Cracking the boot password of Windows XP and Windows

Source: Internet
Author: User
Tags administrator password
I. some people who just picked up the computer often do not have a password for the Administrator account. Then they can use this account to enter the computer by pressing F8 to enter the safe mode, after the BLOS table appears, press f8. to set a password for administrator !!!

Ii. Reference:
Use the 98 carefree boot CD to enter the DOS interface. If it is a FAT32 format XP, go to X:/Windows/system32/config/to delete the Sam file. if it is an ntfs xp, use the ntfsdos tool in the carefree boot disc to go to X:/Windows/system32/config/and delete the Sam file.
Restart the instance and the administrator user name is used. Empty Password. after entering the desktop, change it.

This method may be useful to window2000, but it does not work for XP. I did a test and deleted the Sam file under DOS. As a result, an error box appears during the startup process, saying, security Account Management error. Please go to security mode and try again. As a result, I still have the same problem in security mode and keep restarting !!. Of course, if you prepare a SAM file without a password in advance and replace it with DOS when necessary, you should be able to enter the host !!!

Tip: The Security Account Manager (SAM) mechanism is used for security management of user accounts in WindowsNT/2000/XP, the Security Account Manager manages Accounts by using Security Identifiers. Security Identifiers are created at the same time when an account is created. Once an account is deleted, the Security Identifiers are also deleted. The security identifier is unique. Even if the user name is the same, the Security Identifier obtained at each creation is completely different. Therefore, once an account is deleted, its security id no longer exists. That is, using the same user name to recreate the account will also be assigned different security ids, the original permissions are not retained.

Note: If the hard disk is in NTFS format, you must use the ntfsdos tool. You can download it online and store it in a floppy disk or a USB flash disk. Use it !!!

3. Reference:
If you forget to log on to the password center, you can solve the problem as follows ﹕

1. Press [F8] and select [safe mode with command prompt] During the electric drive 〕

2. After selecting [administrator], the [command prompt] window will pop up.

3. Add a user using the [net] command. For example, add a user named alanhkg888. The command syntax is as follows: Net user


4. We will add a new token to raise the token to the Administrator. For example, the token to increase the permission to use alanhkg888 ﹐
The command syntax is as follows: Net localgroup administrators alanhkg888/Add

5. After completing the preceding steps, re-launch the notebook and add an Alibaba Cloud account named alanhkg888 on the notebook page. Select alanhkg888 for import.

6. After logging on to the console, go to [control domains] → [user authentication] → select the user who forgets the password, and then select [remove Password] and [Wait 〕

7. Select the original token in the logon dialog box, so that you do not need to wait for the token (because it has been removed)

8. You can use the token only after the token is deleted. Choose [control token] → [User Token] → select [alanhkg888] And then select [remove token ].

I often see this method or similar method on the Internet. In fact, this method is only applicable when the Administrator does not set a password. It is the same as the first method I mentioned !!!!

4. Use screen saver to break the boot password !!!!
The premise is that your default screensaver has not been changed !!!

Go to DoS and rename or shift the logon. scr file in C/Windows/system32. Rename cmd.exe to logon. scr, and rename or shift the two files in C:/Windows/cachedll. Restart the system. Wait for about 10 minutes. The cmd window will pop up and use the net user to change the password.

This method has been successfully applied to many machines. However, some machines cannot succeed.
This method is mainly to enable the logon. scr file when using screen saver. If you change it to cmd, it will be changed to start cmd!

5. You can use third-party software to crack the issue. You can search for it on the Internet and find it.
For example, you can mount the hard disk to another host and download a software dedicated to cracking the Sam file from the disk to the Internet.
Open 3389, no password. If you can download Sam, we will tell you how to use the most powerful LC4 to crack the password.
(Remote cracking)
Download related software:


Cracking Sam animation Tutorial:

It's best to download it early. Maybe it's gone some day!
I have not tried to copy the Sam files of the same operating system !!!
Use Windows key 5.0. This software package is included in passwarekit5.0 and is used to restore the password of the system administrator. After running the software package, three files are generated: txtsetup. OEM. winkey. sys and winkey. INF, the three files are only 50 kb in total, short and concise. Place the three files in any floppy disk, start the computer using the XP installation CD, and press F6 to allow the system to install a third-party driver. At this point, it is the best time for us to switch in. The portable floppy disk will automatically jump to the windowskey interface. It will forcibly change the Administrator Password
To "12345", after you restart, you will be asked to change your password again.

6. Use the script to restore the boot password !!! Xp startup script (startup scripts)
1. Use the boot disk to go to DoS and write a file named A. bat with only one net user name pass
Save a. BAT to: C:/Windows/system32/grouppolicy/machine/scripts/startup.

2. Compile a startup/shutdown script configuration file scripts. ini, which is fixed and cannot be named any other!
The content is as follows:
0 rows line = A. bat
0 parameters =

Note that this "0" is the number "0"
Save to: C:/Windows/system32/grouppolicy/machine/scripts/
3. Restart.

TIPS: How to input code in DOS! Reference the original hacker base moderator teaks! (If you have a draft fee, I will give you a copy)

Enter the copy statement in the command line, and then you will see that the cursor is blinking and there is no prompt. At this time, DOS will give you the opportunity to enter the file content. After the input, press Ctrl + Z to end, ^ Z will appear on the screen, and press enter to save the input to the file. At this time, the screen is like this
D:/> copy con scripts. ini
0 rows line = A. bat
0 parameters =
^ Z
1 file (s) copied.
Oh, please remind me that every line of input should be taken seriously, because after you press enter, you will not be able to come back and edit this line. The return key cannot be returned !!

This method is read in the latest computer report, and it is not so detailed as it is written. You can check it yourself! October!

The above methods are not necessarily effective. The key is to understand how to crack them !!!

After self-testing these methods, I found that either of them is not valid for the XP system.

The 4th method may be better. After ten minutes, you can enter the CMD window, but you cannot change the user password because you do not have the permission. however, you can run the desktop and enter the desktop. Many software cannot run. if you are interested, please give it a try. (Note: it is an experiment in Windows XP ). it should be valid for 2000.

Related Article

Contact Us

The content source of this page is from Internet, which doesn't represent Alibaba Cloud's opinion; products and services mentioned on that page don't have any relationship with Alibaba Cloud. If the content of the page makes you feel confusing, please write us an email, we will handle the problem within 5 days after receiving your email.

If you find any instances of plagiarism from the community, please send an email to: and provide relevant evidence. A staff member will contact you within 5 working days.

A Free Trial That Lets You Build Big!

Start building with 50+ products and up to 12 months usage for Elastic Compute Service

  • Sales Support

    1 on 1 presale consultation

  • After-Sales Support

    24/7 Technical Support 6 Free Tickets per Quarter Faster Response

  • Alibaba Cloud offers highly flexible support services tailored to meet your exact needs.