How to Reset or Change your Windows Password

I recently had to recover a password for a friend who purchased a Windows 8 Computer, however forgot the password that he had created for his account. He did not have a recovery CD, so I figured I would attempt to recover the password. This account was linked to his online Microsoft account, therefore I asked him to go online from another computer and try to recover his online password however, he was unable to do that also. Anyhow, it’s really easy to recover, delete or change your Windows Password.

I take no responsibility if you mess up your computer, and please do not use this for illegal purposes.

Quick Background about Windows Passwords

Computer systems that require authentication generally store passwords in a database that can either be “hashed” or plaintext. In general, almost all use hash tables these days. The way hashes work is when a user creates a password, it is hashed and the cryptic value is saved in a table. Then when the user enters his/her password to re-login, the plaintext value (password), entered by the user, is hashed again and compared to the value in the hash table/database to see if it matches.

There is technically no way to “decrypt” a hashed value, instead the plaintext password must be guessed and the corresponding hashed value would be compared to the hashed value saved as the password for that user. The hashing function is a one-way formula. It can be used to convert plaintext into a hash, however the function cannot be reversed.

A Windows computer uses a Syskey to encrypt its passwords even further with 128-bit RC4 encryption key. This key is called the “bootkey” and can be found in the C:\Windows\repair directory. There are tools (bkhive) designed to extract the bootkey form the System file. Then you can use a utility such as samdump2 and feed it the decrypted bootkey to get your hash value.

If you were to look at a dumped hashed password, it would look something like:

TechSide:501:e52guaad3hfdiwh38572304750378fh5:j37s99fhsk34888aslshg7f45:::

There are lots of tools that exist to extract and attempt to brute force the password of the Windows SAM file. Software often uses plaintext words and converts them to hash, and compares them to the hash value in the SAM file. The cracking software can also utilize pre-hashed passwords (also known as Rainbow Tables), which in turn can make the cracking quicker. However since I’m not really showing you how to crack passwords, just reset them, we will not be concentrating on these tools.

To read more about Rainbow Tables see http://kestas.kuliukas.com/RainbowTables/.

I was initially going to use Ophcrack to crack the password, however the owner said that he would be happy if I could just reset/delete the password altogether, but retain the files on the computer.

Ophcrack is a free Windows password cracker based on rainbow tables. It is a very efficient implementation of rainbow tables done by the inventors of the method. It comes with a Graphical User Interface and runs on multiple platforms. –http://ophcrack.sourceforge.net/

If you must recover the password, for whatever reason, Ophcrack is a very well-known (and old) tool to crack/recover passwords and they even offer a live CD to boot. As you will see below, the easiest method to delete/reset a password is by booting into another OS (such as Linux) from the same computer, via USB, and access the Windows SAM file.

Anyhow, instead of using Ophcrack to attempt to crack the password, I went ahead and tried other approaches because I had physical access to the machine, and as stated earlier, the owner did not care whether the password was deleted/reset. Saved me a lot of time.

Windows SAM file

The SAM FILE is a file located in C:\Windows\System32\config (can also be found under the Windows registry HKEY_LOCAL_MACHINE > SAM) directory of the machine and stores the user account information. However direct access to the file is locked while running Windows so it isn’t really that easy to access the data. The SAM file is locked by the kernel once the user boots into Windows, and while there are ways to dump (see pwdump) whats in the memory, they are not covered here.

Although there are multiple tools that you can use to recover your Windows 7/8/10 password, ever since Microsoft has allowed you to use your Microsoft online account instead of local account, some tools may or may not work. You might just be better off doing an online password reset.

LM Hash vs NTLM Hash

Windows generally uses 2 different types of hashes: LAN Manager (LM) and NT LAN Manager (NTLM). LM hashes were only used up until Windows NT. Windows XP uses both LM and NTLM, however Windows 7 and above use NTLM hashes exclusively. These days, LM hashes can be brute forced within minutes, so Microsoft needed stronger hashes. The time it takes to crack NTLM hashes can take years or even a lifetime, depending on how long the password is. That being said, cracking NTLM passwords can also be done in minutes if the password length is small. So as you can see, it’s probably quicker to just reset the password if you have physical access to machine.

CHNTPW

change password

One tool that I have used before is named chntpw. It is free and works great. I think it is probably easier just to hook up a live Linux distro (boot from a USB drive) to your Windows 7/8/10 PC and run a tool like chntpw and change/delete the password versus trying to guess it by brute forcing, if you have physical access to the machine.

If you don’t have chntpw, open terminal and run:

apt-get install chntpw

If you don’t have a Live Linux distro, I recommending creating that first because you will need it to access the SAM file and use the tool. Any Linux distro will do but if you want to install Kali, you can read my tutorial on creating a Kali Linux persistent USB. Ubuntu and Mint Linux distros would work just as well.

