Recovering password on XP Home.
 

Ok, here's the problem. There's this machine here at work running XP Home. I don't know the administrator password. Since I didn't set this up I have no idea what it is.
Is there a way I can recover this password using a Knoppix CD?

I don't want to have to reinstall the OS:(

Tech TV showed how to do this once but since they changed to G4 the info is gone.

Here is a cached TechTV page from yahoo that tells one way to recover the password.

http://66.218.71.225/search/cache?p=...yc=14960&icp=1

Take a look at this. You should be able to use it to browse and possibly change the password.

http://home.eunet.no/~pnordahl/ntpasswd/bootdisk.html

I used this the other day for browsing the registry when a machine wouldn't boot. I could read the values, but when I tried to change them and boot back into Windows, Windows restored a previous version of the registry.

I was however able to get the value data I needed to make the machine bootable again.

Yeah, not that I have done this but I have a pretty good idea how to do it.

1. Boot Knoppix SDT and have a thumb USB drive handy.

2. Copy the SAM and System file from winnt/ system32/ config to the thumb drive. I think Knoppix has a program called "NT password" that does this for you.

3. Take the thumb drive to another computer and run "Sam inside" on the SAM.

4. That should give you the password on the windows box.

Sam Inside : http://www.topshareware.com/SAMInside-transfer-5188.htm

Edit: I just cracked my XP box, fun stuff to play with. That version of Saminside only does uppercase letter so I would try to find a full version of Sam inside. If LM hashes were enabled on the machine, saminside should crack the password very quickly.

Thanks guys, looks like I have a few options. I'll have to get the latest Knoppix tho. Last one I downloaded was 3.2.

An easier process that I've done in the past ( I don't know if it still works ) is detailed here.

http://www.tweakxp.com/tweak2019.aspx

Note: This is simply for changing the password, not recovering it.

This is what I use at work:

http://www.petri.co.il/forgot_admini...password.htm#1

Its a very simple tool to use.

Well that's the same program hrdwareguy posted.

I used it and it seemed that everything was working fine. I had it set the passwords to blank. But I still can't log on! It says invalid password. On all accounts.

I've redone it many times and everything points to the changes being done.

Next step is to try the Knoppix/thumbdrive idea:mad:

Instead of resetting the password to blank, view the data and it should tell you what the password is.

Worth a shot.

Well it's already blank. So it says.

Ok, Knoppix/thumbdrive didnt' work. "Can't write to /mnt/sda1"

AARRGGHH!!!

i dont know where i got it but there is a disk out ther that boots linux and is able to over write the sam file so you can write a new password to any account on it.

if i find it ill send you a link.

What is the ouput of a "mount" command under Knoppix? If I remember correctly, Knoppix mounts all physical drives as read-only....if so, "mount" will display "(ro)" rather than "(rw)" next to the drive in it's output. If this is the case, issue "mount -o remount,rw /dev/sda1". If you need root to do this, I think that you can "sudo passwd root" or something similar to change the root pw.

My linux is really rusty atm. I had thought about that but had no clue at the time.

I'm gonna try working on some of my systems at home. If I can get one of these hacked I know I'm doin it right.

not sure, but knoppix might not mount the drive with write access because of ntfs. I know in the kernel documentation it still says write access is still expirimental.

IDEA!

What if I create a simalar SAM file with the same accounts and swap them? I'm gonna give it one last shot tomorrow.

I tried blanking out passwords on a machine at home and it worked fine so I know I'M not doing it wrong.

That should insert a new password but it will be impossible to read files that were encrypted with windows encryption service.

Use the method as described in the Yahoo cache of TechTV's site. (See Bigwahzoo's post.) But, instead of using knoppix, make a BartPE CD and boot to it. This will cut out all that tricky mounting /copying stuff in Knoppix.

(in other words, BartPE cd allows for read/write NTFS drives and may be easier to use)

http://www.nu2.nu/pebuilder/

Well I gave up and took it to PC Club and they gave it a shot. They used a program called Windows Locksmith and they had the same results as me. They would change the passwords and they wouldn't work.
A virus perhaps? :confused: