Windows Password Recovery: Ophcrack USB

Windows Password Recovery Ophcrack USB

This is a brief article that describes how to reset a password on Vista/Windows 7/Xp with Ophcrack on a USB.

Tools like Ophcrack, PC Login Now and Offline NT Password & Registry Editor (ONTP&RE) make Windows password recovery simple. The best way to unlock or reset your password is the have a Windows recovery disc ready.

1. USB Download.  Download the Universal -Usb- Installer Software:

pendrivelinux – USB

2.  Download Ophcrack.  You need to download Ophcrack- Vistalivecd-3.6.0.iso or latest version: Ophcrack- Vistalivecd-x.x.x.iso


3.  USB Installer.  From the location that you downloaded the USB Installer, start the Universal-Usb Installer to start to ‘Setup Your Selection Page’

note: The flash drive may need to be formatted. It must be larger than 1gb.

Before the steps, make sure the computer has Winzip software to make the iso visible for the Usb Installer.

3.  Download the Ophcrack ISO.  From the location that you downloaded the USB Installer, start the Universal-Usb Installer to start to ‘Setup Your Selection Page’


The Steps of Ophcrack Setup:

Step 1: Scroll down to the bottom and Select ‘Ophcrack Vista/7’ or ‘Try Unlisted Linux ISO’

*note:  if Ophcrack Vista/7 does not work, try Unlisted Linux ISO at the bottom of the list

Step 2: Browse for the downloaded file, Ophcrack -Vistalivecd-3.6.0.iso

note: You may have some issues with the software recognizing the .iso. Make sure you are looking in the right place. Make sure you have unzipped the file. All else fails, try restarting the USB Install software then TYPE the exact location and name of the .iso in the Step 2.

Step 3: Select your Usb flash drive letter and hit Create.

USB ophcrack

The Windows USB Password snapshot

BIOS boot menu password recover

picture of BIOS boot menu password recover

Once the Ophcrack liveCD screen appears, Hit Ophcrack graphic mode- automatically.



A mini Linux screen will appear, then the Ophcrack box. Select Administrator and hit progress.  Wait for some time until it goes up to  100% Ram.  Once its done, it will show the password.

ophcrack password recovery

ophcrack password recovery

Ophcrack is only effective for a short and simple password unless you get a more robust rainbow table.  You can purchase Ophcrack with a better table you can also find larger tables on sourceforge.




Windows Password Recovery: ONTPRE

Offline NT Password & Registry Editor (ONTP&RE)

Did you lock yourself out of your Windows system?  Forgot your Windows password?  What is the best Windows password recovery?

The best way is to have a Windows Recovery disc ready.  But this is something you must do BEFORE you get locked out.



There are tools you can use to get into your system, but the first think you should try is to use “Administrator” as the user with no password.  “Administrator” is a default account on Windows systems.  On Windows 7 it is disabled by default but if someone has used the account you may be able to use it as backdoor into the system.

If their is not Administrator account and no Windows Recovery disc you will have to use a Windows password recovery tool.  ONTP&RE is a password recovery tool that allows quick access to windows systems.

Reset Password : Windows 7

1.  Download ONTP&E: First, download the Windows password recovery software from .

2.  Unzip ONTP&E:  Files are compressed into 1 folder named (  Unzip the file.

3.  Create CD with ISO:  Set the cd disc creator into ‘image to  disc’’. Burn the image to the cd.  Each CD burner software is different, so you will have to figure out how to create a CD from the ISO.  Sometimes its as easy as double clicking the ISO but it depends on the type of software.

4.  Reboot & Insert:  Actually, you need to make sure your Windows system is able to boot from the CD.  Once its done , insert the cd back to the CD ROM  and reboot your computer.

5.   Computer Boot from CD:  As your computer reboots, keep hitting F2 to go through the BIOS.  Select “Boot Options”.  Some versions of BIOS call this “Boot”.  But the idea is the same.  Go into the BIOS and make sure CDROM is on the top of the list for boot options.  This means that the computer first looks at the CD before going to the Hard Drive.  Instructions on modifying BIOS settings will be listed on the page.