There’s a great tutorial, with pictures, on their website: http://www.chntpw.com/guide/, so I don’t feel like it’s really necessary to write one here.

Basically, after installing chntpw, you run the following command to get the list of users in your SAM file:

chntpw –l <sam file>

Once you know which user you want to modify, you type:

chntpw –u <user> <sam file>

From here you can select whether you want to delete the password (1) or change the password (2).

After you are done, save the changes, restart your machine, and eject the USB so it doesn’t boot back into Linux.

PCUnlocker

If you prefer a GUI tool, PCUnlocker has to be one of the easiest to use, however only the trial version is free.

Creating a PCUnlocker bootable flash drive is as easy as downloading the ISO and burning the image using a tool such as Rufus.

Rufus is a very small tool, that allows you to make a bootable USB, and doesn’t require installation, which is why I like to use it. Click the button highlighted in red below and load the PCUnlocker ISO and hit “Start”.

Once you create the bootable image of PCUnlocker, you need to restart your computer and make sure it boots off the USB drive (or CD drive, depending on which method you used to copy the bootable image). This can be done by changing the Bios settings and/or hitting the F12 key (some computers may require you to press another key) during start up and pick the USB drive, or CD.


Bios settings with CD-Rom first

Since I opted to create a bootable USB instead of a CD, I changed my BIOS to boot from “Removable devices”.

If done correctly, you should see an old Windows version boot up (instead of Windows 7/8/10) and PCUnlocker software should launch.

PCUnlocker directions

Under step 1:Select “Reset Local Admin/User Password”

Under step 2:
Select the path to your SAM file. It should already be there, however if not, the path should be “C:\Windows\system32\config\SAM”

Under step 3:
Select the account to reset the password for.

*Note, if using an online Microsoft account, you should be able to see the email you registered under the “Description” section of list of accounts in PCUnlocker.

Then, just select “Reset Password” and “Restart” your machine.

Unplug the bootable USB you created/ or remove the bootable CD so you can boot back into your Windows 8/10 OS. Once you get back to the login screen, simply enter “Password123” as your account password and Log in. From here, I would recommend changing your password.

Conclusion

In summary, it is very easy to recover a lost Windows password if you have local access to the machine. If you do not have local access, it would require more steps which haven’t been covered in this article. Ophcrack, chntpw and PCUnlocker are all great tools. The whole process took about 5 minutes and is very easy to do. Instead of formatting your computer and losing all your files, give this a try. Well worth it.

Node JS Express MongoDB Bootstrap

Purchase History App Tutorial: Node + Express + MongoDB + Bootstrap

In this tutorial I am going to show you how to make an app that can store your Purchase History. Just a simple app that lets you add and delete items from a database. As you know databases are really important in any application if you wish to store/save information. For this application, we will be using NodeJS, Express, MongoDB and Bootstrap. The main purpose of this tutorial is to show you how to use the various Node modules (mainly Express) to create a web application. To create the app you will need to have:

Our completed app should look like the following:

Node Express MongoDB bootstrap

Continue reading

Retrieving recent WiFi connections using Python _winreg module

This guide shows you how to retrieve recent WiFi connection history from the Windows Registry using the Python _winreg module/library. The _winreg module provides easy read or write access to the Windows Registry. That being said, you should backup your registry before making changes. If you change the wrong settings, it can crash your system.

Knowing recent WiFi connections, that a PC/Laptop has connected to, can help build a map of where it has been.

The script should work for Windows Vista and above. I am currently using a Windows 10 machine with Python 2.7 installed. If you do not have Python installed on Windows, there is a great guide available at https://www.londonappdeveloper.com/.

A basic understanding of Python (or any other programming language) is required, but I will try to comment the code as best as possible.

Continue reading

perl script delimited file

PERL Script Tutorial – Remove Column from Delimited File

What is a Delimited File?

A delimited file is a file where the data is separated by special or unique characters. The most common form of a delimited file is the .CSV (Comma separated values) file format. These files, as you can guess, have the data separated by commas (,). For example, you can save an Excel spreadsheet document as an .CSV file and it will separate all the fields with a comma. Other examples of delimited files include .TSV (Tab separated values), quotation marks, or really any other File that has a unique character (or character pattern) that separates actual data (words, phrases) that you need to utilize.

perl script tutorial
Example of CSV (delimited) file

Continue reading

kali linux network printer install guide

Install Kali Linux Network Printer 2016

Kali Linux Network Printer

While Kali Linux is great and comes with a lot of great penetration testing tools, it isn’t too friendly when it comes to other tasks, such as installing a network (Wi-Fi) Hewlett Packard (HP) printer. Ubuntu and Mint are more user-friendly Linux distros if you are just migrating from Microsoft Windows. For Kali Linux Network Printer install can be done with HPLIP (HP Linux Imaging and Printing). On Kali, the setup is a little different as it doesn’t come pre-installed with CUPS (Common Unix Printing System).

