Wednesday, September 16, 2015

Recovering Windows 7 Passwords

Recovering Windows 7 Passwords


 So you're a Windows user and have locked yourself out of your computer. I don't know, maybe you changed your password recently and it was something you just couldn't remember but now all your files are on this box and you just can't get in. What do you do?

 Use a live CD!

 Okay... so what is that?

 A live CD is a complete bootable computer installation including operating system which runs in a computer's memory rather than loading from a hard disk drive.

Ophcrack & Rainbow Tables

In this case, I used OphCrack. Ophcrack is a live CD specifically designed for cracking Windows passwords with rainbow tables. Don't know what a rainbow table is? No worries, I'll explain.

 Whenever you create a password, that password is hashed using a security protocol. So if my password was "pass123" it would actually be stored and recognized by the computer as a hashed series of numbers and letters. Rainbow tables are huge (like terabytes) files full of potential passwords and their hashes.

 In Ophcrack's case it gets the hash from the locked computer's memory and then goes through all its rainbow tables to find the matching hash!

 So when you boot into Ophcrack and run the password cracker it'll look like this:

notfound-ugh.png


Ophcrack comes with a free basic rainbow table and you can buy better complex ones. In this case, the basic rainbow table doesn't quite crack the password but it does give me the password's hash. 

 In that case you can go to a hash database site online (make sure it is a hash database for the correct security protocol) and find the clear text that matches the hash. I used NTLM protocol and hashkiller.co.uk in this case.
hashashashash.png

Recovering vs Resetting a Password

So there you have it. Live CDs and rainbow tables. If you need to simply rest your password you can follow tutorials for such a situation online. 

However if you have any encrypted files on your computer, resetting your password will lock you out of all these! This is because when you reset your password through Control Panel, Windows will automatically update the password for your encrypted files. When you rest your password any other way, it won't update the files, hence, you'll be locked out. So careful! Don't forget, you can always Google!
Posted by at

No comments:

Post a Comment

Subscribe to: Post Comments (Atom)