Saturday, October 3, 2009

Windows NT/2000 password recovery

I've found two options for cracking Windows 2000 passwords (this probably still works for XP and maybe even Vista).

The first is to buy LockSmith and NTRecover from Wininternal, these cost a hell of a lot (about 200quid I think). They will however almost definitely work as the people who write them really know their stuff.

The second (cheaper option) is to use a free program that's available on the web ( I've saved many systems using this but comes with no guarantees.

The required files are available on the above website, with local copies below. Download them into a directory on your computer and then from the commandline do the following:

CD C:\

When prompted for the disk image source file name enter "bd010114.bin" the target drive will of course be A:. Insert a disc and the program should create you a bootable floppy which is able to reset the Administrator password.

When you boot from this disc on the workstation you are cracking you should be able to accept the defaults for most of the options. You probably won't need to probe for SCSI devices, and you need to answer yes when prompted to write the SAM.

No comments: