Recovering password on XP Home. - Tilted Forum Project Discussion Community

Krycheck · 06-10-2004, 02:13 PM

Ok, here's the problem. There's this machine here at work running XP Home. I don't know the administrator password. Since I didn't set this up I have no idea what it is.
Is there a way I can recover this password using a Knoppix CD?

I don't want to have to reinstall the OS

Bigwahzoo · 06-10-2004, 02:34 PM

Tech TV showed how to do this once but since they changed to G4 the info is gone.

Here is a cached TechTV page from yahoo that tells one way to recover the password.

http://66.218.71.225/search/cache?p=...yc=14960&icp=1

hrdwareguy · 06-10-2004, 02:43 PM

Take a look at this. You should be able to use it to browse and possibly change the password.

http://home.eunet.no/~pnordahl/ntpasswd/bootdisk.html

I used this the other day for browsing the registry when a machine wouldn't boot. I could read the values, but when I tried to change them and boot back into Windows, Windows restored a previous version of the registry.

I was however able to get the value data I needed to make the machine bootable again.

nanofever · 06-10-2004, 03:06 PM

Yeah, not that I have done this but I have a pretty good idea how to do it.

1. Boot Knoppix SDT and have a thumb USB drive handy.

2. Copy the SAM and System file from winnt/ system32/ config to the thumb drive. I think Knoppix has a program called "NT password" that does this for you.

3. Take the thumb drive to another computer and run "Sam inside" on the SAM.

4. That should give you the password on the windows box.

Sam Inside : http://www.topshareware.com/SAMInside-transfer-5188.htm

Edit: I just cracked my XP box, fun stuff to play with. That version of Saminside only does uppercase letter so I would try to find a full version of Sam inside. If LM hashes were enabled on the machine, saminside should crack the password very quickly.

Krycheck · 06-10-2004, 04:30 PM

Thanks guys, looks like I have a few options. I'll have to get the latest Knoppix tho. Last one I downloaded was 3.2.

firebirdta · 06-10-2004, 07:46 PM

An easier process that I've done in the past ( I don't know if it still works ) is detailed here.

http://www.tweakxp.com/tweak2019.aspx

Note: This is simply for changing the password, not recovering it.

westothemax · 06-11-2004, 01:36 AM

This is what I use at work:

http://www.petri.co.il/forgot_admini...password.htm#1

Its a very simple tool to use.

Krycheck · 06-11-2004, 01:27 PM

Well that's the same program hrdwareguy posted.

I used it and it seemed that everything was working fine. I had it set the passwords to blank. But I still can't log on! It says invalid password. On all accounts.

I've redone it many times and everything points to the changes being done.

Next step is to try the Knoppix/thumbdrive idea

hrdwareguy · 06-11-2004, 03:07 PM

Instead of resetting the password to blank, view the data and it should tell you what the password is.

Worth a shot.

Krycheck · 06-11-2004, 03:40 PM

Well it's already blank. So it says.

Ok, Knoppix/thumbdrive didnt' work. "Can't write to /mnt/sda1"

AARRGGHH!!!

Dilbert1234567 · 06-11-2004, 04:36 PM

i dont know where i got it but there is a disk out ther that boots linux and is able to over write the sam file so you can write a new password to any account on it.

if i find it ill send you a link.

cthulu23 · 06-11-2004, 08:37 PM

Quote:

Originally posted by Krycheck
Well it's already blank. So it says.

Ok, Knoppix/thumbdrive didnt' work. "Can't write to /mnt/sda1"

AARRGGHH!!!

What is the ouput of a "mount" command under Knoppix? If I remember correctly, Knoppix mounts all physical drives as read-only....if so, "mount" will display "(ro)" rather than "(rw)" next to the drive in it's output. If this is the case, issue "mount -o remount,rw /dev/sda1". If you need root to do this, I think that you can "sudo passwd root" or something similar to change the root pw.

