Forgetting Windows password is not a rare case as far as I know. I have been asked a couple of times to help my collegues and freinds recover or reset the lost password. The foundation of password protection comes from what are called hashing algorithms. Generally, hashing is a single direction algorithm to transform a text password into a string of characters known as a hash. These password hashes are stored locally or on a network server to be used when authenticating a user. Microsoft has been using password security in many forms since LAN Manager, which used relatively weak LM hashing algorithms that were easy to crack with rainbow tables. The next major iteration was the NTLM password that came with Windows NT. It was still susceptible to rainbow tables, but was stronger against brute-forcing attacks.
Windows password recovery is a vast and complex field with a constantly changing landscape. There are tools developed more than a decade, but many of them are out of dated and limited in functionality, especially since Microsoft launched Windows 10 with additional security layers like biometric authentication (Windows Hello) that uses voice, fingerprint, iris and face recognition. Even so, the humble Windows password remains the most popular method of securing your PC. This article reviews some of the best Windows password recovery tools in 2019 that have stood the test of time and are considered among the top utilities in this category.
PassGeeker Windows Password Recovery is by far the most comprehensive, versatile and user-friendly password recovery tool available in 2109. Created by a talented group of developers, UI and UX experts at PassGeeker, it stands out from the rest of the pack because of its simplicity and effectiveness. Moreover, PassGeeker has been thoroughly tested on new and old versions of Windows, as well as the popular brands of PC and latop manufacturer, like HP, Dell, Asus, ThinkPad, Acer and many more. The password (weak and strong) can be reset in seconds without digging much into the details. That's the best part of this amazing Windows password recovery tool.Highlights of PassGeeker
How to Use PassGeeker Windows Password Recovery Tool: First, download and install PassGeeker on another PC or Mac computer. Then create password reset disk within the program, which is used to boot your locked PC and reset the password. All you need is a blank DVD, CD or a USB flash drive on which to burn the required ISO file, which is automatically downloaded and burned to the disk by PassGeeker.
Once created, the disk is inserted into the locked machine. The first boot device should be be changed to USB or DVD. And this can be done via the boot menu or BIOS setup on locked PC, which can be accessed by F2 or similar manufacturer-specific key. PassGeeker program will appear on the screen when the settings is finished. Click "Reset Password" button to remove password from the chosen user account and reboot the PC. After that, the password screen will be skipped and you will be lead to desktop without inputting the password.
Hashcat is considered to be the most powerful password recovery tool in the world, and can be used in Windows, macOS and Linux distributions. It works on a wide range of over 200 hash types, and uses various combinations of cracking methods like brute-force, hybrid dictionary and mask, combination and so on. It also supports multi-hash, multi-devices and multi-device-types.
Hashcat doesn't have a native graphics user interface, but there are several third-party tools for this purpose. The creators believe that command line interface is far more flexible and powerful than using graphic based user interfaces. One notable feature is the thermal watchdog, which ensures that the process aborts itself if your system gets beyond a certain temperature.
How to Use Hashcat for Windows Password Recovery: Since there's no installation required, you merely download and extract the application. You must also get the correct drivers from NVIDIA's or AMD's websites, respectively. The program can be run by dragging and dropping the executable file (.exe) directly into the command line interface. The basic usage is as follows:
Usage: hashcat [options]... hash|hashfile|hccapxfile [dictionary|mask|directory]...
Output data is stored in --outfile (-o), and you can specify a format for this, such as whether only the password should be shown or if it should include the hashes or the password in hexadecimal. Previously cracked passwords are stored in --potfile, and to save resources, these hashes won't be cracked again.
Cons of Hashcat:
John the Ripper is best known for its ability to detect and crack weak password hashes like Windows LM hashes. Though primarily available in source code form, the software has a premium version that is easier to install and use. There are also custom builds for Windows, Linux, Mac OS X and macOS, such as Johnny, an open-source graphic user interface for John the Ripper.
John the Ripper offers a pre-defined sequence of cracking modes that it uses on the password file, which you must retrieve before running the program. You can also run the program on multiple password files, which allows it to run faster than if you do one file at a time.
How to Use John the Ripper: The passwords in Windows are stored in the SAM file, which can be found in %SystemRoot%\system32\config, but you will need to mount your Windows partition using another OS, such as Kali Linux OS.
Once mounted, you can copy the SAM file and decrypt it with syskey, which will give you the password hashes. The hashes can then be cracked like: "john Cformat=LM Cwordlist=/root/usr/share/john/password_john.txt hash.txt". Kali Linux contains several wordlists, or you can use your own and even write your own list generators.Cons of John the Ripper
L0phtCrack is essentially a password auditing tool that can also be used for Windows password recovery. The latest L0phtCrack 7 supports GPU cracking and is said to be about 500 times faster than previous iterations. The best thing about L0phtCrack is that it offers various functions to obtain the password hashes to be cracked. Since it's an audit tool, it provides a scoring metric for password strength.
L0phtCrack also provides users with multiple audit types ranging from Quick to Strong, which can take about 24 hours to complete. Each audit method uses a different combination of attack types. The report can be exported as .csv, .html and .xml. One useful feature allows you to run the cracking job right away or at a scheduled time, which is useful when you want to work on your system and run the program during your off time.
How to Use L0phtCrack Password Recovery Software: L0phtCrack 7 has a nice user interface that makes it much simpler that would otherwise be possible for a relatively new user. The wizard takes you through where to get the password hashes from, what type of audit method (attack method) to use and how you want the reporting to be done at the end of the audit. The rest of it is done by the software, but you do need some familiarity with the process so you know what options to choose.Cons of L0phtCrack
TRT is short for Trinity Rescue Kit, which is also known as Winpass. It is essentially an automated script for the text-based ONTP&RE utility (chntpw), or Offline NT Password & Registry Editor. It works well for most PCs running on old Windows versions, like Windows 7, Windows Vista and Windows XP. It is not just a Windows password resetting software, but also contains other useful features like data recovery, virus scanning, Windows junk file cleaning, system backup and network analysis.
TRK offers a much simpler interface than some of the command line tools for password recovery. It is still text-based and you will see several elements of the chntpw tool, but since the script is automated it's better for newbie users.
How to Use Trinity Rescue Kit for Windows Password Reset : TRK is available as an ISO disk image that you will need to burn on an optical CD/DVD disc or a USB flash drive. You then boot your computer from this disk, which means the disk itself has to be created on a different computer. Once you boot from the disk, you'll see the interface with an option for Windows Password Resetting. After that you specify the username for the locked account, confirm the correct Windows installation and then either clear the existing password or set a new one.Cons of Trinity Rescue Kit
To be honestly, there are many more Windows password recovery/reset tools available but we don't have the time to list all of them in a single post. The above 5 Windows password recovery software are the best among the candidates you could find in search engines. The others share the same functionality as the ones reviewed in this article. For beinngers, PassGeeker Windows Password Recovery is the best because of user friendly. For intermedia levels, Trinity Rescue Kit is the way to go. For hacker or analyst, Hastcat, Jogn the ripper and L0phtCrack are much better options.