How to reset Windows password
Supported localized versions of Windows. The product detects all Windows installations in the system and allows to save password hashes for further research.
If your test computer does not have DVD drive (such as on laptops, increasingly common), will have to create the bootable USB drive. To create a bootable USB drive you’ll need some way to mount an iso file and run the file EsrBoot contained on the disk. A dialog box appears with a list of available USB drive and clicking Format will create a boot disk with ESR. As you can see, creating the USB boot disk does not pose difficulties. Immediately after starting the computer from the previously created bootable disc ESR you will be prompted the license agreement to accept. If your computer uses non-standard interfaces hard drive (SerialATA, SCSI, RAID or SAS), you need to load the driver. To do this you must click the «Load driver» in the appropriate box. The modes involve selecting source accounts. It’s either work with local accounts (SAM database), or work with Active Directory accounts (from ntds. dit). Provides the following modes:
- changing passwords and account properties;
- dump the hashes for decryption;
- restore registry or AD from a saved copy;
- editor the SAM;
- save the registry or AD to the archive. Note that in order to work with A D, you have to use ESR on the server (domain controller) that are running server versions of Windows 2000/2003/2008.
If you have modified some account properties or password and would like to cancel the changes, select «Restore registry or AD from a backup copy».
After selecting the source accounts and the mode of operation mode should be set the property settings and account passwords when you restore (automatic or manual). If you select «Test short and simple passwords» (see screen 1) then ESR will try to recover passwords using dictionary and brute force attack. The following are examples of passwords that can be recovered.
- Obvious combinations (password same as login name).
- Saved passwords dial-up connections.
- LM passwords:
— 4 characters (uppercase letters, digits, 16 symbols);
passwords contained in the dictionary;
passwords contained in the dictionary with a single digit at the end.
- Passwords NTLM:
— length to 4 si m oxen (lowercase letters, digits, 16 symbols);
— length to 4 characters (lowercase, uppercase);
— length to 5 (lowercase) letters.
— length to 5 (large) letters.
— length to 7 digits;
— length: 3 random characters (all characters);
— passwords from the dictionary;
— the password of the duplicate combinations (00000, AAA, etc.);
— easily guessable keyboard combinations (e.g. qwerty).
The program then creates several different «mutations» for passwords that were found in the previous steps, and trying to apply them to all accounts. When working with local accounts you can either just remove the password for the selected account, or to change it. However, note that if you have files encrypted by using EFS, the access to them you get. For this you need to go back and select the option «dump the hash for decryption».
Editor SAM database when working with database local accounts (SAM) after selecting the desired directory with the operating system allows to obtain a list of all local accounts. The account administrator will be highlighted in green, blocked, or disabled — red. You can display the hashed passwords to see the corresponding hashes for all accounts that have non-empty passwords. Screen 2 shows the ESR program window where you can reset/change the password, and the following account properties:
- the administrator account;
- password never expires;
- expired password;
- a record account is disabled;
• record account is deactivated. Once you make the necessary changes and click «Apply», you will be prompted to create a backup copy of the SAM database. He recommended to reset the password instead, select the new (complex) password, for security reasons.
This is due to the fact that local policy may be allowed with a blank password. As a result, you reset it, but cannot.
Offline NT Password & Registry Editor
To work with this program, you need to download the CD image of the disk at pogostick.net/~pnh/ ntpasswd/.
Loaded with a recorded CD and on first screen press Enter. Next in the command prompt window we need to define what we want to do (screen 3), by selecting the desired item and pressing the appropriate number:
- Clear (blank) user password — clear the password, make it blank.
- Unlock and enable user account — unlock account.
- Promote user — elevates the selected user to administrator.
- Add user to a group — add a user to a group.
- Remove user from a group remove user from group.
- To exit, press Q and Enter again.
At the final stage, you are prompted to save the changes. Just press Y and Enter. Then we are asked whether we want to edit something else. If not, press N and Enter. Note that this way you can only remove the password. However, if the local group policy may not be registered with a blank password, to log in you will not succeed.