Reset Your Windows Password Using Ubuntu Linux

OPHCrack
OPHCrack.

Introduction

If you bought a computer with Windows pre-installed it is highly likely that during the setup you were asked to create a user and you assigned a password to that user.

If you are the only person using the computer it is likely that this is the only user account that you created. The main issue with this is that if you ever forget your password you have no way of accessing your computer.

If I received £1 for every time that I had reset somebody's Windows password I would be rich. (Well maybe not rich but at least I would have enough for a new winter coat).

This guide is all about showing how you can reset a Windows password using Linux. In this guide, I will highlight two tools which you can use, one graphical and one requiring the command line.

You don't have to install Linux onto your computer to use these tools. You do need a live bootable version of Linux. 

This guide will show you how to create a Ubuntu USB drive.

If the computer you are locked out of is your only computer then you might not be in a position to create a USB drive because you won't have a computer to do it on. In this instance I recommend getting a friend to do it using their computer, using a library computer or an internet cafe. If none of these options are available you can buy a Linux magazine which often comes with a bootable version of Linux as a DVD on the front cover.

Use OPHCrack To Recover The Windows Password

The first tool, that I am going to show you is OPHCrack.

This tool should be used for Windows systems where the primary user can't remember their password.

OPHCrack is a password cracking tool. It does this by passing the Windows SAM file through dictionary lists of common passwords.

The tool isn't as foolproof as the method on the next page and takes longer to run but it does provide a graphical tool which some people find easier to use.

OPHCrack works best on Windows XP, Windows Vista and on Windows 7 computers.

In order to use OPHCrack effectively, you will need to download rainbow tables. "What is a Rainbow Table?" I hear you ask:

rainbow table is a precomputed table for reversing cryptographic hash functions, usually for cracking password hashes. Tables are usually used in recovering a plaintext password up to a certain length consisting of a limited set of characters. - Wikipedia

To install OPHCrack open a Linux terminal and type the following command:

sudo apt-get install ophcrack

After OPHCrack has been installed click on the top icon on the launcher and search for OPHCrack. Click the icon when it appears.

When OPHCrack loads, click on the tables icon and then click the install button. Search for and select the downloaded rainbow tables.

To break the Windows password you need to first load in the SAM file. Click on the Load icon and choose encrypted SAM.

Navigate to the folder where the SAM file is located. In my case, it was in the following location.

/Windows/System32/config/

A list of Windows users will appear. Click on the crack button to start the cracking process.

Hopefully, by the time, the process finishes you will have the password for the user you selected.

If the tool hasn't found the correct password move on to the next option where I will introduce another tool.

If you require more information about OPHCrack and how to use it read these articles:

Change The Password Using The chntpw Command

The chntpw command line tool is much better for resetting Windows passwords as it doesn't rely on finding out what the original password was.

It just lets you reset the password.

Open up the Xubuntu Software Centre and search for chntpw. An option will appear called "NT SAM Password Recovery Facility". Click install to add the application to your USB drive.

In order to use the utility, you need to mount your Windows partition. To find out which partition is your Windows partition enter the following command:

sudo fdisk -l

The Windows partition will have a type with the text "Microsoft Basic Data" and the size will be larger than other partitions of the same type.

Take a note of the device number (i.e. /dev/sda1)

Create a mount point as follows:

sudo mkdir /mnt/windows

Mount the Windows partition to that folder by using the following command:

sudo ntfs-3g /dev/sda1 /mnt/windows -o force

Now get a folder listing to make sure you have chosen the right partition

ls /mnt/windows

If the listing includes a "Program Files" folder and a "Windows" folder you have chosen the correct partition.

Once you have mounted the correct partition into /mnt/windows navigate to the location of the Windows SAM file.

cd /mnt/windows/Windows/System32/config

Enter the following command to list the users on the system.

chntpw -l sam

Type the following to do something against one of the users:

chntpw -u username SAM

The following options will appear:

  • Clear the user's password
  • Unlock the user's account
  • Promote user (make it an administrator)
  • Add user to a group
  • Remove user from a group
  • Quit

The only three I would personally use are clear the password, unlock the account and quit.

When you log into Windows after clearing the user's password you will no longer need a password to log in. You can use Window's to set a new password if required.

Troubleshooting

If when you try to mount the Windows folder there is an error then it is likely that Windows is still loaded. You need to shut it down. You should be able to do this by booting into Windows and choosing the shutdown option. You won't need to log in to do this.