Sunday, July 09, 2006

How To Recover Local Administrator Password

This post was drafted few months ago.

There are plenty of tools available on the net - commercial as well as free, which can be used for resetting/recovering the local administrator password, but this time when I ran into the issue, none that we used to have, worked. A user's machine running Windows 2003 Standard Edition was out of domain, and later we realized that the local administrator's password was already changed from the default one. Obviously user wasn't able to recall that password. Since the machine was also running the development environment, user requested not to reformat/reimage.

For these kind of scenarios, we almost always used Offline NT Password and Registry Editor, but for some reason, this utility failed to reset the password on this machine. I would assume, it failed because of the Windows OS architectural changes incorporated in XP SP2/W2K SP1.

While looking for an alternative I came across which offers a free bootable downloadable CD image of about 1.5 MB. Once booted, this utility shows all the local user accounts and their corresponding password hashes. According to the website, you are supposed to note down these hashes are they are displayed on the screen, in a text file and upload that file on their website. They take 2-3 days to revert with the password for free, and charge few dollars for immediate delivery.

Not willing to pay or wait for 2-3 days, I went ahead and started searching for free programs which can crack given MD5/LM/NTLM hashes, and came across MDCrack At first this utility crashed when I tried running on my XP with SP2 system. I had to set compatibility mode of this program to Windows 2000 to be able to run it successfully. Using the password hashes noted above in this program, chose appropriate algorithm (Algorithm - MD5/MD4/NTLM1), and let the program run brute force algorithm to decode the password.

Ophcrack -
John the ripper -

1 comment:

Brent said...

I prefer to use PCUnlocker and Ophcrack.