How to destroy (remove/change) forgotten Windows passwords [Windows XP, Vista, Windows 7]

Forgot your Windows password?  Need to recover/get rid of it? One solution is using Ophcrack. However, Ophcrack has a few problems with it. For one, it can only crack passwords which are 14 characters or less in length. Secondly, any passwords that have extensive use of special symbols Ophcrack won’t work on. Thirdly, Ophcrack won’t crack all passwords if you are using the free tables; and if you use the paid tables, they are insanely huge in size. Lastly, Ophcrack takes quite a while to crack a password. Luckily, if you don’t need to keep your lost password the same  – and really, if you forgot it the first time around you probably won’t want to keep the same one to forget it again – there’s an alternative to using Ophcrack: Offline NT Password & Registry Editor.

Image Credit: One and Two

Offline NT Password & Registry Editor Overview

Offline NT Password & Registry Editor (ONTP&RE) is a tool to use when you forgot/lost your Windows account password and you don’t need to keep it the same (i.e. you are open to changing it). Simply put, ONTP&RE allows users to manually change the passwords for Windows accounts. (ONTP&RE is also a registry editor.) No passwords are a match for ONTP&RE – it allows you to destroy and replace any password for any Windows account.

Preparing to destroy passwords

Just like Ophcrack, ONTP&RE runs from a Linux boot disc, so you need to download and burn ISO onto a disc before you can use it. So download the ONTP&RE disc image and burn it to a disc using your operating system’s built in ISO burner (if your OS has one) or a third party program like ImgBurn or Ashampoo Burning Studio 2010 Advanced.

If you prefer bootable USB drives over bootable disc, you can use XBoot to create a bootable USB of ONTP&RE.

Destroying passswords

Once you have created the bootable media – whether it is a disc or USB drive – you need to boot off it. So insert the disc into the computer, or plug in the USB drive, and restart your computer. Depending on your computer BIOS settings, you may be automatically booted into ONTP&RE after reboot; or you may be required to tap an F key (like F8 or F10 or F12) during the BIOS screen and manually tell the computer you want to boot off the disc/USB drive; or you may need to enable to booting off disc/USB drive from your BIOS before you can do any of the previously mentioned actions.

Once you have booted into ONTP&R, you should seem something like this:

Once at this screen most people just need to hit Enter on their keyboard to proceed to the next step. If, however, you are having problems with ONTP&RE, you may need to type in one of the custom commands (to disable USB, not load drivers, etc.) listed before hitting Enter.

After you hit Enter as just discussed, ONTP&RE will do a bunch of loading and will end up at the following screen:

At this screen you will need to pick your Windows partition. For most computers just hitting Enter will work fine because ONTP&RE automatically selects a suggested partition, which is typically the Windows partition. If you find, however, that ONTP&RE has the wrong partition selected, you will need to change it before hitting Enter.

Next you will be shown a screen that lists your Windows accounts:

Accounts that don’t have a lock are generally the ones you care about. Verify the name of the account you want to crack, type it in, and hit Enter:

Now you need to modify the account you selected. To remove the password (i.e. make the account have no password), type 1.  To change the password, type 2.  To make the user an administrator, press 3.  To “enable” a “locked” account – like Adminstrator – type 4. If you find you have mistakenly selected the wrong account, or you changed your mind about modifying the account, type q to quit and go back to the user selection screen. (Be sure to hit Enter after typing in your command.):

In the screenshot above you can see that I selected to remove the password associated with my Locutus account. I recommend removing the password as opposed to changing the password because you can always change the password once you have regained access to your Windows account by removing the password; it is a bit more user-friendly changing your password from within Windows itself than from within ONTP&RE.

Once you have modified one account, you can go back and modify other accounts or modify the same account again, if you want. To do so simply type in the account name you want to modify, hit Enter, and repeat the previously mentioned steps. If you don’t want to modify any more accounts, type ! and hit Enter to go back to the “main menu”.

Back at the main menu you can type 1 to go back to editing accounts, 9 for the registry editor, or q to quit. Unless you want to go back and edit other accounts or access the registry editor (make sure you know what you are doing if you use the registry editor), type q and hit Enter to quit ONTP&RE. It will ask you if you want to save the changes you just made:

To save your changes, hit y and Enter. You will be asked if you want ONTP&RE to try to apply your changes a second time in case the first time failed. If you want to have ONTP&RE conduct a second pass, type y; otherwise type n to exit. Hit Enter:

Last but not least, simply press Ctrl+Alt+Delete to reboot your computer and get back into Windows. Depending on your computer you may also need to remove the disc/USB drive.

Wait for your computer to reboot and you should now be able to login to your Windows account:

Click on the account that you modified and login! If you removed the password there will be no password to enter. If you changed the password you need to enter the new password.

Conclusion

Using ONTP&RE to remove or change passwords is a great, easy, and quick way to deal with forgotten Windows account passwords; and if you combine it with the previously-mentioned Ophcrack using XBoot, you can actually save yourself a disc too (or put them both on a single USB drive). Although there are probably easier ways to modify forgotten Windows passwords, using ONTP&RE is the one way I know works with all passwords. You can grab Offline NT Password & Registry Editor from the following links:

Version reviewed: v100627

Supported OS: Windows NT/2k/XP/Vista/Win7

Download size: 3.6MB

Offline NT Password & Registry Editor home page

[Direct download]

[Download page]

Related Posts