Windows

Five trustworthy password recovery tools

In a bad situation, you may have to use a specialized tool to recover a password. Here are five reliable apps you can turn to.

Many people take a dim view of password recovery tools for ethical reasons -- understandably so. You have a tool that can, in some cases, crack passwords on machines. But in certain situations, these tools wind up being the last ditch effort that can save you from having to go as far as reinstalling the operating system. Imagine losing your Windows Server administrator password and not having the means to retrieve it. Would you want to have to reinstall? Not on your life! In such a tricky situation, a password recovery tool may be your only recourse. Let's take a look at five "free" password recovery tools. I say "free" because in some cases there are tables that must be purchased (such as rainbow tables) to break some types of passwords.

Note: This list is also available as a photo gallery.

1: LCP

LCP (Figure A) is a user-account password recovery tool for Windows NT/2000/XP/2003. This tool can recover using a dictionary attack, brute force attack, or a hybrid dictionary/brute force attack. LCP allows you to import from a local computer, remote computer, SAM file, .LC file, LCS file, PwDump file, and Sniff file. As with many of these applications, you should avoid using your machine while LCP recovers passwords, as it will consume the majority of your machine resources for the crack.

Figure A

LCP

2: Ophcrack

Ophcrack (Figure B) is one of the most popular password recovery tools. It's free (open source as well), cross platform, and very reliable. Ophcrack uses a solid implementation of rainbow tables that just happens to have been done by those who created the method. Ophcrack runs on Windows, Linux/UNIX, and Mac. It cracks LM and NTLM hashes; has free tables for XP, Vista, and 7; includes a brute-force module for simple passwords; offers an audit mode and a CSV export; presents real-time graphs; has a LiveCD for easier (and more efficient) recovery; and dumps and loads hashes from encrypted SAM.

Figure B

Ophcrack

3: Windows Key

Windows Key (Figure C) can reset your Windows password for you. This is different from the other tools, in that it doesn't recover a list of user passwords or even recover from a file. Windows Key creates a bootable CD (or USB device) you can use to boot the machine and recover the password. It's simple to use, and it can reset both local (standard version) and domain admin account (Enterprise edition only) passwords. It promises a 100% recovery rate. Although Windows Key has a free trial, you'll have to pony up for the full version (Standard $39.00 USD, Enterprise $295.00 USD) before you can really recover any passwords.

Figure C

Windows Key

4: Windows Password Unlocker

Windows Password Unlocker (Figure D) also creates a USB or CD that can then be booted to recover passwords. There are three editions of this tool: Standard ($19.95 USD), Professional ($29.95 USD), and Enterprise ($49.95 USD). The biggest difference is that only the Enterprise and Professional editions can recover passwords. (Enterprise can even recover domain admin password.) The standard version simply removes the passwords, and it doesn't support the USB flashdrive method.

Figure D

Windows Password Unlocker

5: Hash Suite

Hash Suite (Figure E) is marketed as a program designed to test the security of password hashes. It's incredibly powerful and offers high performance (one of the fastest crackers available), an easy-to-use GUI, reports and statistics, and all the features of modern crackers. It also works on large number of hashes. This is the go-to tool when you need to recover (or test) a number of password hashes. Please note: To successfully use this tool, you will need to employ a pwdump tool to gain the necessary hashes for Hash Suite to crack. Here is a list of possible pwdump tools.

Figure E

Hash Suite

To the rescue

There will come a time when you need to crack a password -- and when that time comes, you'll be glad you have a recovery tool available. Yes, there can be tricky ethics to deal with. But when you need to recover a password, sometimes there is no way around it. Get familiar with one (or more) of these tools so you won't have to resort to reinstalling an OS when a simple cracker will solve the problem.

About

Jack Wallen is an award-winning writer for TechRepublic and Linux.com. He’s an avid promoter of open source and the voice of The Android Expert. For more news about Jack Wallen, visit his website getjackd.net.

23 comments
carolanderson696
carolanderson696

The experience that I forgot windows password happened to me a few weeks ago.
My classmate recommend me to take use of PCUnlocker (http://www.top-password.com), which is very smart and just take me a short time to reset a newly password. I think this tool should also be added into the list above.

jeffowen196
jeffowen196

My favorite software is PCUnlocker. Besides resetting Windows password, it also supports password resetting for Windows 8 Microsoft account, promotes standard user account to administrator. The enterprise edition of PCUnlocker supports UEFI Secure booting.

viProCon
viProCon

A little off topicbut I've been looking everywhere for a WORKING zip/rar cracker. I pu a pw on azip file of mine from about 8 years ago, damned if I know it now.

