is the simplified recovery of passwords and credentials from various sources, however it also ships some “non standard” utilities for Microsoft Windows users.

This tool needs to be installed, so you must have another working computer to recover your password remotely. Thus it’s likely to be useful for system administrator only. Supports Windows Vista.

Download links:

PCLoginNow

– Bootable live CD with tool to reset local administrator and other user accounts passwords or change security settings on Windows system.

Third party password recovery service

Login Recovery – Login Recovery is a service to reveal user names and recover passwords for Windows NT, 2000, XP, 2003 and Vista. Free service is available by waiting up to 48 hours and only one free request every three months. For privacy matter people, there may be some uncomfortability as service provider actually ‘know’ your password before sending it back to you.

Bypass Windows log on password with DreamPackPL

DreamPackPL allows users to skip or bypass Windows login security in Windows XP or Windows 2000, and log on to a password protected Windows user account without a valid password or the need to change the existing password.

Warning: If you change or reset password by using any method above, all EFS encrypted files in Windows Vista or Windows XP will be unreadable and no longer recoverable unless you remember the old password that used to encrypt the files. So if you have any encrypted files, it’s best that you try to crack the password first in order to retrieve and get back the existing password first, before you attempt to reset the password to a new one.

Print/export