So you’ve forgotten your administrator password (or someone else’s!) and have physical access to the machine. The good news is you can recover the password or reset it a number of different ways. These crackers will decrypt the LM Hash (the method used to store passwords in Windows fewer than 15 characters) and the NT hash (stores case sensitivity and longer passwords).
Below are some common tools that work very well. I’ve ranked them in order of usefulness from my own perspective.
- Ophcrack (http://ophcrack.sourceforge.net/)
This tool can be downloaded to the hard drive in Windows or used as a Live CD to crack the LM and NT hashes on a Windows 2000/XP/Vista machine.
- L0phtcrack / LC5 (http://sectools.org/tools2.html)
This tool is fast and easy to use. You need administrator privileges to install and run it. Very useful if you have multiple users and have simply forgot the password to one of them.
- John the Ripper (http://www.openwall.com/john)
John the Ripper is available for UNIX (11), DOS, Win32, BeOS, and OpenVMS. Windows NT/2000/XP LM hashes and UNIX passwords are supported.
- Offline NT Password & Registry Editor (http://home.eunet.no/pnordahl/ntpasswd/)
This program resets the password of any user that has a local account. It works on Windows NT/2000/XP/2003/Vista passwords by modifying the SAM file not cracking the password hashes. You do not need to know any of the passwords on the system, but it will reset them (blank out). Comes in a bootable disk or CD.
- Windows Password Recovery Service (http://www.loginrecovery.com/)
This is an online service that decrypts the password hashes for you. You can download the disk image and boot the system which creates a dump-file of the hashes. You then upload the file to the website. The paid service is instant (10 minutes) and the free service takes 2-3 days.