Krycheck · 06-11-2004, 09:19 PM

Quote:

Originally posted by cthulu23
What is the ouput of a "mount" command under Knoppix? If I remember correctly, Knoppix mounts all physical drives as read-only....if so, "mount" will display "(ro)" rather than "(rw)" next to the drive in it's output. If this is the case, issue "mount -o remount,rw /dev/sda1". If you need root to do this, I think that you can "sudo passwd root" or something similar to change the root pw.

My linux is really rusty atm. I had thought about that but had no clue at the time.

I'm gonna try working on some of my systems at home. If I can get one of these hacked I know I'm doin it right.

svt · 06-12-2004, 11:58 PM

not sure, but knoppix might not mount the drive with write access because of ntfs. I know in the kernel documentation it still says write access is still expirimental.

Krycheck · 06-17-2004, 03:56 PM

IDEA!

What if I create a simalar SAM file with the same accounts and swap them? I'm gonna give it one last shot tomorrow.

I tried blanking out passwords on a machine at home and it worked fine so I know I'M not doing it wrong.

nanofever · 06-17-2004, 04:44 PM

Quote:

Originally posted by Krycheck
IDEA!

What if I create a simalar SAM file with the same accounts and swap them? I'm gonna give it one last shot tomorrow.

I tried blanking out passwords on a machine at home and it worked fine so I know I'M not doing it wrong.

That should insert a new password but it will be impossible to read files that were encrypted with windows encryption service.

opticalparadox · 06-18-2004, 03:26 PM

Use the method as described in the Yahoo cache of TechTV's site. (See Bigwahzoo's post.) But, instead of using knoppix, make a BartPE CD and boot to it. This will cut out all that tricky mounting /copying stuff in Knoppix.

(in other words, BartPE cd allows for read/write NTFS drives and may be easier to use)

http://www.nu2.nu/pebuilder/

Krycheck · 06-18-2004, 03:42 PM

Well I gave up and took it to PC Club and they gave it a shot. They used a program called Windows Locksmith and they had the same results as me. They would change the passwords and they wouldn't work.
A virus perhaps?

06-10-2004, 02:13 PM	#1 (permalink)
Krycheck Sultana ruined my evil persona Location: Los Angeles	Recovering password on XP Home. Ok, here's the problem. There's this machine here at work running XP Home. I don't know the administrator password. Since I didn't set this up I have no idea what it is. Is there a way I can recover this password using a Knoppix CD? I don't want to have to reinstall the OS __________________ His pants are tight...but his morals are loose!!

06-10-2004, 02:43 PM	#3 (permalink)
hrdwareguy "Officer, I was in fear for my life" Location: Oklahoma City	Take a look at this. You should be able to use it to browse and possibly change the password. http://home.eunet.no/~pnordahl/ntpasswd/bootdisk.html I used this the other day for browsing the registry when a machine wouldn't boot. I could read the values, but when I tried to change them and boot back into Windows, Windows restored a previous version of the registry. I was however able to get the value data I needed to make the machine bootable again. __________________ Gun Control is hitting what you aim at Aim for the TFP, Donate Today

06-10-2004, 03:06 PM	#4 (permalink)
nanofever Huzzah for Welcome Week, Much beer shall I imbibe. Location: UCSB	Yeah, not that I have done this but I have a pretty good idea how to do it. 1. Boot Knoppix SDT and have a thumb USB drive handy. 2. Copy the SAM and System file from winnt/ system32/ config to the thumb drive. I think Knoppix has a program called "NT password" that does this for you. 3. Take the thumb drive to another computer and run "Sam inside" on the SAM. 4. That should give you the password on the windows box. Sam Inside : http://www.topshareware.com/SAMInside-transfer-5188.htm Edit: I just cracked my XP box, fun stuff to play with. That version of Saminside only does uppercase letter so I would try to find a full version of Sam inside. If LM hashes were enabled on the machine, saminside should crack the password very quickly. __________________ I'm leaving for the University of California: Santa Barbara in 5 hours, give me your best college advice - things I need, good ideas, bad ideas, nooky, ect. Originally Posted by Norseman on another forum: "Yeah, the problem with the world is the stupid people are all cocksure of themselves and the intellectuals are full of doubt." Last edited by nanofever; 06-10-2004 at 03:20 PM..

