How to recover lost Windows passwords

Finally, you can increase your chances of cracking the passwords by installing additional tables. Depending on which Live CD you've downloaded, you'll either have the XP Free Small or the Vista Free table.

Get more tables

You can download additional tables from Ophcrack's website. Besides the aforementioned tables, only the 703MB XP Free Fast table is available for free. The others can be downloaded for a fee, and can be used to crack passwords that aren't based on dictionary words, include special characters, German characters or numbers, and are of various lengths.

Once downloaded, simply copy the tables inside the 'Tables' directory in the root of your USB drive. Ophcrack will pick them up automatically on startup.

Although the Ophcrack Live CD will automatically detect users on the system it's running on, it gives you the option to load the password hashes manually. This comes in handy when you're running it on a dual-boot machine or a remote machine.

The 'Load' hash button gives you several options to load the hash. The 'Single hash' option lets you specify the hash manually. With the 'PWDUMP file' option, you can import hashes created with a third-party tool such as fgdump. You can also manually point Ophcrack to the SAM file you've grabbed from a remote machine. The SAM file is in the 'system32/config' directory.

Offline NT Password and Registry Editor

Ophcrack

Depending on how complex the password is, there's a remote possibility that Ophcrack might not be able to crack it. If you've been unable to discover your Windows password this way, you can always try resetting it with the Offline NT Password and Registry Editor, but be aware of the implications before you start.

If you asked Windows to lock your files with your password during installation, resetting it will give you access you the installation, but the locked files won't be recoverable.

With the Offline NT Password and Registry Editor, you can reset the password for any version of Windows. It's available as a 4MB live CD. When you boot from it, it will detect all the drives and partition on those drives that have valid Windows installations.

The first step is to select the partition that houses the Windows installation whose password you need to reset. Windows 7 creates a small, bootable partition as well as the regular Windows partition that contains the OS files, so make sure you point to the larger of the two.

Next, the tool asks you the location of the password registry. In most cases, the default path should work, unless you've tinkered with its location - in which case you should have a fair idea where this needs to point.

After reading the password registry, the tool prints a list of users, and gives you the option to set a new password, wipe the password, enable/disable a user, or escalate their privileges to those of an admin. Make sure you write the changes to the registry before exiting the tool.

Once you're able to log back into your Windows installation, remember to change the password to something complex that you can still recall easily.

How to create a Windows password-reset disc

Ophcrack

All versions of Windows let you create a password-reset disc using the Forgotten Password wizard. The exact steps for doing this vary somewhat depending on the version of Windows you're running.

In Windows XP, head to Control Panel and select User Accounts. In the Pick an Account to Change area, select your username, then under Related Tasks in the sidebar, click 'Prevent a Forgotten Password'. This will launch the Forgotten Password wizard.

In Windows Vista, head to User Accounts and Family Safety in Control Panel. Here, under User Accounts, you'll find the Create a Password Reset Disc option. Follow the same route under Windows 7 to get to the Forgotten Password Wizard.

In all versions of Windows, the wizard will ask you to insert the removable drive, prompt you for the current account password, and create the password-reset disc.

You don't need to create a disc every time you change your Windows password - it'll work no matter how many times you've changed it. On the other hand, this means that your Windows installation can be compromised with ease if you ever lose the disc.