How to find out the password for a computer in Windows7 if it is already turned on.

We increase privileges to system privileges using the KiTrap0d exploit, and also extract the admin password using PWdump and L0phtCrack.

So, I will state the essence of the matter. Let's imagine a very familiar situation (for students and secretaries): the administrator account is locked from crooked hands with a password, and we are in a regular (guest) account. Without knowing the password or not having administrator rights, we cannot rummage around on the admin’s desktop (type “C:\Users\admin” - Access is denied), we cannot change the Program Files and Windows folders... - and we really need it! What to do?

1. KiTrap0D forever! — raise privileges all the way to System

At the beginning of 2010, hacker T. Ormandy published a 0-day vulnerability that allows privilege escalation in any version of Windows. This exploit was named KiTrap0d and in current antivirus databases it is listed in a section like Win32.HackTool (“hacker tool”).

You can read a first-hand description of the vulnerability at: http://archives.neohapsis.com/archives/fulldisclosure/2010-01/0346.html

So, turn off the antivirus (well, you trust me!). Next, download it from my documents at https://www.box.net/shared/1hjy8x6ry3 (password nagits - so that the antivirus does not swear) or search on the site http://exploit-db.com named Tavis Ormandy. The compiled exploit consists of 2 files: the library vdmexploit.dll and the executable vdmallowed.exe. By clicking on the exe file, the exploit starts and the cmd.exe command line opens with system privileges NT AUTHORITY\SYSTEM!

And now, as they say, the flag is in your hands! With these rights, you can copy the files you need, find out valuable information...

2. Find out the administrator account password

..., but still it will be much more useful to know the admin password.

Account passwords in Windows are stored as hashes in special registry branches HKLM\SAM and HKLM\SECURITY and access to them is denied even to administrators. The corresponding Security Account Manager database files are located in the %SystemRoot%\system32\config folder in the SAM and SYSTEM files, but you can’t simply copy them either, however, more on that a little later. That’s why it’s so important that we get system rights.

I will talk about two approaches to obtaining a known password. One concerns, as you probably understood, the registry - password dump. The second approach, as Captain Obvious advises, is to obtain the SAM file.

2. Method 1. Dump passwords

We will use the fairly well-known pwdump utility, which you can download from My Documents at https://www.box.net/shared/9k7ab4un69 (password nagits). Switch to the cmd.exe command line with system rights and run pwdump.

By command

C:\pwdump.exe localhost > C:\pass_dump.txt

The utility will dump passwords to a file.

For example, pass_dump.txt might look like this:

No history available Uzver:1001:NO PASSWORD*********************:NO PASSWORD**** ****::: VirtualNagits:1000:NO PASSWORD*********************:32ED87BDB5FDC5E9CBA88547376818D4::: Completed.

It can be seen that Uzver is a regular user, not protected by a password, and VirtualNagits is an administrator, and the hash of his password is given.

For example, I will use the l0phtcrack program. You can download the bloomer at www.l0phtcrack.com/.

Starting with Windows NT 3.1 (July 27, 1993), passwords are stored in the so-called. NTLM hash. Unfortunately, the l0phtcrack program will agree to attack NTLM hashes only after registering/purchasing the software product. By the way, the installation must be run with administrator rights - at a minimum. Therefore, we run the installation file from cmd.exe with System rights.

So I have l0phtcrack v5.04 installed and registered and pass_dump.txt:

In the l0phtcrack program, click on the Import button:

Select import from the PWDUMP file (From PWDUMP file), specify our pass_dump.txt.

Now you need to check the options for cracking NTLM passwords:

Confirm your selection by clicking OK and click Begin Audit.

Eat! The tricky administrator password “123456” has been received!

2. Method 2. Get passwords from the SAM file.

In general, you cannot copy the SAM file from C:\windows\system32\config\ even with SYSTEM rights, since they are “occupied by another application.” The task manager will not help, because even if you find the culprit process responsible for Security Account Manager, you will not be able to terminate it, since it is a system one. Basically, all of them are copied using a boot disk, in which case we don’t even need administrator rights. But often you don’t have a LiveCD in your hands...

This is very well described on the website http://wasm.ru/article.php?article=lockfileswork under the title (Reading a file using direct disk access).

Welcome to another article, dear users! You may need to find out your computer password for a variety of reasons, ranging from banal forgetfulness to the trivial blocking of your PC by another person.

However, how can you find out the password for your computer without spending a lot of time on this matter and getting an effective result? I think you are also interested in such an interesting question. There are many ways to achieve what you want, and in this article we will look at the main ones.

How to find out your computer password - proven methods and recommendations

First of all, we’ll try to find out if there are specific ways that will allow you to successfully log into the system without blocking your computer.

