There are several ways to crack a Windows password, but a lot of Windows users are unaware of this fact. The general assumption is that using password cracking software is illegal and that the only way to resolve the issue is to reinstall Windows. This is untrue on several counts. First of all, it is completely legal to use software to recover your own password on your computer. You can't use it to crack other people's passwords. Secondly, reinstalling Windows is the last resort because it will reset your PC to factory settings and you will lose all your data and settings in the process. And if your computer is locked, there's no way to do a data backup prior to the reinstallation.
Fortunately, password recovery software has been around for several years. Since Windows stores all passwords as encrypted hashes in a secure location, the software must be able to access these files and either delete or bypas the password for the respective account. This is quite a complex process, but most password recovery or removal utilities will have built-in functions to do this. The user will only need to execute a few simple commands in the Command Prompt. There are also other software applications that do everything for you, from creating bootable ISO files on disks or USB flash drives to completely removing your user account password in a few seconds.
Let's look at three different but powerful software utilities to crack Windows passwords. Depending on your level of computer proficiency, you may prefer one over the other.
This particular tool is for more advanced users that are familiar with Linux. Although it is not very complex, there are certain processes and terms you need to understand and execute via Command Prompt. If you aren't comfortable with this, we recommend that you skip to the second software tool, which is powerful but simple enough for novice users and experts alike.
Hashcat uses multiple attack methods to crack a password. It utilizes wordlists to try various character combinations at blazing speed. The creators call it the fastest password cracking tool in the world, and that could be true if you know what you're doing and have the right resources.
Step 1: Download Hashcat to your PC and install it. You will need to download the 7-Zip compressed file, then extract the program and install it. The download is available on this page, where you will also see the system requirements. You can also get it using a terminal command, as shown below:
7z e hashcat-2.00.7z
Step 2: You now need to extract the hashes and dump them in a text file. These commands extract the hashes from the SAM files, so replace filename1 and filename2 with the respective hive files containing the password hashes.
Step 3: Now we need to dump the hashes, so we use Mimikatz and LSAdump to do this. Download and install Mimikatz, and run it.
Step 4: Next, you will need wordlists or cracking dictionaries like CrackStation or RockYou. The latter is available as a direct download here.
Step 5: Now execute the following command in the command prompt:
./hash/hashcat-cli32.bin -m 1000 -a 0 -o winpass1.txt --remove win1.hash rock.dic
This final command will crack the hash, and the password will be displayed along with the hash and the corresponding user account.
If your head is spinning by now, then it's probably better to choose another utility to unlock the device. This is not meant for novice users, so even if you follow the process carefully, you may not know what to do if something goes wrong. Here's a much simpler method to crack your password on any Windows machine.
This method uses a different approach. Androidphonesoft Windows Password Recovery lets you create a password reset disk on another machine, which you can then use to unlock your password on your computer. It is one of the most reliable password recovery utilities available today because of its 100% recovery rate. No matter how tough your password, this utility will crack it open and completely remove it so you can login without requiring a password.
The software has been tested extensively on more than 50 top brands of PCs and laptops, and it works with all recent versions of Windows right from XP up to Windows 10. It is also unique in that it is a self-contained utility that has everything you need to complete the process. There's no need for additional software as we saw in the case of Hashcat, and it offers two different methods of burning ISO files to a storage medium that you can use to reset password of your PC.
Download and install the utility on a different PC if your computer is locked. Insert a writable disk or USB flash drive and launch the program. You'll see options for both; click on the "Burn" button next to the appropriate storage option.
Once your boot disk or drive has been created, remove it from the PC and insert it into locked computer. Now boot your computer from this disk. This can be done by changing the boot order from boot menu or BIOS settings, which you can access by pressing F2 or a similar key that will be displayed during the bootup.
You'll see the program interface, simply select the right Windows version, select the user account and click on "Reset Password". Next, click on "Reboot". After the computer restarts, you will be able to login to the previously locked user account without any password. Just type your username and hit Enter to access that account.
There is also another popular utility called Ophcrack that recovers lost or forgotten password. It's very popular but it does have its disadvantages as we shall see.
The Ophcrack Live CD method has been around for a while and is widely used by Windows users. The recovery rate is impressive but it doesn't work that well on anything above Windows 7. It might work, but only for local accounts if they're relatively simple to crack. On the bright side, the tables for password combinations are free so you won't have to pay anything.
Step 1: Download the right version of Ophcrack Live CD to another computer and create a boot disk using an ISO burning application. You can choose the one without tables if you've already downloaded them before on that second PC.
Step 2: Once you have the boot disk ready, remove it from the other PC and insert it into your locked computer. Start up your machine.
Step 3: Go to the BIOS menu during startup and change the boot priority so the system boots from the disk you inserted. If you don't, you'll end up on the lock screen where you can't do anything.
Step 4: Once you see the Ophcrack Live CD Menu, leave the default selection, which is "Ophcrack graphic mode - Automatic". In a few seconds, you'll see Ophcrack loading as a bunch of text scrolls down your screen.
Step 5: You don't have to do anything here, but watch the screen as Ophcrack identifies disk partitions and confirms that it has found the one that contains the password hashes to crack. Once the passwords have been recovered, you'll see them displayed in a table format. Just look for an entry under NT Pwd against the appropriate username. This is your recovered password.
Step 6: Note down this password, remove the boot disk from the computer and restart the machine. You should now be able to get in by using the recovered password.
As you can see, each method has its own advantages, but Androidphonesoft is the only one that doesn't have any disadvantages. The software is self-sufficient, it can be used by computer novices and it doesn't require any technical skills to get it to work. If you want to avoid the hassle of using multiple software applications or executing commands that you don't understand, then the only obvious choice is Androidphonesoft Windows Password Recovery.