Method 1: Take a rest, and try hard to remember the forgotten password
Sometimes, human being is a little weird. You won’t get the thing that you urgently need. So have a coffee, take a snap or even come back after a few days, you may found that you suddenly ‘remember’ your Windows password.
Method 2: Try No Password Administrator Login Backdoor
In Windows XP (not Windows Vista, Windows 7, Windows 8, Windows 8.1, Windows 10 or later, as in these new Windows OS, Administrator account is not enabled by default), there is built-in Administrator user account, that has administrative credentials, enabled by default, and without any password to protect the account from been accessed. If you didn’t change this Administrator’s password, then try to sign in to Windows XP without password.
Method 3: Reset password from another user account with administrator credentials
If you cannot log on to Windows by using a particular user account, but you can log on to another account that has administrative credentials, follow these steps on how to do the trick:
- Log on to Windows by using an administrator account that has a password that you remember. For Windows XP, you may need to start in Safe Mode (initiate by pressing F8 during bootup).
- Click Start, and then click Run.
- In the Open box, type control userpasswords2, and then click OK.
- Click the user account that you forgot the password for, and then click Reset Password.
- Type a new password in both the New password and the Confirm new password boxes, and then click OK.
Method 4: LOGON.SCR password reset trick
LOGON.SCR changing administrator or domain admin password hack works on Windows NT 4.0 and some versions of Windows 2000. The simple trick uses Cmd.exe (Command Prompt) as screen saver that triggered by system when idle, allowing users to access to command prompt as screensaver to change password.
Method 5: Do-It-Yourself (DIY) third party recovery tool
There are a lot of tools and utilities that can be downloaded and used to recover, reset, retrieve or reveal existing password. These password reset or retrieval utilities, free or paid, are usually a Linux boot disk or CD that able to comes with NT file system (NTFS) drivers and software that will read the registry and rewrite the password hashes, or can brute force crack the password for any user account including the Administrators. The advantage is that there is no fear of leaking your password to outsiders, while the process requires physical access to the console and a floppy, DVD or CD drive, or USB port with USB flash drive, depending on which tool you choose. And it’s not easy, although it always work!
Offline Windows Password & Registry Editor (also known as Offline NT Password & Registry Editor) – Available as bootdisk or bootable CD or USB Drive image which contains things needed to reset the passwords on most systems, Offline Windows Password and Registry Editor works to change or reset password of any users on 32-bit (x86) and 64-bit (x64) Windows NT 3.51, Windows NT 4, Windows 2000, Windows XP, Windows Server 2003, Vindows Vista, Windows Server 2008, Windows 7, Windows Server 2008 R2, Windows 8, Windows Server 2012, Windows 8.1, Windows Server 2012 R2, Windows 10, Windows Server 2016 or possibly later. It can also detect and offer to unlock locked or disabled user accounts.
cd140201.zip (~18MB) – Bootable CD image and can be used to make bootable USB drive (download link removed as marked as malware).
usb140201.zip (~18MB) – Files for USB install.
bd080526.zip (~1.1MB) – Bootdisk image for floppy disk
drivers1-080526.zip (~310K) – Disk drivers (mostly PATA/SATA).
drivers2-080526.zip – Disk drivers (mostly SCSI).
chntpw – Essentially the same Offline Windows Password & Registry Editor as above, but compiled as package for various Linux distributions such as ALT Linux, Arch Linux, CentOS / RHEL, Debian, Fedora, Mageia, OpenMandriva, ROSA, Slackware and Ubuntu.
chntpw is useful if you already have a Linux live CD on hand, such as Ubuntu Live CD, where you can boot up to a Linux desktop or terminal, then edit or reset the password for user account with “chntpw -i sam” where sam is the sam file copied from %WinDir%/System32/config folder.
chntpw is included in many Linux distributions, or available for repository. Alternatively, search for it here.
Hiren’s BootCD – Hiren’s BootCD is a boot disk utility that packs various utilities in to a package, including the Offline Windows Password & Registry Editor. If you have Hiren’s Boot CD, you can boot up with it, and enter “Offline NT/2000/XP/Vista/7 Password Changer” to start resetting the password.
Hiren’s BootCD 15.2: Hirens.BootCD.15.2.zip
Trinity Rescue Kit – Trinity Rescue Kit or TRK is a free live Linux distribution that aims specifically at recovery and repair operations on Windows machines, but is equally usable for Linux recovery issues. Similar to Hiren’s Boot CD, Trinity Rescue Kit’s password resetting tool, winpass, is actually just an automated script for the chntpw (Offline Windows Password & Registry Editor) tool, which allows you to reset the passwords of any local account in Windows 8, 7, Vista and XP.
