Reset Windows passwords in minutes without extra hardware or software

By Matthew ยท 21 replies
Dec 13, 2012
Post New Reply
  1. Although a man recently made headlines for demonstrating that he could brute force an eight-character Windows password in less than six hours by harnessing the power of 25 GPUs, another savvy user has reminded us of a workaround that can...

    Read more
  2. Nima304

    Nima304 TS Guru Posts: 365   +81

    Or you can use a utility like Ultimate Boot CD to remove it in the same amount of time.
  3. jobeard

    jobeard TS Ambassador Posts: 11,158   +986

    Btw: The assumption here is the use of the OLD style NTLM hashing which only supports 8 character PWs.
    Using more than eight, stops the Rainbow Table approach by avoiding NTLM altogether :)

    The Brute Force technique also assumes that the login authentication will not lock the account nor enforce a timeout after 3 consecutive failure - - and most admins will do BOTH.

    So the only thing we can say about the approach is - - Y A W N ;)
  4. Trillionsin

    Trillionsin TS Evangelist Posts: 1,596   +257

    Been using a linux bootup that takes me only a minute or so, and most of that time is trying to get the PC to boot from the optical drive.
  5. Jesse

    Jesse TS Evangelist Posts: 358   +42

    I don't get it. Are you replying to the briefly mentioned "brute force an eight-character Windows password" article?
  6. cliffordcooley

    cliffordcooley TS Guardian Fighter Posts: 9,726   +3,700

    Looks to me he is replying to both articles with a yawn. If I were to bet, I'd bet neither one, has him shaking in his boots.
  7. Darth Shiv

    Darth Shiv TS Evangelist Posts: 1,811   +472

    I thought the old NTLM applied for passwords up to 14 characters?
  8. gamoniac

    gamoniac TS Guru Posts: 306   +73

    Cool. That trick is good to know... and now I know how insecure my PC is. I assume the trick work on administrator account, too, ya?
  9. WaveZero

    WaveZero TS Enthusiast Posts: 42

    That's an assumption that you can boot from DVD drives and usb drives. Businesses tend to lock them down.
  10. Per Hansson

    Per Hansson TS Server Guru Posts: 1,959   +217

    Ten Windows Password Myths:
    Darth Shiv likes this.
  11. Fokissed

    Fokissed TS Rookie

    The brute-force algorithm doesn't try every password against the login server. It hashes every password until it finds a password with a matching hash (found in the system) as the original password. So to the system, it looks like one (successful) login.
  12. jobeard

    jobeard TS Ambassador Posts: 11,158   +986

    All depends. If run from a CD (which means the hacker has to have physical access to the system {shame on you}), then you are correct. Otherwise, using only network access, there has to be an attempt per generated password and the Rainbow Tables are useless.

    Darth Shiv
    " The two are the LM Hash (a DES-based function applied to the first 14 chars of the password converted to the traditional 8 bit PC charset for the language)"​
    you are correct and my recall was fuzzy :sigh:

    And while we're kibitzing on security, many know of the "hidden" Administrator login and if you loose physical control of the system (eg: a laptop),that account would be ideal to access and 90% of the time it has no password at all. HINT: SAFE BOOT and login to this account and assign it a password too! Unless joe thief also knows of the CD/Rainbow Tables hack, the system will remain secure until he reformats and in that case, all your personal data is blown away too.
  13. amstech

    amstech IT Overlord Posts: 1,936   +1,101

    If your trusting your PC and data to be protected solely by a Windows password, you don't know how to properly protect your data anyways.
    jobeard likes this.
  14. This is almost the exact same thing that works on Win 95,98,ME,2000,XP,Vista, not sure about 7 though. Replace logon.scr with cmd.exe. Then just sit and wait soon as the screen save tries to kick in you've got a full access dos prompt.
  15. They did fix it. It's called BitLocker and it encrypts your drive. The password was never intended to stop people with physical access and the ability to boot to a disk. The article assumes you have enough access to boot the computer from an alternative medium. They can't just "fix" that short of forcing full disk encryption.
  16. Same goes for Macs really. Unless you have a firmware password set, resetting the root password is a few keystrokes away.
  17. treetops

    treetops TS Evangelist Posts: 2,073   +219

    On my old windows xp computer I had it in storage so long that I forgot the password so I signed in as a guest, created a new user, logged in with the new user, went to users and changed the password of my old account or set it to nothing. Something very simple like that, it took me forever to figure it though. Perhaps I just deleted the old account it was around 10 years ago.

    I remember calling microsoft and they told me it was impossible to use that computer again without the password, jack asses.

    p.s. I think I restarted the computer in safemode so I could log in as a guest or something, idk but its really easy, it was long long ago.
  18. jobeard

    jobeard TS Ambassador Posts: 11,158   +986

    I DONT THINK SO. The Guest account has the least permissions and thus can not create a new login nor can it change the password of any other account
    AHH, this is far more likely the case. SAFE MODE -> Login on the Admin account which defaults to no password and that gives you the necessary permissions to do as stated above.
  19. cookice2013

    cookice2013 TS Rookie

    To reset Windows password is easy. Try the following steps, you will login Windows with 5 minutes. But you should prepare a blank CD/DVD/USB.
    Step1, Get an accessible computer, download the Windows password reset software from
    ***removed by mod***, install and run.
    Step2, Burn the software onto the CD/DVD/USB
    Step3, Insert the burned CD/DVD/USB into the computer that you have lost login passwords. And then following the step by step wizard to finish password recovery!
  20. LNCPapa

    LNCPapa TS Special Forces Posts: 4,276   +461

    I removed that last link as we're starting to cross over into some questionable territory providing links to these types of tools. If users want something like that they can google it themselves.
    cliffordcooley and jobeard like this.
  21. jobeard

    jobeard TS Ambassador Posts: 11,158   +986

    LNCPapa Thank you - - Techspot has jealously avoided all forms of hacking and this stance gives great credibility to the site IMO. For those that have not seen the history of this issue, I'll summarize the issue:

    When even the owner of the machine makes the plea for "help, I lost my password", those contributing to this site have no means to verify that the poster is "in fact" the owner of the affected machine. A great many realities could just as easily be lurking under that request, eg: parental control.

    In addition, causal browsing and searching the site would disclose far too much for the World Wide Web to snatch up. If other sites post such concepts and techniques - - well the end result lies with their choice.

    The consensus has been to not discuss or post links to tools or techniques which circumvent system security/privacy.
    cliffordcooley likes this.
  22. treetops

    treetops TS Evangelist Posts: 2,073   +219

    Yeah that is the first time I have mentioned that little method, if you want to delete it as well go ahead, not that you need my approval :) . Its not specific but when I first posted it I was wondering if I should have even said anything. I guess it doesn't matter you can probably google your way to anything you want nowadays.

Similar Topics

Add your comment to this article

You need to be a member to leave a comment. Join thousands of tech enthusiasts and participate.
TechSpot Account You may also...