Post to Windows Topic
Losing Windows 10 login password is an inevitable situation anyone might go through. Maybe it's just an odd PC never being used frequently or shared with others. Clearly, there are chances to either forgot password from your side or could be changed by someone else. What really matters is that you're abandoned from accessing the PC unless you get the right password recovered. Moreover, you're left with a wide choice of methods to choose from. Simply, there isn't a 'best' method. You shall make use of those methods (or just one) which seem to comply amidst your comfort.
Generally, there are two types of cracking methods for Windows password. One valid solution is to extract the password hash from Windows and brute-force the hash value. When the hash is decrypted, it will be converted to a plain text, which is the password for login. This takes days or weeks if the password was complex. Another possible way is just to reset the password to blank. After that, there is no password required for login. This process is finished almost instantly.
[Update Notice, Jan. 6, 2021]Cracking Windows 10 password becomes extremely hard and time consuming because of improved security feature in latest Windows 10 release. Many of Windows password cracking tools like Cain & Able, Ophcrack are no longer working. Hashcat still works but you have to extract hash from Windows SAM file and crack it with different hash algorithms. It could take days to fully recover the password. Based on that, we suggest resetting the forgotten password instead as there are a lot of software for doing that. Most importantly, the locked computer can be unlocked in minutes in this way.
Table of Content:
Part 1: Reset Windows 10 Password Instantly with PassGeeker Software(Recommended)
Part 2: Crack Windows 10 Password For Free with Hashcat
Part 3: Crack Windows 10 Password via Factory Reset
Part 4: Use Text Command to Crack Windows 10 Password
Part 5: Crack Windows 10 Password via Cain & Abel Windows Password Cracker
Besides the two suggestions mentioned above, there is another easy and effective way to crack Windows 10 password. However, most of such tools are not free. But it is really worth the investment. The Windows open password will be removed quickly so no longer waiting for the result.
In here, we will use PassGeeker Windows Password Reset tool as an example. PassGeeker is a widely used explicit utility to have Windows passwords reset instantly, On the other hand, the tool has provision to secure the saved data during this process. Thus, recovery using PassGeeker isn't vulnerable to fail or affect the current system files. Moreover, the tool supports major Windows OS versions ranging from older Windows XP/Vista/NT to Windows 7/8/10.
Download Now Download Now
Step 1: Download & install PassGeeker software on a secondary PC. Insert a USB flash drive and start-up the tool. The interface assists you with 2 options to choose from. Among which, select 'Create Password Reset USB Flash Drive' and your drive name from the dropdown list. Alternatively, select 'Create Password Reset CD/DVD' if you prefer to use a CD/DVD for the recovery process.
Step 2: Proceed by clicking the 'Burn USB' option. The required files would be burned within 5-10 minutes, depending on your drive's capability. (Note: recovery files are burned and rather not copied. If you have a low-end secondary pc, be patient enough to let the process complete.) When done, a dialogue pops in saying 'Burning Successful'. Unplug your flash drive and have your locked PC ready.
Step 3: Insert your bootable flash-drive and reboot your PC. Enter your PC's boot menu before company logo gets dim. Select 'Boot from USB' option and then your USB stick. Burned files from the flash-drive will be used to perform a boot.
Step 4: Upon completion, PassGeeker interface will be loaded on your locked PC. Select your desired OS version like 'Windows 10' from the list. (In case you have multiple OS versions installed). After, head straight to the user name you'd like to get password cleared for. Next, select 'Reset Password' and the tool will start operating on its own for a couple of secs. When done, the password was removed from the computer.
Unplug the disk and reboot the computer. In addition, an extra handy option named 'Add User' on tool's interface will help create a new user account on the computer for login.
Download Now Download Now
Passwords on Windows 10 are stored in SAM file (C:/Windows/System32/config/SAM)and they are encrypted by a hash value instead of plain text you input. To crack Windows 10 password, the first step is to extract hash values from SAM file and crack the password using wordlist. Hashcat is free and open source software that is capable of cracking various types of passwords in an efficient way. We will use this tool to crack Windows 10 password in this part as demonstration.
Step 1: The first step is to extract password hash from SAM file. On a normal computer with administrator access, you can do this with Cain & Able. Move to Cracker section and click LM & NTLM Hash. Then right click any while space and choose 'Add to list...' from pop-up menu. Finally, accpet the default options in 'Add NT Hash from' section. Wait a few seconds, and you wil see the hash values.
If you forgot Windows 10 login password, then you have to create a bootable Kali Linux Live USB and insert it into locked computer. Change BIOS boot order and set USB as the 1st boot device so the locked computer will boot from Kali Linux Live USB. Once getting into Kali Linux, use fdisk command to locate the Windows drive and mount it with ntfs-3g command. After that, you can dump and copy the following password hash to Live USB.
cp /media/windows/Windows/System32/config/SAM /dev/sdb3
cp /media/windows/Windows/System32/config/SAM /dev/sdb3
Note: sdb3 is the drive letter of Live USB.
