Summary of WINDOWS 2000/NT/XP startup password cracking

Source: Internet
Author: User
Tags net command

I have been asking questions for some time and have hardly given me any valuable contributions. I have always felt a little inactive. Based on some of my experiences and experiences, I have summarized the windows Startup Password cracking issue and hope to help you.

These three systems are all NT kernel, so I will explain the problem together. All methods to crack the 2000/NT password are applicable (NT is rarely used, please correct me if there is an error ), the last method to crack the XP password is now feasible. Now, I know and hear about the following methods:

1. Using the Administrator's empty password, some articles may introduce the security mode with commands, use the net command to add users, and then join the Administrator group. It's better to use the security mode directly. After the security mode is started, press CTRL + ALT + DEL twice to skip the account selection interface and enter the account password input mode interface. Enter the Administrator user and press Enter. Change it in the control panel;

2. there is also a saying: Use DOS, or use a dual system or multiple systems to delete the SAM file in WINNTCONFIG (2000/NT) or WINDOWSsystem32config (XP) under the system drive letter, the system will be able to log on to the Administrator with a blank password. I will tell you that this method is absolutely useful under 2000. If it is XP, it will not work. After the deletion, XP will not be able to start, and you have to reinstall the system;

3. another saying is: if the XP system is installed on a 2000 system disk, it will directly obtain the command mode with administrator permissions. However, in this case, you cannot call the net command to add users, it is useless. Only files can be deleted. It is better to use DOS.

4. Use a special cracking software to modify the password. For example, ntpasswd can be used to change the Administrator password. However, if you want to start a floppy disk, a non-floppy disk cannot be used.

It is effective for WINNT/2000/XP, but I have tried it. It cannot be used in XP.

I. Installation Method:

After decompression, there are two files: ntpasswd.exeand readme.txt. run ntpasswd.exe first, enter the password: as prompted, insert a floppy disk, and wait until the installation is complete.

Ii. Usage:

1. Start the computer with the installed floppy disk. It prompts a few lines in English to change the passwords of various users (including Administrator users ), you have passed the test on NT3.51, NT4 Workstation/Server, Windows2000 Professional, and Server RC2 (but not Windows2000 Active Directory Server). Press enter to continue.

2. After you press enter, the system prompts:

Do you have you NT disks on a SCSI controller? (Do You Have a scsi hard disk)

Y-this will autoprobe for the driver (select Y for automatic detection)

N-no, skip SCSI, I have IDE drivers (select N, skip SCSI, I only have IDE hard disk .)

After selecting N, the system lists all possible NT partitions, and then prompts:

What partition contains your NT installation? (Under which partition is your NT installed)

The default value is [/dev/hda1], which is the first hard disk partition. Because my Windows2000 is installed in the first partition of the hard disk, press enter to handle it by default.

Then the system prompts:

Select what you want to do: (Select the operation you want to perform)

1. Set passwords [default] (Set Password [default])

2. Edit registry (Edit registry)

Select: [1]

After selecting 1, the system prompts:

What is the full path to the registry directory? (What is the full path of the Registry directory)

The default value is [winnt/system32/config].

After you press enter, the system lists a large number of files in the winnt/system32/config directory, and then prompts:

Which hive (files) do you want to edit (leave default for password setting, separate multiple names with spaces)

[Sam system security]:

Ask which file you want to edit. Press the default value and press Enter.

At this time, a large English message is displayed on the screen, so ignore it.

The last line is:

Do you really wish to disable SYSKEY (y/n) [n] (Do you really want to disable SYSKEY ?)

The default value is n. Generally, press Enter.

At this time, the system prompts:

Username to change (! To quit,. to list users): [Administrator] (username to change the password ,! Exit. All user names are listed. The default user is Administrator)

After you press enter, the system prompts:

Please enter new password or nothing to leave unchanged. (enter a new password. If you do not enter a new password, do not change the password)

Enter a new password. Press enter and the system prompts:

Do you really wish to change it (y/n) [n] (Are you sure you want to change the password ?)

After selecting y, the system returns to Username to change (! To quit,. to list users): [Administrator]. You can change the password of another user and then press "!". Key to exit.

At this time, the system lists the users who have changed the password, and then prompts:

Write hive files? (Y/n) [n]: (Write File ?)

After selecting y, the system exits to the # prompt and restarts the computer. Then, you can log on with the new password.

The above methods have been tested and passed in Windows 3.51 Simplified Chinese Professional Edition (SP2), Windows Simplified Chinese Advanced SERVER Edition (SP2), and Windows nt server Chinese edition. However, it is invalid for XP. After testing, you can see that the user can be changed in the interface, but the password cannot be changed, and the password result will not change!

5. The final solution to XP: if you have the WindowsKey software on hand, you can solve the problem. This software package is included in Passware Kit 6.0 (the latest version) and is used to restore the password of the system administrator. After running the software package, three files are generated: txtsetup. oem, winkey. sys and winkey. inf: the total size of the three files is 50 kb. Put the three files in any floppy disk (the USB flash drive is also good), then use the XP installation CD to start the computer, press F6 to let the system install a third-party driver during the startup process. At this point, it is the best time for us to switch in. If we put this disk, it will automatically jump to the Windows Key interface. It will forcibly change the Administrator password to "12345", which can solve the problem of forgetting the Windows XP login password. Valid for both NT and 2000.


All right, after I finish the solution, I will know so much about it. Maybe someone will say that I forget everything. By the way, it is better to reinstall the system. Pai_^

Related Article

Contact Us

The content source of this page is from Internet, which doesn't represent Alibaba Cloud's opinion; products and services mentioned on that page don't have any relationship with Alibaba Cloud. If the content of the page makes you feel confusing, please write us an email, we will handle the problem within 5 days after receiving your email.

If you find any instances of plagiarism from the community, please send an email to: and provide relevant evidence. A staff member will contact you within 5 working days.

A Free Trial That Lets You Build Big!

Start building with 50+ products and up to 12 months usage for Elastic Compute Service

  • Sales Support

    1 on 1 presale consultation

  • After-Sales Support

    24/7 Technical Support 6 Free Tickets per Quarter Faster Response

  • Alibaba Cloud offers highly flexible support services tailored to meet your exact needs.