Restore Windows/XP Administrator Password

1. Delete the Sam file and clear the Administrator account and password.
2. Search for the password from the Sam File
3. Reset the disk with the password
Iv. Modify Screen Saver files
5. Use the software to change the password
Windows. xp.2000.nt. Password. Recovery. Key
Cleanpwd
The offline nt password Editor
Winternals administrator's ERD Commander 2002/2003
Use O & O bluecon2000 to forcibly change the password of the local administrator of Windows2000
Login to Windows 2000/XP without changing the password --- dreampackpl PE
Vi. Ancient secrets-Input Method Vulnerabilities
VII. immortal power-hacker technology

1. Delete the Sam file and clear the Administrator account and password.
Windows 2000 contains a SAM file (account and password database file) under winnt \ system32 \ config, which saves all user names and passwords in Windows 2000. When you log on to the system, the user name and password you entered will be displayed. Verify the encrypted data in the SAM file. If the two are completely consistent, the system will be smoothly accessed; otherwise, the system will not be able to log on. Therefore, we can use the method of deleting the Sam file to restore the administrator password.
Start with Windows PE, Bart PE, ntfsdos, etc. Delete the Sam file and restart. At this time, the Administrator account has no password, and you can use the Administrator account to log on to the system, you do not need to enter any password. after entering the system, you can reset your administrator account password.
TIPS:
1. This method cannot be used on Windows XP/2003. Deleting a SAM file will cause a system crash.
2. in WindowsNT/2000/XP, the Security Account Manager (SAM) mechanism is used for security management of user accounts. The Security Account Manager manages Accounts through Security Identifiers, the security identifier is created at the same time when the account is created. Once the account is deleted, the security identifier is also deleted. The security identifier is unique. Even if the user name is the same, the Security Identifier obtained at each creation is completely different. Therefore, once an account is deleted, its security id no longer exists. That is, using the same user name to recreate the account will also be assigned different security ids, the original permissions are not retained.
The security account manager displays the % SystemRoot % \ system32 \ config \ SAM file. The Sam file is a user account database of WindowsNT/2000/XP. All user login names, passwords, and other related information are stored in this file.
3. in Windows XP, copy the \ windows \ repair \ SAM file to the \ windows \ system32 \ config \ directory to overwrite the original file (if you are not sure, back up the original Sam file first ), the password of the Administrator account is blank.
4. If possible, other methods are recommended.
Advantage: easy to use
Disadvantage: The security identifier is damaged and cannot be used in Windows XP or Windows 2003. If EFS is used for encryption, data is lost.

2. Search for the password from the Sam File
Famous American computer security company @ Stake produced by Windows/Unix Password search software LC4/LC5, the latest version is LC5 v5.02, can download to its website, address is: http://www.atstake.com, this is commercial software, features are not registered. The registered version of LC4 is provided here.
Run LC4, open and create a new task, and then click "import-> import from Sam file" to open the Sam file to be cracked. At this time, LC4 will automatically analyze the file, the user name in the file is displayed. Then, click "session-> begin audit" to start cracking the password. If the password is not complex, the result will be obtained in a short time.
However, if the password is complex, it takes a long time.
Advantage: it is important to encrypt data with EFS without damaging the original system password.
Disadvantage: slow speed may take days or even years.

3. Reset the disk with the password
After logging on to Windows XP without using the "Welcome screen" Logon method. Press CTRL + ALT + DEL to display the Windows security window. Click Change Password in the options to display the Change Password window (figure 1 ). In this window, back up the current user's password, click the "backup" button in the lower left corner to activate the "forgot password wizard", and follow the prompts to create a password and reset the disk.
If you enter an incorrect password in the Windows XP Logon window, the "Logon Failed" window will pop up. If you cannot remember what your password is, you can click the reset button to start the password reset wizard, reset the disk with the password you just created, reset the password, and log on to Windows XP.
Advantages: security is very important for data encryption using EFS.
Disadvantage: a floppy disk is required, and a password should be set up to reset the disk when the password is set. There is no way for a machine without a soft drive.

Iv. Modify Screen Saver files
Principle: when Windows 2000 or XP is started, if it is not in the system, the screen saver will be automatically started, if CMD is used. EXE or explorer. EXE replaces logon. SCR: The cmd command is actually started at startup.
Procedure
1. Copy the system installation directory system32 \ logon. scr file backup;
2.change the name of "cmd.exeor cmder.exe" to the logon. scr file, and replace the logon. scr file in the System32 directory of the system to be cracked;
And the current identity is local system
4. Change the password in Command Line Mode
Net user administrator your-New-Password
If this is a domain controller, enter net user administrator your-New-Password/Domain
5. log on to the system and restore the logon. scr backed up in step 1.
Advantages: simple and secure.
Disadvantage: it takes a long time to wait. If the screensaver is not enabled, it may not be valid. You cannot retrieve the password of another account with an administrator identity. You can only modify the password. If you use EFS to encrypt the account, the encryption is damaged, and data is lost.

