Windows password recovery tool? Easy? Trusted?

I get probably 1 customer a month that needs their windows password recovered because they forgot it. What is a trusted password recovery tool that I can use?

Also what are the costs for said tools?

Thank you guys! I don’t trust just googling this question…

There are a bunch of free(and open-source!) tools available.
On most linux distros you can install chntpw. There are a bunch of Live-booting Linux distros that have tools like these pre-installed for recovery or hacking purposes.

If you want a Linux dstro focused on hacking, I’d recommend Kali Linux, if you want a Windows distro focused on computer repair I’d recommend hbcd(Hiren’s BootCD).
Both come with programs for what you want by default and can be booted live.

3 Likes

You can’t recover it (unless it’s an ancient version of Windows) but you can overwrite it. chntpw has always worked for me (to echo @max1220).

I second @max1220 suggestion. Hirens HBCD is an excellent tool. If cops find Kali, that raises eyebrows. If they find HBCD, you’re just a techie with a repair utility. :supervillain:

If you are setting up the customer PC, add a second local admin account for your use (with decent password, obviously). Then you can get in and use lusrmgr.msc to reset their passwords. This also works a treat on BitLocker encrypted drives.

I don’t think they’re going to care as long as you’ve got permission from the device owner.
That is, as long as you’re not doing something else that bothers them…
But then again, they could use anything in that scenario, even made up things(“We heard shouting from the house/vicinity”).

But yeah, HBCD is probably easier for people that already know Windows administration, and less “suspicious”(even though nobody has any right to be suspicious based on just having an USB stick with Kali Linux).

That’s for the courts to decide. :smiley: However, that will cost you a pile of money in legal fees regardless of the verdict.

I’m not a lawyer, but minimizing your exposure is common sense. I’m a professional in IT and know the differences. Some cops, don’t know and don’t care to learn because they’ve been taught Kali = Hacker.

i always use:pc unlocker pro about 30USD…

but watch out… if pc is bitlocker… you can’t really do anything.

little tip for busniess: i always create a local admin users with my pass+salt so i can always help remotely …

I used HBCD but unfortunately the computer kept calling back to the Microsoft servers and would not take the password reset to blank.

However, I was able to unlock an admin account that let me get in and recover their files that they needed. I then reinstalled Windows 11 fresh and made her an admin account without a password.

So all is well and now I like HBCD and have an extra tool for many things!

Thank you guys! Love it!

3 Likes

Microsoft accounts that are signed in via PIN/Microsoft online accounts for activation from OOBE (out of box experience) by the customer still obey the windows SAM file as a fallback when there’s no connection to the authentication servers…

The reason the computer kept calling back to the Microsoft servers was because it’s comparing the password online, versus strictly locally talking to the SAM file. You can force this to communicate only with the SAM file by disabling the networking interface that is in use (likely wifi/eth).

Generally speaking, if you ever do work on a client device best practice is to image the device and work from the image. But, if you have to work with the device itself, tools like HBCD like mentioned here, but also more “tech friendly” repair/boot tools like MediCat, Strelec, etc. are also great boot tools as well. I like MediCat the most because you can boot a VHD off it, but that’s just me :grin:

MediCat has a collection of tools for modification/deleting passwords from local accounts stored in the SAM files, it’s possible to do so without the tools, but it’s a lot faster to use them.

1 Like

Lance,

I will definitely try what you are mentioning here.

However, I did disconnect it from my network by disabling the wireless NIC via the FN hot key. It said it was not connected to any network so I went ahead with the password clear/reset and it still would not let me through…

Either way, I am definitely taking your advice on taking an image. Thank you!

Imaging will save you time and time again, it’s a crucial skill in any type of hardware facing/customer focused business/role.

If you don’t know how to disable adapters via CLI tools like Powershell or CMD I’d look into them! Being sure you’ve turned them off is the way to go. Don’t trust those hotkeys :grin:

I believe MediCat has a password lockpick that can remove Windows PIN logins, and even swap account status to admin and elevate a WinPE to override those restrictions. But it’s been a while, take a tour of it, it’s great!

1 Like

Kali is getting a bad rap it doesn’t deserve! ( primarily because its easy to use)
There are far more dangerous ones out there.
Pentoo, cyberhawk, gnacktrack, caine, and more.
They are all forensics distros,
Pentoo is designed for penetration testing of network security systems.
Its widely used to find and secure network weaknesses, but like any good tools there will always be abuses of them.

Blag 20000 is one thats been around for a long time.
It is a hacking/ war driving distro i used to use for helping others set up good security on their wi-fi

There is no repository so no update! Everything is in the distro.
And its very effective.
But authorities have never heard of it.

1 Like

tools aren’t dangerous, users are.

1 Like