Remember, these are “administrator utilities” not “hacker tools”.
In my business, it pays to make the distinction.
When people call me for help outside the office, the calls usually fall into a couple categories; a virus, a slow computer, a lost password and “how do I do X?” Sadly, I’ve been doing a lot of virus and spyware removal, but, also, lately, I’ve had a couple of “lost password” calls. I actually love getting those, for a couple reasons.
First, lost passwords are surprisingly easy to recover if you have physical access to the machine. It’s funny to me how few people get that.
Secondly, I find recovering passwords fun. In a way, it was one of the first things that drew me into the business. I was one of those guys who got hooked by the security bug not by War Games, but by Sneakers. Yeah, I know, most guys my age especially will tell you it was War Games that really got them hooked. What can I tell you? I’ve always been kind of a late bloomer. And, my dirty, little secret is that after seeing Sneakers, I wanted to be Marty Bishop. Seriously.
Anyway, my recent experience with Windows password recovery requests gave me an opportunity to refresh my tools. After Googling a bit, I found a handy About.com page titled “Top 6 Free Windows Password Recovery Tools“. I downloaded several, most of which were based on bootable CDs of one kind or another. I like those kinds of toolkits because they don’t require even limited access to operating system, just the ability to reboot the machine from the CD toolkit.
In the end, I tried two; 0phcrack and the Offline NT Password & Registry Editor.
Now, I’m not positive, but I’m pretty sure that 0phcrack is the free, opensource fork of l0phtcrack. Now, for an old-timer like me, l0phtcrack was THE password cracker to have, back in the day. Created by a group of well-known hackers, some of whom famously testified before Congress, it was not free. At least, theoretically. If you knew where to look, you could get copies. And, yes, I them. But, this version IS free and seems like it had some improvements.
For one thing, the old version had a slightly clumsy text-based interface. This version has a much nicer interface that seems to use X-Windows. It’s also far more intuitive to use. It ran pretty fast, really, though, sadly, didn’t seem to be able to crack the non-dictionary word used as a password on the Windows 7 box I was using it against.
On the other hand, the Offline NT Password & Registry Editor has been around for several years, and had several updates, though it retains the text-based interface. I don’t remember when I used this the first time, but, so far, it hasn’t let me down in a pinch. This time was no different. So, yes, even though it has “NT” in the name, I’ve used it on everything from Windows 2000 through Windows 7 without a hitch. Of course, your results may vary. The bonus of this product is also it’s most potentially dangerous drawback; it directly edits the registry and password files. This is dangerous, in a way, because if something goes wrong, this could, theoretically, lock you out of your machine permanently. In practice, this has never actually happened to me.
One advantage of this utility is that you can change or simply remove the password for any active user on the system. Also, you can use it to promote an active user to being an administrator equivalent. Now, by “active user” what the developers mean is any account that is not disabled. Though, I think there may be the option to activate a deactivated account. I’m not positive, though, because I’ve never had to look for it or try to use it. And, yes, this worked like a charm to simply blank the password on the Windows 7 machine that had apparently forgotten its own password.
So, there you have it. Two tools to recover lost Windows passwords.
Oh, and, just a quick disclaimer here. I’m not responsible for any damage you might accidentally do to your machines with these utilities. Nor am I advocating using them to break into your ex-spouse’s computer to read their adulterous e-mail to their lover.
I’m just sayin’….