Many people take a dim view of password recovery tools for ethical reasons — understandably so. You have a tool that can, in some cases, crack passwords on machines. But in certain situations, these tools wind up being the last ditch effort that can save you from having to go as far as reinstalling the operating system. Imagine losing your Windows Server administrator password and not having the means to retrieve it. Would you want to have to reinstall? Not on your life! In such a tricky situation, a password recovery tool may be your only recourse. Let’s take a look at five “free” password recovery tools. I say “free” because in some cases there are tables that must be purchased (such as rainbow tables) to break some types of passwords.
Note: This list is also available as a photo gallery.
LCP (Figure A) is a user-account password recovery tool for Windows NT/2000/XP/2003. This tool can recover using a dictionary attack, brute force attack, or a hybrid dictionary/brute force attack. LCP allows you to import from a local computer, remote computer, SAM file, .LC file, LCS file, PwDump file, and Sniff file. As with many of these applications, you should avoid using your machine while LCP recovers passwords, as it will consume the majority of your machine resources for the crack.
Ophcrack (Figure B) is one of the most popular password recovery tools. It’s free (open source as well), cross platform, and very reliable. Ophcrack uses a solid implementation of rainbow tables that just happens to have been done by those who created the method. Ophcrack runs on Windows, Linux/UNIX, and Mac. It cracks LM and NTLM hashes; has free tables for XP, Vista, and 7; includes a brute-force module for simple passwords; offers an audit mode and a CSV export; presents real-time graphs; has a LiveCD for easier (and more efficient) recovery; and dumps and loads hashes from encrypted SAM.
3: Windows Key
Windows Key (Figure C) can reset your Windows password for you. This is different from the other tools, in that it doesn’t recover a list of user passwords or even recover from a file. Windows Key creates a bootable CD (or USB device) you can use to boot the machine and recover the password. It’s simple to use, and it can reset both local (standard version) and domain admin account (Enterprise edition only) passwords. It promises a 100% recovery rate. Although Windows Key has a free trial, you’ll have to pony up for the full version (Standard $39.00 USD, Enterprise $295.00 USD) before you can really recover any passwords.
4: Windows Password Unlocker
Windows Password Unlocker (Figure D) also creates a USB or CD that can then be booted to recover passwords. There are three editions of this tool: Standard ($19.95 USD), Professional ($29.95 USD), and Enterprise ($49.95 USD). The biggest difference is that only the Enterprise and Professional editions can recover passwords. (Enterprise can even recover domain admin password.) The standard version simply removes the passwords, and it doesn’t support the USB flashdrive method.
Windows Password Unlocker
5: Hash Suite
Hash Suite (Figure E) is marketed as a program designed to test the security of password hashes. It’s incredibly powerful and offers high performance (one of the fastest crackers available), an easy-to-use GUI, reports and statistics, and all the features of modern crackers. It also works on large number of hashes. This is the go-to tool when you need to recover (or test) a number of password hashes. Please note: To successfully use this tool, you will need to employ a pwdump tool to gain the necessary hashes for Hash Suite to crack. Here is a list of possible pwdump tools.
To the rescue
There will come a time when you need to crack a password — and when that time comes, you’ll be glad you have a recovery tool available. Yes, there can be tricky ethics to deal with. But when you need to recover a password, sometimes there is no way around it. Get familiar with one (or more) of these tools so you won’t have to resort to reinstalling an OS when a simple cracker will solve the problem.