1 proven trick to try if you forgot your Windows password

Yes, it happens to all of us doesn’t it?  In a moment of exuberance, in the highlight of delight, at the apex of excitement… you attempt to login to your Windows box after months of inactivity, and well you can’t.

Access denied!!

And what makes things worse is you told yourself this would never happen to you.  Also, since there’s no external DVD or CD-ROM drive, you don’t have an easy way to boot up a recovery drive.

You’ve blazed through all known passwords… you’ve even tried cracking your own password but alas! You just can’t get in and you’re about to lose your mind.

In this quick tutorial, I’m going to show you one proven trick for gaining access to our beleaguered Windows machine.  And the best news is it’s easier than you think.

So there are a couple of tricks you can try to get into your box such as downloading the Offline NT Password Editor and completely blowing away your password.  As long as you have a valid local account on your computer, you can zap the existing password (even if you don’t know the old one) and start over without reformatting your box.

You could also try cracking your password but that’s not very effective.  The most reliable fix is to create a Live Linux USB drive from a friends computer and then plug that thing in your computer so can boot to that.

In this guide, we’re going to use Kali Linux to pull this off but you could actually use any version of Linux.  For example, many people use Ubuntu to do this but I prefer Kali.

In order to make the Live CD first lets first make sure we have everything in order:

  1. Kali Linux ISO
  2. UNetbootin
  3. A USB thumb drive with at least 4GB of space (be prepared to wipe it clean)
  4. Boot to Kali
  5. Run chntpw
  6. Unmount and login!

1. Grab Kali

Alright, the first thing we need to do is grab the Kali Linux ISO.  Simply go to the Kali Linux downloads page, click the ISO and let it download. It doesn’t matter if you grab the 64 or 32 bit versions, but I prefer 64 bit because it runs slightly faster on machines that have more than 4 GB of RAM.

Kali Linux

2. Snag UNetbootin

UNetbootin is a free Windows program that lets you create live USB drives for various Linux distributions.

UNetbootin

When you install UNetbootin, you have two options:

  • Distribution
  • Diskimage

We want to pick Diskimage at the bottom of the application because the Kali Linux distribution isn’t included in the Distribution drop down box in UNetbootin.

So click the Diskimage radio button, make sure ISO is selected and then click the little button with the three horizontal dots to browse to the Kali Linux distribution you just downloaded.

Selecting your ISO

Now plug in your USB drive, make sure the Type at the bottom says of UNetbootin is set to: USB Drive, select your Drive and then click OK to format and create the Live USB.  As long as you have at least 4GB of space on the drive you should be okay.

Plug in the drive and select the letter

Just make sure the type is set to USB Drive and not Hard Disk or else you’ll be in a world of hurt…

3. Boot the the USB drive

When the Live USB process is completed you should see all the files on your USB drive.  It shouldn’t take longer than a few minutes to create the media.

Bootable Linux drive

Okay, so now we’re looking good.  Now we need to boot from this thing.

The easiest and most reliable way to boot to a USB drive on a PC is to hit reboot the box and then start hitting F12 like crazy.

Another way to boot from the USB drive is to press Del, Esc, F1 or F2 repeatedly during bootup so you can get into the BIOS or UEFI screen. From here you should be able to choose the Boot order.  Which key you press to enter your BIOS/UEFI screen depends on your computer manufacturer that’s why I listed so many options.

BIOS

Alright so now what?

When the box boots we should see something that looks like this:

Kali Live CD screen

4. Boot into Kali

Alrighty, now we need to mount your Windows drive into the Kali Linux environment so we can access the files there.

Pop open the terminal – this is basically the Linux version of a Windows command prompt.  Now we need to create a mount point so we can mount the Windows partition to our Linux environment.

Terminal window

Open the terminal and type:

ls /dev/sd*

We need to look for our Windows partition.  All Linux devices are located in a folder called /dev.

You might be thinking like – how is this possible?

This is because in Linux everything is a file - including physical devices.  So your DVD-ROM is represented as a file and your entire hard drive is represented as a file too.

So what we need to do is to find all our hard drives which typically live in /dev/sda.  The /dev/sda1 and /dev/sda2 files you see in the screenshot below are actually partitions on the hard drive /dev/sda.

I hope that makes sense.

/dev/sda

So our Windows partition lives on either /dev/sda1 or /dev/sda2 – let’s mount both to see where it is

mount /dev/sda1 /mnt

mount /dev/sda2 /mnt

mounting the partitions

If this doesn’t work for some reason you can type prefix each command with sudo (this is like clicking Yes to the UAC prompt in Windows)

Alright, so we mounted both partitions into a folder called /mnt/ in Linux. Now let’s take a look inside.

Just type:

cd mnt && ls

looking at our mounted Windows partition in Linux

You could also type

cd mnt

ls

on two different lines – the && thing will save you a step though (nice little Linux trick eh? hehehe)

5. Run chntpw

Alright, so let’s CD into /mnt/Windows/System32/config and then run chntpw to see what our options are

cd Windows/System32/config && chntpw

chntpw

So we have a bunch of options

Let’s run the interactive Menu system by pressing the -i switch in that long list of options and we want to do it against the SAM file.

sudo chntpw -i SAM

Editing the Windows SAM file

Awesome – so press 1 and hit enter to Edit user data and passwords.

Then enter the hex code next to the user you wish to change the password for.

RID column

It’s under the RID column.  Just copy and paste it and press Enter.

Resetting the password

Then press 1 to clear (blank) the user password out.

Resetting Windows passwords in chntpw

Hit enter and that should do the trick.

It’s going to look like nothing happened – but if you scroll up just a tad you’ll see where it says:

Password cleared!

Password cleared in chntpw!

If so, you’re on the home stretch baby.

Press q to quit the chntpw interactive screen, hit q again and then hit y to write the changes to the hive files.

2017-05-08_17-30-16

So it’s q enter

q enter

y enter

6. unmount and login

Now let’s unmount the mnt folder and reboot:

Change back into the root directory and type

cd / && sudo umount /mnt

Just keep in mind the unmount command is umount NOT unmount. That messes’ a lot of newbies up –

umount in Kali

Now reboot and you should be able to login to your Windows box without a password.

Windows 10 login screen

bizzam!

Desktop without a password

The Bottom Line

Alright so there you have it – I just logged into my Windows 10 box even though I completely forgot the password.

Just to review we grabbed the Kali Linux distro.  So I chose Kali because I use it on my laptop but you could have picked Ubuntu or something else.  The reason I picked Kali is because it comes with chntpw built in so I didn’t have to download it.  If you have ubuntu you can grab chntpw by running:

sudo apt-get install chntpw 

Then we installed UNetbootin so we could create a bootable Kali distro.  We pointed UNetbootin to the Kali ISO, booted from the USB stick into Kali, mounted the Windows share, ran chntpw and then rebooted the box and logged in!

So if this post helped you please leave a comment! I really want to know – also if you have questions leave a comment too – I like comments

About

Connect with Vonnie on Twitter

Posted in Linux, Windows Tagged with:
  • Curtis

    Great trick! I also came across another trick – sticky keys method, and it also worked great and you can do a password reset using windows installation disk.I’ll test your trick on my computer when I have time. Thanks!