5. Use the software to change the password

1. Windows. xp.2000.nt. Password. Recovery. Key

Passware's windows. xp.2000.nt. Password. Recovery. Key software can automatically change the administrator password to 12345. After the system is restarted, use this account to log on. In the "control panel" user, modify the administrator password again.
Software name: Windows. xp.2000.nt. Password. Recovery. Key 6.3
: Http://www.lostpassword.com download the prepared floppy disk image file here

System: Windows2000 Professional [version 5.00.2195]
Related information: the Administrator password of the system administrator account is lost, there are no other vulnerabilities that can be logged into the user account, Sam files cannot be read, other operations, and no input method vulnerabilities.
Required tools: Windows2000 installation disc (or Windows2000 boot disk), Windows XP-2000-NT key, an empty floppy disk.
Operation process and related answers:
Usage:
Install the software and run the following interface:

First, we need to use the Windows XP-2000-NT key to make a special drive disk. Windows XP-2000-NT key is the United States passware company produced a dedicated for Windows password cracking tool software,
Http://www.password.com provides the demo version of the software and detailed instructions for use, interested friends do not go to a look. Open the software and you will see a prompt at the bottom: Please insert a blank floppy disk into drive a: and click Next when ready. At this point, the prepared floppy disk into the soft drive, click Next, Windows XP-2000-NT key will automatically make this disk as a special drive disk. After the drive disk is ready, you can proceed to the next step. Use the Windows installation disk (or boot disk, in this example, use the installation disk) to start the computer with the password to be restored, when the prompt press F6 if you need install party SCSI or raid driver..., press F6, wait until the loading process is complete, see the prompt: To specify addition al SCSI adapters, CD-ROM drivers. or special disk controllers for use with Windows 2000, including those for which you have a device support disk from mass storage device manufacturer, press s immediately, then the system will prompt: please insert the disk labeled maufacturer-supplied Hardwaresupport disk into driver A: * press Enter when ready. Insert a floppy disk to load the Windows XP-2000-NT key driver. Wait a moment and the system automatically enters the Windows XP-2000-NT key environment. At this time, the system will prompt: Set administrator 'password to '123 '? (Y/N):, Type Y, to be displayed:
Password has been reset.
User name is 'admin '.
New password is '000000'
At this time, the password of the system administrator account Administrator has been changed to 12345. Remove the installation disc and floppy disk, and restart the operating system to log in with this account.

Click Floppy Driver disk to insert the prepared floppy disk into the floppy drive. Click Next, and the windows XP-2000-NT key automatically creates the disk as a special drive disk. After the drive disk is ready, you can proceed to the next step. Use a Windows/XP installation disk, or use the Bart PE of the boot disk to start the computer with the password to be restored. When the prompt press F6 if you need install party SCSI or raid driver is displayed..., press F6, wait until the loading process is complete, see the prompt: To specify addition al SCSI adapters, CD-ROM drivers. or special disk controllers for use with Windows 2000, including those for which you have a device support disk from mass storage device manufacturer, press s immediately, then the system will prompt: please insert the disk labeled maufacturer-Suppl IED hardwaresupport disk into driver A: * press Enter when ready. Insert a floppy disk to load the Windows XP-2000-NT key driver. Wait a moment and the system automatically enters the Windows XP-2000-NT key environment. At this time, the system will prompt: Set administrator 'password to '123 '? (Y/N):, Type Y, to be displayed:
Password has been reset.
User name is 'admin '.
New password is '000000'

At this time, the password of the system administrator account Administrator has been changed to 12345. Remove the installation disc and floppy disk and restart the operating system.
Login.
Advantages: simple and secure
Disadvantage: a floppy disk is required. You cannot create a boot disc for a machine without a floppy disk. Other account passwords with Administrator identities cannot be recovered. They can only be modified. If EFS is used for encryption, encryption is damaged, and data is lost.
Return to recover the Windows/XP Administrator Password

2. cleanpwd

Author: Bingle
Email: bingle@email.com.cn
Web: www.binglesite.net
Use a password-changing applet to replace the necessary program for system startup. Then, the password will be replaced when the system is started, and then the replaced program will be restored. Of course, you must first be able to access system partitions to replace programs started with the system.