To start resetting password of Windows account in Trinity Rescue Kit, choose “Windows password resetting” option after booting up with Trinity Rescue Kit via CD/DVD, USB flash drive or over network via PXE.
Password Renew – Password Renew is a utility to set or reset the passwords of any user which has a valid local account, create a new local user with administrator rights, set administrator rights to existing user on your NT system, or reset local administrator password on the PC that is in domain, using NULL Administrator password feature.
In order to use Password Renew, you must create and boot with WinPE/BartPE bootable live windows CD/DVD, which can be created by downloading the PE Builder.
Password Renew 1.1 Beta: renew_1.1-BETA.cab
John the Ripper password cracker – John the Ripper is a fast open-source password cracker based on dictionary attack with a wordlist currently available for many flavors of Unix (11 are officially supported, not counting different architectures), Windows, DOS, BeOS, and OpenVMS. Its primary purpose is to detect weak Unix passwords. Besides several crypt(3) password hash types most commonly found on various Unix flavors, supported out of the box are Kerberos AFS and Windows NT/2000/XP/2003 LM hashes, plus several more with contributed patches.
John the Ripper 1.7.9 for Windows
John the Ripper 1.8.0 (sources, tar.xz)
John the Ripper 1.8.x extra charset files archive (sources, tar.xz)
John the Ripper 1.7.9-jumbo-5 for Windows
John the Ripper 1.8.0-jumbo-1 (sources, tar.xz)
John the Ripper 1.7.9-jumbo-7 (sources, tar.bz2)
EBCD – Emergency Boot CD – EBCD is a bootable CD, intended for system recovery in the case of software or hardware faults. It is able to create backup copies of normally working system and restore system to saved state. It contains the best system software ever created, properly compiled and configured for the maximum efficient use. Features are such as copy files from unbootable volume, recover master boot record of HDD, recover deleted file, recover data from accidentally formatted disk and floppy disk. EBCD also includes function to change password of any user, including administrator of Windows OS without the need to know the old password.
In short, the self-contained Emergency Boot CD bootable OS on live CD has the following features:
- File Manager: Backup and restore files without Windows (has full support for Unicode and NTFS)
- Windows Password Wizard: Restore access to your PC when you forgot the password for Windows user account
- Registry Tools: Registry Editor (edit Registry even if Windows is not bootable) and Registry
- Defragmenter (reorganize Registry in such way that logically adjacent data is located physically nearby, so Registry works faster).
- Mount & Boot Center: Fix various boot problems and reassign drive letters outside of Windows.
- Partition Manager: Create, format, delete and wipe partitions; backup partitions to image files, restore them back, and copy partition-to-partition.
Emergency Boot CD 1.4g: ebcd-latest-demo.zip
Ophcrack – Windows password cracker using time-memory trade-off on LM and NTLM hashes based on rainbow tables and supports Windows 7, Windows Vista, XP, 2003 and NT. This tool allows you to retrieve existing password.
RainbowCrack – Crack Windows password using time-memory trade-off cryptanalysis based on rainbow tables. Unless you already has dumped the hash for your Windows password (by using PWDUMP utility), else this utility is for hacker as it provides no way to retrieve the password hashes when you unable to access to your computer.
L0phtCrack – L0phtCrack (also known as LC5 when it’s version 5 or now LC6 for version 6) is a password auditing and recovery application by using dictionary, brute-force, and hybrid attacks. Originally produced by Mudge from L0pht Heavy Industries, and was produced by @stake after the L0pht merged with @stake in 2000. Support and sales has been discontinued by Symantec from end of 2006, after it acquired @stake in 2004. However, in January 2009, L0phtCrack was acquired by the original authors Zatko, Wysopal, and Rioux from Symantec, with L0phtCrack 6 announced on 11 March 2009 at the SOURCE Boston Conference. L0phtCrack supports Windows XP, Windows Vista, Windows 7, Windows 8, Windows 8.1, Windows 10, Windows Server 2003, Windows Server 2008, Windows Server 2008 R2, Windows Server 2012, Windows Server 2012 or later.
So you probably need a crack that lists below. If you unable to sign on to your computer, you probably can’t use this.
