Friday, January 05, 2007

Retrieving a lost Windows XP password

Here's a neat little "trick" for retrieving lost Windows passwords on a Windows XP machine. This is not meant for use in breaking into other people's machines without permission. I'm recording this here in case I ever need to remember how I did this at some point in the (hopefully) distant future. This should also work on Windows 2000/2003 systems though I've never had the opportunity to test it out.

Here's the steps:
  1. Boot into your favourite Linux LiveCD.
  2. Download this nice tool.
  3. Install Wine onto your LiveCD Linux
  4. Mount the Windows partition, then run LCP and import the files called SAM & system from system32/config.
  5. Note down the LM Hash for the user account you're trying to retrieve a lost password for, then go to ophcrack and input the hash in the text field provided.
  6. Just click the Submit button, and your password should be on the reloaded page ;-)

There are other methods.For instance, I have to do this sometimes on customer's machines so I tend to retrieve the hash, then input it through another machine. I only need the LiveCD for retrieving the SAM & system files.

There's also a Linux distro for this, but I haven't tried it yet so I'm not sure how much simpler this process can be. It also works best with machines that have lots & lots of memory (think 512MB or more) which makes it less appropriate for low memory systems. I only need this know-how every once in a while anyway, so there's really no motivation for me to find "the most efficient method".

Update:

Seems like the online hash cracking site has been down for some time now. Unless they bring the server back online, I guess this method is pretty much useless. This would make that Linux distro a very tempting option to try out.