First we will install the required dependencies, then we will configure our HP printer using HP GUI tool. Before we begin, make sure your HP printer is turned ON and that you have a USB cable. Even though we are doing a Wireless Printer setup, this technique requires a direct USB connection (from printer to your Kali system) for a brief period of time.

Continue reading

create sublime text 3 plugin

Create Sublime Text 3 Plugin – Webify Tutorial 2016

Creating A Sublime Text 3 Plugin

In this article, I want to share with you how to create a basic Sublime Text 3 plugin (or package). Sublime Text 3 (ST3) comes with a running ‘Hello World’ plugin example, however, if you have read any of my previous posts, I am not a big fan of simple ‘Hello World’ applications. I will, however, walk you through setting up the ‘Hello World’ plugin and then we will create our own Sublime Text 3 plugin named ‘Webify’. ‘Webify’ will replace the less than (< ) and greater than (>) signs in your block of code to &lt; and &gt;, also referred to as HTML Entities.

Continue reading

Ultra Simple Handlebars, Express JS & Node JS Example 2016

Handlebars + Express JS + Node JS

Today I’m going to show you how to create an ultra simple Express JS server application and use the Handlebars framework to handle “modularization”. To follow along, please make sure you have Node and NPM configured on your machine. If you don’t have the required applications, read my Setup Node JS and NPM Tutorial. The following tutorial will introduce you to Handlebars (for templating), and ExpressJS. By the end of this tutorial you should have an basic understanding on how to create an application/website with what I like to call HEN (Handlebars, Express JS & Node JS) stack. 😉

Continue reading

CSS Image Grid

CSS Columns: Polaroid Style CSS Image Grid

CSS Columns for CSS Image Grid

CSS columns allow us to define columns in a container using the column-count property. The column-count property sets the number of columns in a container (such as <div></div>). Another important property is the column-gap property, which sets the gap between each of the columns. Columns are excellent to organize content on your website.

Although CSS columns can be used in multiple ways, I am going to show you how to make a Polaroid Style CSS Image Grid with Captions, (Also referred to as a Masonry Image Grid). For our CSS image grid, we will be using HTML and CSS programming languages only, so it should be fairly simple for the beginner to follow along, especially if you have done any of my previous pure-CSS tutorials.

The CSS Image grid/gallery will have 3 columns and display “old-school” style Polaroid images. Here is an example of how our finished project will look:

css image grid
Polaroid CSS Image grid with Captions

Continue reading

Node JS Server Example

Beginner Node JS Server Example with Routing

What is a Node JS Server?

Node JS gives the front-end developer (and back-end developers) the ability to use JavaScript (JS) as the back-end server-side scripting language instead of other back-end server-side languages. This is exceptionally useful for front-end JS developers looking to do server-side scripting as well. When you develop an application using Node, the application you write is the server. Node is a framework for you to build a web server. To setup and configure Node and NPM, see my tutorial.

beginner node js server
In the following Node JS Server tutorial, I will show you how to create a simple Node JS Server for serving static files using Routing. Routing tells our Node JS server which files (web-pages) to send the user based on the URL request, submitted by the user, through their web browser (Chrome, Firefox, Safari, etc.).

Our Node JS Server will serve a simple index.html file with a logo, and a 404.html file when the user requests a page that does not exist. It is simple to follow and gives you an idea of how NodeJS Servers work.

Continue reading

best linux tools

Best Linux Tools and Utilities to Install – Kali

Update and Upgrade Linux

Before we can install my favorite linux tools, we need to be certain to update and upgrade all the necessary packages of our distribution. This can be done by opening the Terminal and running the following:

apt-get update && apt-get upgrade
  • apt-get update – updates the list of packages and their version but doesn’t actually upgrade or install the packages.
  • apt-get upgrade – installs the newer version of packages based on the updated list.

This may take a while, so just let it do it’s thing while it goes through and updates all your packages/dependencies.

After upgrading and rebooting, I was having an issue booting back into Kali. This is because my laptop has 2 graphics cards (you may not have this issue). The command lspci should help you confirm if the Nvidia is installed. If this is the case, open terminal and type:

apt-get remove nvidia* --purge 
reboot

This will remove the conflicting Nvidia drivers and use Intel graphics card.

Add New User

It’s very important to add a new user to your Kali distro. While it’s okay to use ‘root’ user, it isn’t recommended you use root for everything because root has all permissions. This means that you can damage your system files if you don’t know what you are doing. Having an account with stricter permissions will protect your sensitive files.

To add a new user, simply open terminal and type:

adduser userone

or

adduser userone sudo

replace “userone” with the username of your choice.

Continue reading