6.  Boot into ONTRE:  Once the BIOS boot option is set, save and exit.  Your system will boot into your ONTRE disc.  Software will start running. Just follow the steps.  “Press enter” to boot into the “Offline NT Password & Registry Editor” CD.

windows password recovery

screen shot of Offline NT Password & Registry Editor

7.  Select an Account:  It will ask you to select an account.  If you hit “Enter” it will automatically boot into the [Administrator] account.

*note: Anything in [brackets] is the default value, so if you hit “Enter” it will auto-magically choose that [bracket] value.. its a linux thing.. you wouldn’t understand.

If you choose the “Administrator” account, you may need to Enable the account since the built-in Administrator account is  disabled by default in certain versions of Windows.

8.  Enable Built-in Administrator Account:  The Windows account  needs to be enabled.  Select 4  and enter ‘to Unlock and enable user Account’.

windows ontpre menu enable

windows ontpre menu

9.  Clear (blank) User Password:  After selecting 4-Unlock and Enable user account, you will be sent back to the User Edit Menu. If you want to clear the Administrator password (if it has one) then hit enter or type Administrator and Select 1 and “Enter” – to clear the user password.

10.  Save Changes:  Once you have made all the changes you want (enabled the Administrator account & cleared any passwords), you are ready for the next step.  Hit  ‘!’ and enter.

Windows Password save changes

Windows ONTP&RE password save change

On the screen it asks ‘What to do’?  hit q to quit. You will see:

Step FOUR:  Writing back changes

“About to write file(s) back.  Do it ?’’

Hit   Y  and enter to save changes.

11.  Last Step:  Hit “Ctrl-Alt-Del” to reboot and eject the cd quickly.  This will allow the system to boot into Windows on the Hard drive.

You can now login as “Administrator” with NO password.

Once you are in as Administrator you can change passwords of any local accounts in Control Panel | Users.

Password Creation & Memorizing Tip (primes)

Since the DOD has made the password requirement impossible, I’ve been coming up with complex password methods that are easy to remember.

Here is one:

Passwords based on three digit primes on small areas of the keyboard.

135 – prime three digits

!#% – special characters of the prime

QET – cap letters under the prime (to left)

wrr – lower letters under the prime (right)

You choose a row of prime numbers. Then you base all the other digits on that prime.

Palin’s password was Popcorn?

I was wondering why conservative talk were accusing the Dems and/or liberals for hacking Palin’s account. Apparently, the guy who hacked into her account ( is the son of Rep. Mike Kernell, Tennessee state lawmaker. He simply used the “forgot my password” feature and then used publically available information to answer the security questions.

“Gov. Palin’s Alleged Hacker Indicted; Password Was ‘Popcorn’
A 20-year-old student at the University of Tennessee has been indicted for breaking into one of the email accounts of Gov. Sarah Palin and then posting screenshots of personal information obtained there to a public Web-site.

David Kernell, the son of a Democratic state lawmaker, was led into a Knoxville federal court wearing handcuffs and shackles on his ankles today and was released without posting bond, according to the Associated Press.”

Hope she’s changing all her passwords because more than likely they are all “Popcorn”.

read more | digg story

Top 10 Most Common Passwords

Life these days has become largely dependent on passwords – whether we’re checking our emails, transferring funds or shopping online, passwords have their part to play.

Security Comedy by Digg user Garfoli:
Cthon98: hey, if you type in your pw, it will show as stars
Cthon98: ********* see!
AzureDiamond: hunter2
AzureDiamond: doesnt look like stars to me
Cthon98: AzureDiamond: *******
Cthon98: thats what I see
AzureDiamond: oh, really?
Cthon98: Absolutely
AzureDiamond: you can go hunter2 my hunter2-ing hunter2
AzureDiamond: haha, does that look funny to you?
Cthon98: lol, yes. See, when YOU type hunter2, it shows to us as *******
AzureDiamond: thats neat, I didnt know IRC did that
Cthon98: yep, no matter how many times you type hunter2, it will show to us as *******
AzureDiamond: awesome!
AzureDiamond: wait, how do you know my pw?
Cthon98: er, I just copy pasted YOUR ******’s and it appears to YOU as hunter2 cause its your pw
AzureDiamond: oh, ok.


read more | digg story

UK planning to monitor and record every phone call, web page, and email sent by citizens

The Home Office will create a database to store the details of every phone call made, every email sent and every web page visited by British citizens in the previous year under plans currently under discussion, it has emerged.