andrcs
andrcs

Yes, these are the nice software but few features are always to be considered while choosing a best one. * It must consist of 'Brute-Force Attack' and 'Dictionary Attack' Techniques. * Must be Compatible with Windows 7, Vista, 2003, XP or 2000 operating system. * Should provide a 100% guaranteed recovery and allows you save password in .txt format for future references.

l_e_cox
l_e_cox

If these can recover multiple passwords from a store, then you could suddenly have access to a lot of other people's accounts. Even an admin is technically not supposed to be able to do this. Still, I can see the need for this sort of capability in a pinch. So that returns us to the larger questions of data security, such as: level of exposure to networks, encryption, security of backups, and more generally, the problem of criminality in society.

david_bobb
david_bobb

Ntpasswd deserves an honorable mention -- it's one of the classic tools for resetting/blanking windows passwords (if cracking it is too much trouble) and it will go right into the SAM hive and rewrite the password to any local account. The only caveat is that if you reset a password where the user account has folders that are encrypted with bitlocker then you will lose the encrypted stuff. That said, most PCs don't use bitlocker as it must usually be manually implemented.

joeller
joeller

I along with the rest of the Department of Defense have apparently been living in a fool's paradise. I thought our passwords were secure against hacking. Now to see that not only are they not secure, but that people are giving away tools to break them is not only discouraging but disconserting,

pslat
pslat

Thanks for the info. I agree with the comments about Nir Sofer's tools although I have to carry them on a usb stick with write protection as any good av program detects several of them as dangerous, which they are of course if not used for support. One free windows password recovery utility I've used successfully in the past, when the user had forgotten their admin login and naturally no password reset disk, is 'Offline Password & Registry Editor' (http://pogostick.net/~pnh/ntpasswd/) - Free boot disk or usb key. ****Please note that this one removes the password so if there are any encrypted (EFS) files they will be inaccessible after resetting the password*** - I wonder if the password reset tools above can deal with efs?

johanlast
johanlast

Nirsoft has helped a lot with my IT job. I use the MailPass program like twice a week. Customers keep telling me they don't have an e-mail password.... lol. Another program I use is "Reset Windows Password - from Passcape", it is a live CD that can reset and view current windows/domain passwords (not free). I tested this little gem from XP to W2008 and it came through each time. I almost use this CD as much I use my discs to install/repair customer operating systems, about 60% of my customers don't give me their windows password when they bring their pc for repairs.

spudman
spudman

How come no mention of the tools at www.nirsoft.net?

lehnerus2000
lehnerus2000

Nice collection of (potentially) useful tools. :)

Infra_HDC
Infra_HDC

NTPASSWD is very useful tool, that recommended itself many years as true windows system administrators lifebuoy, but at the moment, its last version, 110511, cannot operate within UEFI disks. It is very strange that there is no UEFI support, despite that compatibility with Windows 7 is declared. There is a similar tool with UEFI (GPT) support?

a.portman
a.portman

Password tools for windows have been around for quite a while, sorry Joe. They are also pretty easy to find even without reviews from TR. Like many tools, the ethics of its use depends on who is using it and how. Do you have a screwdriver? If your screwdriver is in the lock of my car it is carrying thieves tools and a felony. .38 pistol, target shooting - good, personal protection - good, give me all of the money in the register - bad. In addition to password tools, this would also apply to port scanners and ethreal.

chadness
chadness

Now that's just funny! I know some guys who work in IT security for DoD, and they are very nicely paranoid!

chadness
chadness

I agree - I always have a boot CD with Offline Password & Registry Editor handy, and often use it to reset an admin password when it's become lost or corrupted.

jill
jill

It recovered my Microsoft Access password quite nicely. Thanks for the recommendation. Guess I picked a poor password back in 2004.

Infra_HDC
Infra_HDC

UP! NTPASSWD, version 2014-02-01, already can GPT.

joeller
joeller

They have had us increase password complexity to an extent that they are having to reset or unlock people's passwords daily. (Because no one can remember them.) In addition, They require frequent rotation of passwords with no similarity to the previous one. But it seems to me that with software to break passwords, no password can be truly secure, as long as the password uses characters that a computer can simulate. So what is the answer? biometrics? But in order for the computer to respond to biometrics the input must convertible to 1s and 0s which again can be hacked by any program sufficiently advanced.

TekChick72
TekChick72

@joeller  There have been password tools, as a.portman has mentioned, for a very long time. The key is to use a password that is sufficiently complex as to discourage hackers from trying, as DoD is apparently requiring. If it's long enough, it can take weeks for it to be found, especially if you do not use dictionary words. While it is extremely frustrating for the user, it is necessary in today's world unfortunately.