So, there are many options for how to find out the password from a computer, and situations where it is lost can be very different. Using the example of the most common Windows operating system, we will show ways to change or obtain a ready-made password. Let's look at the most common problems and their solutions:

So, if you have access to account management, then changing a forgotten password is very easy. To do this, just go to “Control Panel”, “Accounts and Family Safety”. I talked about accounts in more detail in.

“User Accounts” and go to “Change an account through computer settings”. There you will be able to go to the “Login Options” item and set a new password by resetting the old one.

All actions are described for “Windows 8.1”, but if you have an older or newer version of this system, then don’t worry - all the listed menu items will have the same or very similar names - little has changed since Windows 98;

The second common way to guess a computer password is the simple guessing method. People very often set simple passwords so that they can always remember them and carry them in their heads. These include the combinations “123456”, “qwerty” and similar simple sequences.

There is a high probability that your home computer will be locked with just such a password, so you can choose something similar. The selection method also includes another common option - the year and month of birth of the computer owner, his full name, dog's name, some memorable dates. Knowing a person well enough, there is a possibility that you can easily guess the password to his computer.

There is another way to simply reset your password using special programs (more on this a little later), but then you will be able to log in to the system and the old password will be invalid. Press the CTRL+ALT+DEL keys and the restart computer button. The login password is automatically reset and after loading the operating system you are immediately taken into it.

The problem is that the old password will be unknown and you won’t be able to set it again;

You can do it a little more cunningly - if you have periodic access to the computer, then it is enough to remove the password requirement for your account. While on the desktop, go to “Start”, click “Run”, enter “CMD”, get into the console.

There we enter “control userpasswords2-”, press Enter, select yours or just the one you need among the displayed accounts. A settings window will appear - there you need to uncheck the “Require username and password” checkbox. After which everything is saved and closed. You can now log in as your user without a password.

You can also reset your computer password using special software, software recorded on a disk or flash drive. You do not need to have access to the computer to reset the password - just write the necessary program onto the media in advance and reset the password through the BIOS to authorize a particular user.

Today the program “ Microsoft miniPE", which works as follows - login is carried out through a bootable USB flash drive, after which the password is reset through the program shell. Through this program, you can change your password to your own, which will allow you to leave your computer as closed as always, but you will still be able to access your account.

In the BIOS, before running the program, you need to set it to boot from a flash drive, but most often in modern systems this works automatically. If you have forced such a download, then after changing the password you will need to force the download back - from the hard drive.

How to find out a computer password - software selection methods

You can also guess a password on your computer using third-party programs, but the problem is that the vast majority of them come with built-in viruses and there are practically no truly proven solutions. Most of these programs are stored on the Internet on dubious sites and I do not recommend downloading them and using them for your own purposes.

As practice shows in most cases, most often, along with such a program (it’s not an option that it’s working), a lot of unnecessary junk and small viruses are downloaded onto a computer or flash drive, from which it will take a very long time to clean the system.

In general, remember that there is no really working solution for selecting passwords in the public domain - such applications are written to order, and you cannot just download them.

But the principle of their operation is quite simple - you download such a program to your flash drive or disk, then boot after starting the computer not from the hard drive, but from portable media (in the BIOS). After inserting the media, boot up and see what happens. Most often, these are small programs that work automatically and help you select possible password options. They often don't work accurately or don't work at all, so we recommend using one of the methods listed above. Moreover, some of them allow you to reset or change your password very carefully and the computer owner may not realize that there is already a completely different key for your account.

In conclusion, I suggest you watch the following funny video from schoolchildren who found a way to find out the password for a computer if their parents set it.

Concluding today’s article, it’s time to summarize. At the moment, this is the most relevant and verified information that you can safely use in order to achieve the desired result. But still, you should know that choosing a password or changing it to your own are quite probable and the only correct decisions. Using third-party, incomprehensible password guessing programs is a controversial matter and there is no point in recommending it to anyone. If only because some of the most popular and widespread software of this kind simply does not exist today. Therefore, I will repeat once again that all such applications available on the Internet most often turn out to be viruses.

How to crack a password in Windows XP and Windows 7? You may have such a desire for a number of reasons. Perhaps you simply forgot the administrator password on your computer, or maybe an evil admin does not allow you to install programs on your work computer, but you really want to play your favorite toy during lunch. Undoubtedly, resetting a password in Windows XP and Windows 7 is much easier than finding it out, but sometimes you just need to remember a forgotten password. In this article I will explain how to do this.

How to find out the password in Windows XP and Windows 7?

