This page has been robot translated, sorry for typos if any. Original content here.

hacking of a forgotten Windows NT / 2000 / XP password

  • [Introduction]
  • [How do I "bypass" the BIOS password? ]
  • [View passwords that Windows stores]
  • [Windows XP User Passwords]
  • [Resetting User Passwords in Administrator Mode]
  • [Creating a disk that clears passwords]
  • [Utilities to change Windows NT / 2000 / XP passwords]
  • [Windows XP User Passwords]
  • [You will need ...]

  • [Introduction]

    This guide will tell you how to proceed if you forget the Windows XP password and how to solve this problem without reinstalling the operating system. In addition, we will look at other possible password problems.
    Operating systems Windows 2000 and Windows XP have improved security capabilities compared to earlier Windows 9x / Me systems. They have a more efficient password system designed to be used in business so that no one without the necessary authority can not access the information on your computer. This is a double-edged sword. Most users at least forget some important password. And then the "user without access rights" for his computer is the user.

    Naturally, for each method of protection there is a way to get around it, especially if you have physical access to the computer.

    In this article, we'll look at various methods for protecting a computer with a password and ways to circumvent them. We will not start with passwords for user accounts, but with no less important passwords, such as BIOS passwords and Internet Explorer.

    [How do I "bypass" the BIOS password? ]

    BIOS password is one of the oldest ways to protect your computer from unauthorized access and one of the most common. Why? This is one of the most effective tools if the user does not have access to the system unit. Otherwise, it's like locking a house in a lot of locks and leaving an open window.

    The default BIOS settings on all system boards do not store password information. So all you need to do to remove the BIOS password is simply to reset the current settings, restoring the default configuration. But remember that resetting the current BIOS settings will destroy not only the password, but all the settings that you set yourself.

    There are two ways to reset BIOS settings. Most motherboards have a special jumper for cleaning the CMOS (memory in which the BIOS settings are stored). Usually this jumper is located near the battery on the motherboard, but for complete certainty it is desirable to consult the instructions from the motherboard. On some motherboards, instead of a jumper, there are just two contacts that need to be closed with a metal object, such as a screwdriver, to reset the CMOS.

    If there is a jumper on your board, then turn off the computer to clear the CMOS, set the jumper so that it closes the jumper contacts, and press the power button. Your computer will not boot, but the CMOS settings will be reset. Remove the jumper and turn on the computer again. Most likely, you will see on the screen a request to press F1 to set the BIOS parameters. If you are satisfied with the default settings, press F1, and from the BIOS menu select 'Save and exit'. After that, the computer will boot as usual, except for the BIOS password.

    If you do not know where the necessary jumper is on your board or if it does not exist at all, which is quite possible, you will have to go the other way. Each motherboard has a battery, which is a power source for CMOS memory, allowing you to store information. Typically, this is a standard CR2032 battery.

    To clear the CMOS, turn off the computer and remove the battery (you may need a thin screwdriver). After 5-10 minutes, replace the battery and turn on the computer. The BIOS will set the default settings, but there will be no password. To continue the download, you will need to press the F1 key, and if you are satisfied with the default settings, select 'Save and exit' from the BIOS menu that appears.

    As you can see, it's all very easy on a desktop computer, but with a laptop BIOS password can be a serious problem. Because of the frequent thefts of laptop computers, manufacturers took care to get access without a password, it was almost impossible. So, if you forget the BIOS password from your laptop, you will most likely need to contact the manufacturer's service center.

    [View passwords that Windows stores]

    In addition to the access passwords of various users, Windows stores a number of other, equally important: the password for connecting to the Internet, passwords for mailboxes or access to web sites. As a rule, they are quite a lot, so it is quite natural that they are forgotten in due course.

    The operating system offers an "autocomplete" function for passwords and other frequently entered information in Internet Explorer. So it is not uncommon for a user to enter the password once, and after a few months, of course, can not remember it. Everyone understands that important passwords need to be recorded, but not all do it. And if you do not remember the password, how do you know it, because it is displayed as a series of asterisks: ******?

    The solution is offered by programs from different manufacturers who can get a password from this string of asterisks. There are quite a few free programs for decrypting Windows passwords or hidden passwords from the Internet Explorer input lines.

    We will use the Asterisk Key program from Passware. This is an easy-to-use freeware program that analyzes passwords hidden by asterisks and tells them to you. It's very easy to work with her. It is enough to select a line with a password and press the 'recover' button.

    Of course, there are also commercial versions of programs, which, as a rule, have a large set of functions. For example, the program Password Recovery Toolbox scans the system and determines the saved passwords, data stored for automatic filling, passwords Outlook Express, passwords for connecting to the Internet, etc. This information is then presented in a convenient form.

    [Windows XP User Passwords]

    Windows XP stores passwords of users in a modified form. For example, the password "password" will be stored as a string similar to this: 'HT5E-23AE-8F98-NAQ9-83D4-9R89-MU4K'. This information is stored in a file named SAM in the folder C: windowssystem32config.

    This part of the SAM file is encrypted by the syskey system utility to improve password protection. The data needed to decrypt information after syskey is stored in the system file in the same folder. But this folder is inaccessible to any of the users. Access to it is only the operating system itself during its operation. You can access SAM and system files only under the control of another operating system or by connecting a disk to another computer with Windows.