The Government wants to create the system to fight terrorism and crime. The police and security services believe it will make it easier to access important data as communications become more complex.

Telecoms firms and internet service providers (ISPs) have already been approached by the Home Office, which would be given customer records if the plans were realized.

Only a matter of time before the same happens in the U.S. It might already be underway by the NSA. Who knows.

more at

Code cracking is the new pot of gold

If you think the password protection on your MS Word file is keeping it safe from prying eyes, you’re wrong. The time it takes to crack password-protected Microsoft Office files has tumbled from a 25-day average to a matter of seconds, thanks to a decades-old code-cracking technique that until recently was not viable.

read more | digg story

Former Pentester of FBI, hacks the FBI

This case is not the same as the Department of Veteran Affairs loss of records or the Department of Agricultures security failures.  In this case, a contracting consultant conducted a penetration test with out getting formal approval.  He expoited the FBI's vulnerabilities to gain elevated privledges.

Joseph Thomas Colon, 28, is a former employee of BAE Systems.  His pentest allowed him to obtain the passwords of 38,000 employees, including that of FBI Director Robert S. Mueller III.  According to Colon, the FBI field office in Springfield, Ill., he was attached to gave him approval.

However, every professional pentester and/or ethical hackers knows that you have to get formal approval from an authority. 

Colon's lawyer said in a court filing that his client was hired to work on the FBI's “Trilogy” computer system but became frustrated over “bureaucratic” obstacles, such as obtaining written authorization from the FBI's Washington headquarters for “routine” matters such as adding a printer or moving a new computer onto the system. 

As a result, Mr. Colon will likely serve about 18 months in prison. :(…

Pentesting and ethical hacking tools and techniques must be dealt with responsibly.  The bureacracies that might allow pentesting must be respected at all costs.  The first thing in Pentesting and ethical hacking that is taught is to ALWAYs, ALWAYS, ALWAYS get writen consent to procede from the owners of the system.


Password Hacking Programs: EBCD

One of my favorite Password hacking programs is the EBCD.  EBCD stands for Emergency Boot disk.  Since it operates on Linux, many people have a hard time using it.  Anytime, that I've had friends that have locked themselves out of their own system or some co-workers who forgot their login to the corporate laptop and I give them a copy of the EBCD they are at a loss on how to use it because to command line Linux.

So here is something I've been wanting to do for a while.  This is a simple walkthrough on how to use the EBCD.  I'm still working on it.  As with my in entire “hacked” series it is a work in progress.

The EBCD was created by Mikhail Kupchik.  Give him donation if you like his work.  One of these days I hope to have the coding skills necessary to bring to life tools as usefull as this.  These days I'm more into web applications and learning PHP.  Cools stuff.

Create A Password

Creating a Password is easy. Standard practice to create a password that is fairly difficult to crack consists of using at least 8 character with upper and lowercase letters, a number and a special character. So your password should look like this: M1k3@H0m3

This password says “Mike at Home”. It is a good idea to make the password something that is easy to remember. 53Xon+Be@ch

Here is another one that is hard to crack and easy to remember. It says “Sex on the Beach” (“the” is replaced with “+”)


If you are on AOL this one might be easy to remember as well.


If you have to log on to a baby site, a password similar to this might help. It says “this is my baby”.

This is the general idea for generating good passwords. But if you have like 30-40 passwords and don't want them to all be the same here is another method that could help you.  READ more about how to create a password and MANUAL ENCRYPTION here.

1 2