One way to replace the programs necessary for system startup is to write a cleanpwd applet that clears the administrator password (Click here to download), which you can download in the http://www.BingleSite.net as follows:

Usage
1) Use a dual system, boot disk, or mounted to another system. If the NTFS partition is another system or boot disk, you must be able to read and write the NTFS partition, replace system32 \ svchost.exeunder the Windows installation directory, and copy cleanpwd.exe to SVC host.exe.

2) Start the system and clear the administrator password. you can log on directly.

3) Restore svchost.bak.exe.
(You can also choose to replace other programs. If you replace svchost, you 'd better restart or start the RPC service to make the system work normally)

4) Select svchost.exe for the program instead of other programs.
Every Windows NT/2000 system has these processes,
System (kernel executive and kernel)
SMSs (Session Manager)
CSRSS (Win32 subsystem)
Winlogon (logon process)
Services (Service Control Manager)
LSASS (Local Security Authentication Server)

If any one is killed or fails, the system restarts. However, you cannot change the password before starting LSASS, because LSASS is a security system responsible for password verification, and the system startup sequence is listed above, so you cannot choose these programs.

In addition, the system generally has the following programs:
Svchost.exe (Remote Procedure Call (RPC) and other services)
WBEM \ winmgmt.exe (Windows Management Instrumentation)
Mstask.exe (Task sched.exe)
Regsvc.exe (Remote Registry Service)

There may be other service programs. You may have disabled services other than RPC, but RPC is not disabled. Otherwise, the system will not work properly. So I chose SVCHOST. If you know that other services will automatically start, you can also choose it.
Of course, if the system has installed anti-virus software, you can also replace the anti-virus software, because general anti-virus software will launch the anti-virus firewall to prevent viruses when the system starts.
Others
I had this idea a few months ago, but I have never written this program and the program runs in c: \ cleanpwd.txt to record a simple log. I also attached the source code, you can modify it to meet your requirements, such as adding a user instead of changing the administrator password (or renaming the administrator ).

Advantages: easy to use and secure.
Disadvantage: you cannot retrieve the passwords of other accounts with Administrator identities. You can only modify the passwords. If you use EFs for encryption, the encryption is damaged and data is lost.
Return to recover the Windows/XP Administrator Password

3. The offline nt password Editor

Another solution to Windows administrator password loss is to use the offline nt password Editor (http://home.eunet.no /~ Pnordahl/ntpasswd/). This tool is used to modify the Registry File Sam offline to set the password. I need to use his image file to create a boot disk for guidance, and then access the NTFS partition to reset the password. Although the author often updates his program, I am still worried that he will directly operate the security of the SAM file, it may sometimes cause system errors. (Note: I have heard on the Internet that someone has used this tool to cause the system to crash and cannot be restored using other methods. Therefore, you must back up Sam-related files before using this tool)
After starting with a floppy disk, we can see a lot of output information about Linux Startup. The name of this "simplified Linux System" is syslinux.
The copyright notice of the software then states that the software has passed the test under nt3.51, NT4.0, Windows2000 Professional & Advanced Server RC2, but the Windows2000 System Using Active Directory has not been tested.
Next, the system prompts "do you have your NT disks on a SCSI controllers ?", If you want to check whether the NT system is installed on the SCSI hard disk, enter "N" here ". The system starts to check the hard disk and hard disk partition, and displays the detection result in the form of Linux. After a prompt string is displayed, press enter to continue.
The system prompts "select What You Want To d1-set passwords [Default] 2-edit Registry" to change the administrator password, so enter the number "1", enter. The prompt "what is the full path to the Registry directory?" appears ?", Ask about the Registry storage path. The default value is "winnt/system32/config". If you changed the path when installing the system, then, change the path according to your actual situation and press enter to continue.
Next, "which HIDs (Files) Do you want to edit (leave default for password setting, separate multiple name with space)" appears. Press enter and list all users' accounts, ask "Do you really wish to disalbe syskey (y/n)", enter "N", and press Enter. Prompt "username to change (! To quit ,. to users): ", enter" Administrator "(assuming your administrator account is administrator), press enter and press the prompt" Please enter new password, you can enter the new password of the "Administrator" account and then ask "Do you really wish to change it? (Y/N), enter "Y", and press Enter. The system finally asked you "about to write files back! Do it ?" (A little wordy, huh, huh) after entering "Y" to confirm, the system prompts to restart the system by pressing "cltrl-alt-del.
Now, after starting the system, you can use our modified password to log on.
Advantages: easy to use and secure.
Disadvantage: you cannot retrieve the passwords of other accounts with Administrator identities. You can only modify the passwords. If you use EFs for encryption, the encryption is damaged and data is lost.
Return to recover the Windows/XP Administrator Password

4. winternals administrator's ERD Commander 2002/2003.