    [Resetting User Passwords in Administrator Mode]

    All versions of Windows XP have an "administrator" account. This name gives the user full access to the system and the ability to reset the passwords of all other users. This can save you, if for some reason you can not go under your normal user password. The specificity of using the administrator password depends on the version of Windows XP:

    XP Professional. The administrator password is set during the operating system installation. If you have written it down or just pressed enter, leaving it blank, you will easily log in as an administrator and reset the passwords of users. To enter the system in Administrator mode, on the system welcome screen, press CTRL + ALT + DEL twice, a window for entering the administrator password will appear.

    When the computer boots, go to 'startcontrol paneluser accounts' (the user account management toolbar) and change the required password. If you are already here, this is a good opportunity to fix your mistake if you left the administrator password blank. In addition, it is desirable to change the name of the 'adminisrator' account. This name is known to everyone, and it is used first to gain access to your computer. To change the account name, right-click on 'my computer' and select 'manage'. Expand 'local users and groups' and open the 'users' folder. Right-click on the 'administrator' entry and change it.

    XP Home. This system will not allow you to simply access the computer in Administrator mode. You will first need to boot the computer in fault-protected mode. To do this: restart the computer; immediately after testing the BIOS, press F8 several times; in the menu that appears, select 'start Windows XP in safe mode' (load Windows XP in the crash protection mode). When the computer boots, go with the user name 'administrator'. The default password is missing. Now you can change the user passwords by going to the 'startcontrol paneluser accounts' (the user account management toolbar). When you are done, restart the computer in the usual way.

    [Creating a disk that clears passwords]

    Windows XP allows you to write to a regular diskette information that provides the ability to reset the password. Naturally, if you have already forgotten the password and can not access the system, then you can not create any disk, but it is worthwhile to get such a disk in advance in order to protect yourself from such accidents.

    To create a floppy disk: go to 'startcontrol paneluser accounts' (startup control of user accounts); select the name under which you logged on; in the related tasks menu, select 'prevent a forgotten password'; follow the instructions of the wizard that started.

    To reset passwords with a floppy disk: if you enter the password incorrectly when you log in, the system will ask, or you have not forgotten it; At this point, you can use your floppy by following the step-by-step instructions of the operating system.

    Be careful: if you used the built-in Windows capabilities to encrypt files and folders, but did not install an update to the operating system (service pack 1), removing the password will result in the loss of encrypted information.

    [Utilities to change Windows NT / 2000 / XP passwords]

    There are special utilities that allow you to edit or reset the passwords of Windows NT / 2000 / XP users. The principle of most of them is to download a minimal version of an alternative operating system, such as DOS or Linux, under which you can access files with passwords.

    An example of such a utility can be found at this address: Operating instructions, as well as files for creating a Linux boot disk, are available on the same site.

    Please note that if you used the functions of the operating system to encrypt files and folders, changing the password using a program, you will lose access to encrypted data. In this case, the following method can help, which allows not to replace the forgotten password with a new one, but to learn the old one.

    [Windows XP User Passwords]

    Selecting and decrypting passwords

    If nothing else helps, but you have physical access to the computer, then everything is not lost. You can rewrite the config and SAM files and try to decrypt the passwords that are stored in them using special third-party utilities. As we said, for this you will have to use an alternative operating system, for example DOS or Linux. And when the files are at your disposal, you can use one of the programs to decrypt passwords, for example, LC4 or Proactive Windows Security Explorer.

    [You will need ...]

    Access to another computer.
    At least two blank floppy disks.
    Archiver, designed to work with the command line, for example, RAR.
    A bootable DOS or Windows 98 disk (you can obtain the required disk image at or a minimal Linux version (for example, Knoppix). The need for bootable disks is eliminated if you can simply connect your hard disk to another computer. If you use a bootable DOS disk, and partitions on your hard drive use the NTFS file system, then to access them you need a program that allows you to view DOS-formatted NTFS partitions, for example NTFSDOS, on DOS.
    Program for obtaining passwords. We recommend using Proactive Windows Security Explorer, as the beta version of this program is free, and the free version of LC4 is very limited.
    Using the DOS boot floppy:

    If your hard disk has partitions in NTFS format, copy the NTFSDOS file to your bootable floppy.
    Copy the archiver (RAR) to the boot floppy.
    Boot the computer from this floppy. If there are partitions with NTFS, type NTFSDOS command, this program will show which letter is assigned to your system disk, and it will be used instead of the letter C in the next paragraph.
    Put in the archive system files with passwords. For example, if you use the rar32 archiver, the corresponding command will look like this: Rar32 a -va: systemandsam c: windowssystem32configsystem c: windowssystem32configsam If the files do not fit on one floppy disk, the archiver will ask you to insert the second.
    Cracking passwords

    Each of the programs you select will display a list of accounts found in the SAM file. Select the ones that you need to identify the passwords for. If you are using Proactive Windows Security Explorer, select Atack type: Brute-force. If you used only numbers in the password, check 'all digits (0-9)'. Start the password recovery process using the command from the Recovery menu.

    The choice of password can last from 10 minutes to several hours, and even a few days, and may fail. Especially if the password uses letters in different registers, numbers and special characters.

    This is a good way to check the reliability of your passwords. If you just want to check your password, follow the steps above and see how long it takes to pick it up.


    We hope that you will not have to resort to the methods described by us. To avoid such a need, remember that all important passwords need to be recorded. And if there is a real need to protect information on your computer, then use passwords from characters in both registers and digits and do not use ordinary words. In this case, your passwords will be very difficult to crack.