06-10-2004, 04:30 PM	#5 (permalink)
Krycheck Sultana ruined my evil persona Location: Los Angeles	Thanks guys, looks like I have a few options. I'll have to get the latest Knoppix tho. Last one I downloaded was 3.2. __________________ His pants are tight...but his morals are loose!!

06-10-2004, 07:46 PM	#6 (permalink)
firebirdta Crazy	An easier process that I've done in the past ( I don't know if it still works ) is detailed here. http://www.tweakxp.com/tweak2019.aspx Note: This is simply for changing the password, not recovering it. __________________ "Even if you prove me wrong, I'm not going to believe you." - A. McGill Last edited by firebirdta; 06-10-2004 at 07:57 PM..

06-10-2004, 02:34 PM	#2 (permalink)
Bigwahzoo Insane	Tech TV showed how to do this once but since they changed to G4 the info is gone. Here is a cached TechTV page from yahoo that tells one way to recover the password. http://66.218.71.225/search/cache?p=...yc=14960&icp=1

06-11-2004, 01:36 AM	#7 (permalink)
westothemax Insane Location: Bay Area	This is what I use at work: http://www.petri.co.il/forgot_admini...password.htm#1 Its a very simple tool to use.

06-11-2004, 01:27 PM	#8 (permalink)
Krycheck Sultana ruined my evil persona Location: Los Angeles	Well that's the same program hrdwareguy posted. I used it and it seemed that everything was working fine. I had it set the passwords to blank. But I still can't log on! It says invalid password. On all accounts. I've redone it many times and everything points to the changes being done. Next step is to try the Knoppix/thumbdrive idea __________________ His pants are tight...but his morals are loose!!

06-11-2004, 03:07 PM	#9 (permalink)
hrdwareguy "Officer, I was in fear for my life" Location: Oklahoma City	Instead of resetting the password to blank, view the data and it should tell you what the password is. Worth a shot. __________________ Gun Control is hitting what you aim at Aim for the TFP, Donate Today

06-11-2004, 03:40 PM	#10 (permalink)
Krycheck Sultana ruined my evil persona Location: Los Angeles	Well it's already blank. So it says. Ok, Knoppix/thumbdrive didnt' work. "Can't write to /mnt/sda1" AARRGGHH!!! __________________ His pants are tight...but his morals are loose!!

06-11-2004, 04:36 PM	#11 (permalink)
Dilbert1234567 Devils Cabana Boy Location: Central Coast CA	i dont know where i got it but there is a disk out ther that boots linux and is able to over write the sam file so you can write a new password to any account on it. if i find it ill send you a link. __________________ Donate Blood! "Love is not finding the perfect person, but learning to see an imperfect person perfectly." -Sam Keen

06-12-2004, 11:58 PM	#14 (permalink)
svt Addict Location: the stars at night are big and bright!	not sure, but knoppix might not mount the drive with write access because of ntfs. I know in the kernel documentation it still says write access is still expirimental.

06-17-2004, 03:56 PM	#15 (permalink)
Krycheck Sultana ruined my evil persona Location: Los Angeles	IDEA! What if I create a simalar SAM file with the same accounts and swap them? I'm gonna give it one last shot tomorrow. I tried blanking out passwords on a machine at home and it worked fine so I know I'M not doing it wrong. __________________ His pants are tight...but his morals are loose!!

06-18-2004, 03:26 PM	#17 (permalink)
opticalparadox Upright	Use the method as described in the Yahoo cache of TechTV's site. (See Bigwahzoo's post.) But, instead of using knoppix, make a BartPE CD and boot to it. This will cut out all that tricky mounting /copying stuff in Knoppix. (in other words, BartPE cd allows for read/write NTFS drives and may be easier to use) http://www.nu2.nu/pebuilder/

06-18-2004, 03:42 PM	#18 (permalink)
Krycheck Sultana ruined my evil persona Location: Los Angeles	Well I gave up and took it to PC Club and they gave it a shot. They used a program called Windows Locksmith and they had the same results as me. They would change the passwords and they wouldn't work. A virus perhaps? __________________ His pants are tight...but his morals are loose!!