Website http://www.winternals.com/

For details, refer to here

ERD commander is the most powerful component in the winternals administrators 'pak tool. One of the notable features is to change the password, in Windows NT/2000/XP/2003, the password of any user can be changed by ERD without knowing the original password. You can use ERD commander's own boot disc, Windows PE, or Bart PE to start ERD commander.
Note: After the syskey command is used in the XP system, the ERD commander cannot change the password. You must use the offline nt password editor.
Advantages: simple and secure
Disadvantage: you cannot retrieve the passwords of other accounts with Administrator identities. You can only modify the passwords. If you use EFs for encryption, the encryption is damaged and data is lost.
Return to recover the Windows/XP Administrator Password

5. Use O & O bluecon2000 to forcibly change the Windows local administrator password

Source: Chinese nt Resources Network [http://www.AboutNT.com]
Copyright: original, compiled Article copyright belongs to the site all, if there is reference please contact the Chinese nt Resources Network [http://www.AboutNT.com] webmaster.
Other information: Chinese nt Resources Network [http://www.AboutNT.com] for personal network .. l: zhuqs@163.com (zhuqs@163.com)

Compilation: a smile from the sea
O & O bluecon 2000 is a German-developed tool software that allows you to easily repair damaged Windows NT/2000 systems, similar to the Windows 2000 Recovery Console, the only difference is that it can enter the system without a password. the most common function of this tool is to change the password of the local administrator.

To use o & O bluecon 2000 to change the password of a local administrator, follow these steps:

1. Create a tool disk.
(1) create four windows 2000 boot disks. For details about how to create them, see winnt/important floppy disk on this site.
(2) Start "O & O bootwizard" of O & O bluecon 2000, and modify the installation floppy disk we just created (only 1st and 4th are modified) in four steps.
(3) Step 1 select boot device to ask which method you use to boot the system, floppy (four install floppy disks) or CD-ROM, here we choose floppy (4 disk required) for this item, follow the next step;
(4) Step 2 Select Options ask if we want to create a Windows Installation Boot Disk, because we just created it, so we do not select it. click Next;
(5) Step 3 patch Disk 1 and patch disk 4 will prompt you to insert 1st and 4th in sequence for modification. Follow the on-screen prompts to complete the preparation of the tool disk.

2. Modify the local administrator password
This tool is the same as the previous tool used to change the administrator password. It can only change the local administrator password in Sam.
Before using O & O to change the password of the local administrator, we will first introduce the commands supported by O & O. A total of 28 commands can be used at the "A: \>" prompt "? "Or" help "command to view. The 28 commands are important:

Backup: Backup Registry
Device: displays the hardware configurations of an operating system.
Edlin: a text editing tool
Passwd: Password Change command
Reboot: restart the machine command
Regedit: edit the Registry command
Service: displays/starts/disables service commands
Scopy or SCP: file copy command, which can copy the security attributes of a file
User: displays users of an operating system.
Vmap: displays information about the current volume.

You can use the "command /? .

To modify a local user, follow these steps:
(1) Insert 1st floppy disks into the drive, restart the machine, boot the system with a floppy disk, insert the four disks in sequence as prompted on the screen, and finish the installation interface. Finally, the system will prompt:

O & O bluecon 2000 V2.0 build 256-English keyboard
(C) 2000 O & O software GmbH. Allright reserved.
A: \>

(2) Use the passwd command to modify the password of the SAM Database account. The passwd command is used as follows:

Passwd []

The password parameter in the passwd command is optional. If you do not enter the password of this account, the password of this account will be cleared (this is not recommended ).
If you want to change the Administrator's password to 123456, you can use it as follows:

A: \> passwd administrator 123456

After you press enter, if you have multiple operating systems in the current system, the system will prompt you to change the administrator password of the operating system. A similar prompt is as follows:

Please choose a system to logon
1. "Microsoft Windows 2000 Server"/fastdetect
2. "Microsoft Windows XP Professional"/fastdetect
3. "Microsoft Windows 2000 recovery cortrol"/cmdcons

Select an appropriate operating system to be modified. Here, select 1 to modify the administrator password of the Windows server. after a while, if the system prompts "password was successfully changed", the password in management is successfully modified. if your o & O software is not a full version but is not a registered version, the system will prompt the Administrator that the password is read-only and cannot be modified.
(3) Remove the floppy disk from the soft drive, restart the system, and enter the directory recovery mode. Then we can use the new Administrator password to access the system.