Features of L0phtCrack:
- Runs On Windows XP and higher. Operates on networks with Windows NT, 2000, XP, Server 2003 R1/R2, Server 2008 R1/R2, on 32- and 64-bit environments, as well as most BSD and Linux variants with an SSH daemon.
- Provides a password scoring metric to quickly assess password quality.
- Supports pre-computed password hashes dictionary for speedy password audits.
- Imports and cracks Unix password files.
- Has a built-in ability to import passwords from remote Windows, including 64-bit versions of Vista, Windows 7, and Unix machines, without requiring a third-party utility.
- Scheduled routine audit scans.
- Offers remediation assistance to system administrators on how to take action against Windows accounts that have poor passwords. Accounts can be disabled, or the passwords can be set to expire from within the L0phtCrack 6 interface.
- Improved and updated Vista/Windows 7 style UI.
- Real-time reporting that is displayed in a separate, tabbed interface. Auditing results are displayed based on auditing method, risk severity, and password character sets.
- Displays password risk status in four different categories: Empty, High Risk, Medium Risk, and Low Risk.
- Displays the completion of all four methods L0phtCrack 6 uses: Dictionary, Hybrid, Precomputed, and Brute Force.
- Reports the completion of the various character sets being audited, including, Alpha, Alphanumeric, Alphanumeric/Symbol, Alphanumeric/Symbol/International.
- Reports the overall length distribution of the discovered password by account.
- Password statistics as Locked, Disabled, Expired, or if the password is older than 180 days.
- Audit summary for number of accounts cracked and the number of domains audited.
- Supports foreign character sets for Brute Force, as well as foreign dictionary files. Pull down menus change for language and character set. L0phtCrack 6 ships with several foreign dictionaries.
L0phtCrack 6 (15 days trial): lc6setup_v6.0.20.exe
Cain & Abel – Cain & Abel is a password recovery tool for Microsoft Operating Systems. It allows easy recovery of various kind of passwords by sniffing the network, cracking encrypted passwords using Dictionary, Brute-Force and Cryptanalysis attacks, recording VoIP conversations, decoding scrambled passwords, recovering wireless network keys, revealing password boxes, uncovering cached passwords and analyzing routing protocols. The program does not exploit any software vulnerabilities or bugs that could not be fixed with little effort. It covers some security aspects/weakness present in protocol’s standards, authentication methods and caching mechanisms; its main purpose is the simplified recovery of passwords and credentials from various sources, however it also ships some “non standard” utilities for Microsoft Windows users.
This tool needs to be installed, so you must have another working computer to recover your password remotely. Thus it’s likely to be useful for system administrator only. Supports Microsoft Windows 2000, Windows XP, Windows Server 2003, Windows Vista and possibly all later Windows OS.
Cain & Abel v4.9.56 for Windows NT/2000/XP: ca_setup.exe (download link removed as marked as malware)
Cain & Abel v2.0 for Windows 9x: cain20.exe (download link removed as marked as malware)
Hash Suite – Hash Suite is a Windows program to test security of password hashes. It’s primarily a tool for system administrators, security personnels and security consultants to audit large sets of password hashes to identify weak passwords but password recovery is a possible secondary use.
Hash Suite is able to import local and remote accounts with administrator privileges without reliance on any additional tools. However, the free version of Hash Suite does not support import of remote accounts, but you can also use one of the many pwdump tools to obtain the password hashes. This requires either administrator privileges or reboot from a CD that will access the hard drive directly (bypassing the installed copy of Windows).
Hash Suite (free version): Hash_Suite_Free_3_2.zip
PCLoginNow – Bootable live CD with tool to reset local administrator and other user accounts passwords or change security settings on Windows system.
Method 6: Third party password recovery service
Login Recovery – Login Recovery is a service to reveal user names and recover passwords for Windows NT, 2000, XP, 2003 and Vista. Free service is available by waiting up to 48 hours and only one free request every three months. For privacy matter people, there may be some uncomfortability as service provider actually ‘know’ your password before sending it back to you.
Method 7: Bypass Windows log on password with DreamPackPL
DreamPackPL allows users to skip or bypass Windows login security in Windows XP or Windows 2000, and log on to a password protected Windows user account without a valid password or the need to change the existing password.
Warning: If you change or reset password by using any method above, all EFS encrypted files in Windows Vista or Windows XP will be unreadable and no longer recoverable unless you remember the old password that used to encrypt the files. So if you have any encrypted files, it’s best that you try to crack the password first in order to retrieve and get back the existing password first, before you attempt to reset the password to a new one.