For Windows password recovery We'll be using a great program called Ophcrack. Ophcrack guesses the password for a Windows user account using rainbow tables. On modern machines, selection takes quite a short time. The program is very simple to use and free (there are also paid dictionaries if the selection of free ones is not successful). In my test, the program cracked a 10-character password (5 letters and 5 numbers) in 5 minutes. So go for it, but remember - you should only use the program on your PC =)

We install the program (yes, this method requires that you have rights to install programs), select the checkboxes of the dictionaries we need. Accordingly, for Windows 7 and Vista, check the two bottom boxes. Click Next and the program will automatically download dictionaries from the Internet.

After the installation is complete, launch Ophcrack.

Most likely, ophcrack will automatically begin to guess the password and display the found passwords when finished.

If you do not have tables in the list, click Tables (the button at the top) and connect the necessary tables. In this case, Vista Free and Vista Special. Select them and click Install.

After this, you need to load into the program information about user accounts that are on the computer. To do this, click Load, then LocalSam with samdump2.

We have received a list of users. Click Crack - and the password selection process begins. The guessing time depends on the power of your PC and the complexity of the password.

At the end of the hacking process, you will see all the passwords that the program was able to pick up. If your password fails, you can use additional tables. On the site they are for money, but on the root tracker someone kindly shared a couple of excellent dictionaries.

Download them, connect them similarly to the previous ones, and try again. These dictionaries have an incredibly high selection rate.

How to remember your password in Windows XP and Windows 7 using livecd?

The second option to remember a forgotten Windows XP and Windows 7 password is using the livecd version of the Ophcrack program. For me, this is the most versatile and optimal option.

We select livecd for the operating system we need.

Next, cut it into a disk. To do this, you can use the excellent Imgburn program or any other with similar functionality. You can download it from the link.

After that, we boot from the created disk and see this menu.

Press Enter. Ophcrack will load and automatically begin cracking the password of all found PC users.

After the program finishes, it will tell you which passwords it was able to recover.

How to find out the password in Windows XP and Windows 7 from a flash drive?

If your computer does not have a CD drive or you prefer to boot from a flash drive, then ophcrack allows you to do this. To do this, download the program Universal USB creator.

We indicate Ophcrack in step 1, the path to the downloaded image in step 2 and the letter of your flash drive in step 3 (all data on the flash drive will be deleted).

Click Create.

If you want to create a flash drive that will recover passwords for all versions of Windows, you need to download tables from the program website. Both free and paid tables are presented. Paid ones have a much larger volume and can cope with those passwords that free ones could not cope with.

Download from the official website. Go to the tables folder on your flash drive and drop folders with tables there. Now ophcrack will be able to use the new tables.

Also, don’t forget about the wonderful tables presented above.

And, by the way, about Windows 8. It is possible that tables for Windows 7 will help you recover your password for Windows 8. If anyone has tried it, please write in the comments.

I hope my article helped you remember your password in Windows XP and Windows 7.

A standard situation is that the administrator has blocked many functions of the computer user. What to do, how to reset or find out the Windows administrator password? To reset or change the Windows administrator or user password, there are many options available, one of which is the ERD Commander program tools. However, your interference in the security of your computer will be revealed immediately the next time the system administrator visits your PC. Much more attractive is the option of revealing the administrator’s password, logging into Windows using its password, making the necessary changes or removing the necessary information accessible only to the computer administrator, and safely logging out of the system without traces of your visit. Elcomsoft System Recovery Professional does an excellent job of these and many other functions related to administrator and user accounts. Using it, you can find out the administrator password for Windows 7, XP, 2000, Server 2003 and 2008. The program is paid, but it is not difficult to find its “specific” version on the Internet. Let's take a step-by-step look at how you can find out the Windows password using it, as well as its other capabilities.

Removing Windows password - Elcomsoft System Recovery Professional

Removing the Windows password in the following way. After spending some time searching for an image of the Elcomsoft System Recovery Professional program, we downloaded it and burned it to disk. Next, we configure the BIOS to boot from the drive and, after booting from the disk, we get the first window. Select the desired language, agree to the license terms and move forward "ok"

Here, most likely, in most cases there is no need to do anything and we continue to move “Next”.

Since our goal is to find out the Windows password, here we leave everything unchanged and move on to the next point.

At this stage we are asked to select the Windows directory of the system with which we are working. If there are several operating systems installed on the computer in different logical partitions or on one, then we need to know which one applies to our system (Windows, Windows 0, etc.). But in most cases, one operating system is installed, so there will be no choice. We leave the default settings and move on to the most interesting part.

After the program works for a short time to determine passwords, statuses and other attributes of accounts, the program will give us a window with the passwords of all users and administrators of the Windows operating system under study. Here we can rewrite all the passwords of interest and exit the program - “Close”. However, if we want to work with any account, we need to select it and click “Next”, moving to the next window for editing account parameters.