The latest version of this software is http://www.oosoft.com
Advantage: relatively safe.
Disadvantage: a floppy disk is required. It is difficult for a machine without a floppy disk. The operation is complicated. If you cannot retrieve the password of another account with an administrator identity, you can only modify the password. If you use EFS to encrypt and decrypt the password, data loss.
Return to recover the Windows/XP Administrator Password

6. log on to Windows 2000/XP without changing the password --- dreampackpl PE

For more information, see here.

Software with brand new ideas.
It allows you to log on to the system without having to know the administrator or user password of the local system;
It does not change the password of the user in the local system;
It allows you to have full access to the local system;
It allows you to access files and folders encrypted by the EFS encryption system (for Windows 2000). (I have tested this function on Windows XP SP1 Simplified Chinese version, you can only browse folders or file names, but cannot open, copy, or move files .)
Advantage: it is easy to use and secure. You do not need to change the password of all users in the system to log on.
Disadvantage: you cannot retrieve the password of another account with an administrator identity. You can only modify the password. EFS encryption for Windows XP does not work. The effect on Windows 2003 is unknown.
Return to recover the Windows/XP Administrator Password

Vi. Ancient secrets-Input Method Vulnerabilities

The input method has been vulnerable for a long time and may be well known to many friends. If feasible, it is the first choice for obtaining system management permissions. The so-called Input Method Vulnerability, that is, when we start Windows2000 (NT) to the logon verification interface, anyone can open the help bar for various input methods, you can also use the URL jump function to access the system without authorization.
System: Windows2000 Professional [version 5.00.2195] and Windows XP. No vulnerability patches have been upgraded.
Related information: the Administrator password of the system administrator account is lost, there are no other user accounts that can be logged on, Sam files cannot be read, or other operations, and there is an Input Method Vulnerability.
Required tools: None
Operation process and related answers:
Start the system and log on to the system. Press Ctrl + shift to switch the input method status to "full spelling" (or other input methods, as long as you can call up the input method help, click "help" and "Operation Guide" on the status bar ". Right-click the title bar of the "Operation Guide" form, select "Jump to URL", enter c: \ win dnnt \ system32 in the jump input box, and click OK to enter the folder. Find the net.exe file and create a shortcut. Right-click the shortcut, select its attributes, and change the "target" column to c: \ winnt \ system32 \ net.exe user wing 123456/Add. Click "OK" and then click "execute. In this way, a new user with the username wing and password 123456 is added to the system. Then, in the same step, create a shortcut and change "target" to "D: \ winnt \ system32 \ net.exe localgroup administrators Wing/Add" in its properties. Double-click the shortcut to execute the operation. This step adds the newly created user wing to the local administrator group.
Advantages: Security
Disadvantage: you cannot retrieve the password of another account with an administrator identity. You can only modify the password. The operation is complex and cannot be used after vulnerability patches are upgraded. The effect on 2003 is unknown.
Return to recover the Windows/XP Administrator Password

VII. immortal power-hacker technology
As the last part of the article, we will show you how to use hacker technology to retrieve your permissions.
System: Windows2000 Professional [version 5.00.2195]
Related information: the Administrator password of the system administrator account is lost, there are no other vulnerabilities that can be logged on to the user account, no input method vulnerabilities, and other vulnerabilities that can be exploited. No Sam file or input method vulnerabilities can be obtained. Provides IIS services and has several vulnerabilities.
Required tools: gfi vulnerability ARD network scanner (or other similar vulnerability scanning software)
Others: the system to be cracked is in the LAN.
Operation process and related answers:
Start the system to be cracked to the login status. Perform the following operations on another machine on the same LAN as this machine:
First, download the scanning software from http://www.newup.com.cn/software/gfi-javasard-network-scaner. After the download, follow the prompts to install. The installation process is very simple. I will not describe it here. Next, use the software to scan the target system. You can see the-escaped characters decoding bug/scripts/In the scan results /.. % 255C .. % 255C .. % 255C .. % 255C .. % 255C .. % 255 cwinnt/system32/cmd.exe? /C + Dir, which indicates that the target system has several CGI vulnerabilities such as Unicode and idq. Different vulnerabilities can be intruded using different methods to gain control over the system. This article cannot be described in detail, because hacking technology is so powerful and powerful. If you want to talk about it, I am afraid it will not be completed in Year 12. This is only a reference to this feasible method. Please analyze the specific situation. There is a lot of information about this on the Internet. If you are interested, you can find it on your own.
Advantages: Security
Disadvantage: complicated use requires professional knowledge. You cannot retrieve the passwords of other accounts with an administrator identity. You can only change the password.
Return to recover the Windows/XP Administrator Password