Step 2: Copy and save the password hash into a plain text file (e.g. password.txt). And the password hash is something like this:
Step 3: Find another working computer and download hashcat software. It is a zipped file so you should unzip it using 7-Zip or similar tools.
Step 4: Download a popular wordlist from here. This will help you crack Windows 10 password with millions of selected password combinations. Unzip the downloaded .gz archive and copy rockyou.txt to the root folder of Hashcat.
Step 5: Launch Powershell on your computer and enter into Hashcat folder. Now, input the following command to start cracking Windows 10 password with Hashcat:
hashcat.exe -m 100 -a 0 password.txt rockyou.txt
The above step uses Dictionary attack to crack Windows 10 password. Additionally, you can also apply Combinator attack, Mask attack and Hybid attack to break Windows 10 password. More details can be found on Hashcat Wiki Page.
Factory reset is a new feature introduced in Windows 10, with which you can reset the computer to factory state without installation media. After reset, all user data, apps and settings are wiped from system partition. So this is a very dangerous operation. Make sure you are aware of that before moving ahead.
Step 1: Power on Windows 10 computer and click 'Restart' option when you are at Windows 10 login screen. At this time, press and hold the Shift key.
Step 2: Windows 10 will reboot and you will see several options on the screen. At this time, choose 'Troubleshoot'.
Step 3: Under Troubleshoot section, please click 'Reset your PC' option. You can keep user files or remove everything. For password removal, you should choose 'Remove everything'.
Step 4: Now the computer starts to boot into recovery mode and reset everything on the device, including user settings, third-party apps, hardware drivers and user files.
If you were familiar with command prompt, the built-in free tool to crack Windows 10 password via plain text commands, it is quite easy to remove or change the user password in Windows with a set of commands. However, if you had no experience in using this utility, then it is highly recommended skipping this method and move to Part 3, which is much secure for average users.
Step 1: To get started with cracking password using cmd, you need a windows setup disk ready. You could create one using Windows Media Creation tool from another PC.
Step 2: Insert the setup disk and initiate a reboot. When the company logo fades in, press boot-option key and boot menu will be displayed. Select your USB/CD drive and proceed to boot. For some PCs, select 'Boot from USB' prior to this step.
Step 3: After your PC boot up, press 'Shift + F10' to have command line popped in. Replace utility manager with command prompt by executing following commands:
move d:\windows\system32\utilman.exe d:\
copy d:\windows\system32\cmd.exe d:\windows\system32\utilman.exe
Step 4: After these commands get executed, remove your setup disk and reboot. Upon login screen, select 'Ease of Access' option and the command prompt should pop up (If previous commands were precisely executed). Type in the following code to reset the password:
net user username newpassword
Step 5: Insert the setup disk again and restart. As before, press 'Shift + F10' to load the command prompt and execute:
copy d:\utilman.exe c:\windows\system32\utilman.exe
Step 6: Confirm to restore the utility manager by typing 'Yes'. Close the command prompt and reboot your PC after ejecting setup disk. Login and access your admin account without a password.
Cain & Abel is one of the best freeware to crack Windows 10 password. It sniffs in drive partition and does a few trial checks and turn out to display your password in the readable format. However, a long password may cause trouble to get sorted. Before getting started with Cain & Abel, unplug your hard-drive from locked PC and connect it as a secondary drive to a working one. This step is mandatory as Cain & Abel is operated on secondary PC.
Step 1: Download and install Cain & Abel from its official page. During installation, an additional prompt will be displayed to have 'WinPcap' installed. Proceed to install WinPcap as well. It a safe supplementary tool required for Cain & Abel's working.
Step 2: Open & select 'Tools' from the default interface. Choose 'Syskey Decoder' and click on 'Load' button (this would locate the system files used by windows to lock your PC). Instantly, the programme would display a decoded boot-key to crack the saved password. (Keep this boot-key copied)
Step 3: After, open 'Cracker' tab and select 'LM & NTLM Hashes'. When done, click the plus icon situated at the top left corner. Locate 'SAM file' of your locked Windows's partition and enter the boot-key you've obtained in the previous step.
Step 4: Proceed by clicking 'Next' and user lists will be loaded, aligned to right. Right click after selecting the desired user account and choose 'Brute-Force Attack -> NTLM Hashes'.
Step 5: Under charset, check 'Predefined' and choose a dictionary for brute-force. When done, press 'Start' button to crack Windows 10 password on your hard drive. Once recovered, the password will be visible inside the text box beneath.
Cracking Windows 10 password has been a tough task since Microsoft adopted a new hasing algorithm to store password. The new approach is much more secure, making its extremely hard to breach Windows 10 security loophole. Hence, many password cracking that functioned well for previous Windows version no longer works for Windows 10.
Among the password cracking methods discussed throughout this guide, Hashcat and Cain& Able won't feel comfortable unless you're an expert. But, those methods are still balling and risk-free if you can replicate them as mentioned. Part 1 make use of PassGeeker software built for this end and easily operable & less time-consuming. It is the best chocie to crack Windows 10 password! Please taste what smells good in your terms.