This window shows what actions we can take to change the settings and password of the administrator (user) account: changing the password, raising the account privilege to admin status, unlocking accounts that have the status "disabled" or "locked". The program supports any file systems and detects passwords written in all languages ​​localized in OS Windows. Using the program, you can find out the administrator password on Windows 7, NT 4.0, Windows Vista, 2003 Server, 2000, XP and Windows 2008 Server.

Having agreed with the possible problems, we get the last window before restarting the computer.

If, at the stage of viewing all passwords, you click “Close”, you will receive the following window. If we are only talking about finding out the Windows password, it is advisable not to risk possible problems, but to calmly log in with the revealed admin password and make all the necessary changes to the accounts from under the system. Well, if we are talking about unlocking an account or its password has expired, then nothing can be done about it.

Changing the password of any Windows user using ERD Commander

This video tutorial shows how to use the ERD Commander 2007 boot disk to change the password of any Windows user, including an administrator.

If you still fail to change the administrator password, you can always call a computer service technician to unlock your computer.

Was the material useful? Click the button -

Using the administrator account, you can make important changes to the system: install programs, configure security, etc. By default, guest and regular user accounts do not have such privileges. To prevent unauthorized logins and unwanted changes, many people protect the administrator account with a password.

Windows 7 has the ability to create user accounts with administrator rights. In addition, the system by default has a built-in administrator, which is not reflected in the welcome window and is usually used to solve some specific problems. However, a password is not required for this entry.

How to find out without resetting

Unfortunately, it is impossible to find out the password for the administrator account using standard Windows 7 tools. By default, they are stored in encrypted SAM files. And if you forget your password, you will have to use third-party programs. But with their help you can find out a not too complex password that contains Latin letters and numbers. One of the popular ones is SAMinside. Its advantages are a Russian-language and understandable interface.

If you do not have access to the system, the course of action is as follows:

  1. download and install the Windows XP Live CD on the flash drive - it will become bootable;
  2. install the hacking program there;
  3. boot the system from the Windows XP Live CD;
  4. launch the SAMinside program;
  5. export the SAM and System files (they contain the necessary information) from the registry - to do this, click Open - C: WindowsSystem32config.
  6. Next, it remains to decrypt the SAM files and perhaps they will contain the desired value.

It is worth noting that any program does not provide a one hundred percent chance of decryption. The more complex or longer the password, the more difficult it is for utilities to cope with it. And there are often cases when they fail to find out the password.

Reset Windows 7 Administrator Password

If you have forgotten your password and there is no way to recover it, you can simply reset it. To do this, you will need an installation disk with Windows 7 or an installation flash drive. The media type is not important and does not play any role. By default, the hard drive on which the system is recorded is the first to boot. Therefore, you first need to go into the BIOS and, in the order in which the devices are launched, move the installation disk or flash drive to the first place.

To perform a reset, insert the media into the computer and select system recovery.

Next, the program will begin searching for installed Windows and this may take a certain amount of time. After searching, click “Next” and select the command line in the parameters.

In the line you need to write the following command “copy C:\Windows\System32\sethc.exe C:\”. By default, drive C is the system drive, but not all users have the system installed on it, so instead of C you need to specify the system partition.

This command copies the file sethc.exe. It is he who displays the window that appears when you press the Shift key five times. By default the file triggers Sticky Keys, but it can be set to any other value.

Now you need to change the command to press Shift five times. We need it to include not sticky keys, but the command line. This way you can open it when the system asks you to enter your password.

In the open command line we write: “copy C:\Windows\System32\cmd.exe C:\Windows\System32\sethc.exe”. If everything went well, the following message will appear:

Close the line and click on reboot. We change the boot order of devices again in the BIOS and reboot again. After the reboot, a start screen will appear asking you to enter your account password. We press Shift five times and the command line opens, with maximum access. In it we write “net user User 12345”. User needs to be replaced with the username, and 12345 is the new password for the account.

Close the command line, enter a new password and calmly log into Windows. If you wish, you can now completely remove the password from the Control Panel.

Reset diskette

If you often forget passwords, you can create a reset disk in advance. To do this, go to the Control Panel, click “User Accounts” and select the account for which you need to remember the password.

We insert the device into the computer and indicate the path to it. Next, the program will ask you to enter a password. After some time, the creation of the reset disk will be completed. Now the main thing is not to lose the drive.

Alternative methods

As one of the options, you can find out a forgotten password by brute force; usually a person uses two or three combinations, and if you are looking for a password for your device, then this method may work.

Another method is very similar to the one described above. It also requires an installation disk/flash drive, but it will take longer, require intervention in the registry and many different actions. Everything is solved much easier through the command line.

And the most drastic way is to reinstall Windows on your computer. Of course, you won’t know the password, but you will get full access to the system. True, no saved files. After installing the system from scratch, there will be no password by default.