04 February 2011

Use Ubuntu to Bypass or Crack Windows XP Passwords

If you forget your password it can be annoying. Here is how to get past those dark days.

Download and burn the latest Ubuntu distribution to CD, this can be found here www.ubuntu.com.

The Bypass Method

Use the CD as a boot disk and load up Ubuntu without installing it onto the hard disk, it can run from the CD. Once loaded fire up the Terminal and run

sudo synaptic

In the window that opens, go to 'Settings > Repositories' in the popup make sure its all ticked except 'Source code'. Then close the popup and any warnings and hit 'Reload' a button on the main toolbar. Once that is complete close the window and head back to the terminal.

sudo apt-get install chntpw

Using this application you can reset of any user IF syskey is not installed. First mount the windows disk, go to places and click on the disk that holds your windows installation. Then its back to the terminal for more command line action.

First navigate to the directory where windows stores the passwords.

cd /media/"something"/windows/system32/config

the 'something' being the name of your HDD where Windows is installed. Run the application to see where you stand.

Here is an example of what you might see

andy@andy-ubuntu:/media/Win7/Windows/System32/config$ chntpw SAM

chntpw version 0.99.5 070923 (decade), (c) Petter N Hagen
Hive name (from header): <\SystemRoot\System32\Config\SAM>
ROOT KEY at offset: 0x001020 * Subkey indexing type is: 666c
Page at 0x19000 is not 'hbin', assuming file contains garbage at end
File size 262144 [40000] bytes, containing 8 pages (+ 1 headerpage)
Used for data: 296/55856 blocks/bytes, unused: 11/42192 blocks/bytes.

* SAM policy limits:
Failed logins before lockout is: 0
Minimum password length : 0
Password history count : 0
| RID -|---------- Username ------------| Admin? |- Lock? --|
| 01f4 | Administrator                  | ADMIN  | dis/lock |
| 03e9 | Andy                           | ADMIN  |          |
| 01f5 | Guest                          |        | *BLANK*  |
| 03ed | HomeGroupUser$                 |        |          |
| 03eb | xbox                           |        |          |

---------------------> SYSKEY CHECK <----------------------- SYSTEM 

SecureBoot : -1 -> Not Set (not installed, good!)
SAM Account\F : 0 -> off
SECURITY PolSecretEncryptionKey: -1 -> Not Set (OK if this is NT4)
Syskey not installed!

RID : 0500 [01f4]
Username: Administrator
comment : Built-in account for administering the computer/domain
homedir :

User is member of 1 groups:
00000220 = Administrators (which has 2 members)

Account bits: 0x0211 =
[X] Disabled | [ ] Homedir req. | [ ] Passwd not req. |
[ ] Temp. duplicate | [X] Normal account | [ ] NMS account |
[ ] Domain trust ac | [ ] Wks trust act. | [ ] Srv trust act |
[X] Pwd don't expir | [ ] Auto lockout | [ ] (unknown 0x08) |
[ ] (unknown 0x10) | [ ] (unknown 0x20) | [ ] (unknown 0x40) |

Failed login count: 0, while max tries is: 0
Total login count: 1

- - - - User Edit Menu:
1 - Clear (blank) user password
2 - Edit (set new) user password (careful with this on XP or Vista)
3 - Promote user (make user an administrator)
4 - Unlock and enable user account [probably locked now]
q - Quit editing user, back to user select
Select: [q] >

So from this you can see the different users and the state of their accounts. To access the Administrator account first we have to 'Unlock' it with option 3 and then reset the password with option 1. Its apparently not a good idea to type a new password, just do that once you logged into Windows.

So all is good, go back to Windows log in as the 'Administrator' and reset the other users passwords.

However if the line above "Syskey not installed" in fact reads something like "Syskey is installed" you have to try a different approach.

The Crack Method

Fire up the Terminal

sudo apt-get install ophcrack && sudo ophcrack

this will install and run the application, you will also need to load firefox, it comes pre-installed and there should be an icon on the bar at the top. Head to ophcrack.sourceforge.net and download the the first XP table, they get bigger as you go down, so just start on with the first. Save this file to the windows disk and then install the table from Ophcrack by clicking the 'Tables' button.

Load the Encrypted SAM file by clicking the 'Load' button and navigating to the .../Windows/System32/config... folder and clicking choose.

Again you will see a list of users, you only want to focus on the Admin so remove the others by clikcing on them and pressing delete. (This only removes they from the Cracking process, it wont delete the actual user)

Add the tables you need, if hashes are in the NT column use VISTA tables if the LM hash column has values use the XP tables.

Select the appropriate table and hit 'Crack' and then sit back and cross your fingers.


  1. Anonymous7:36 pm

    ophcrack is a scam

  2. is it? the free version worked OK for me, what's the problem?

  3. Anonymous1:56 am

    PCUnlocker can either bypass or reset the password on Windows XP.

  4. Data is the lifeline of any organization or business entity. They play a vital role in the growth and communication of your business. Different types of data are stored in the database of the company. The data may include client's information, company's stock list and the info of the suppliers and distributors. Hence, it can be said that storing the data and keeping their effective database is important.
    4k video downloader key

  5. Thanks for sharing us. PERSONAL COMPUTER Folder Lock App - Don't Waste Time Searching for, Read through Information On COMPUTER Devices Here password protect file

  6. When I originally commented I clicked the -Notify me when new comments are added- checkbox and now each time a comment is added I get four emails with the same comment. Is there any way you can remove me from that service? Thanks!

  7. Hi there, just wanted to give you a quick heads up. The text in your content seems to be running off the screen in Internet explorer. I'm not sure if this is a formatting issue or something to do with internet browser compatibility, but I thought I'd post to let you know. The design and style look great though! Hope you get the problem fixed soon. Kudos Special info: How To Lock Files With Minimum Effort And Still Leave People Amazed

  8. Actually I read it yesterday but I had some thoughts about it and today I wanted to read it again because it is very well written. http://crackbyme.net

  9. It's really nice and meanful. it's really cool blog. Linking is very useful thing.you have really helped lots of people who visit blog and provide them usefull information. https://crackbyme.net

  10. Anyway there is a method for downloading specific accounts and we'll cover those in another post which will likewise cover where to track down them.

  11. A space name is essentially one more name for your site url, or site address. For instance: https://onohosting.com/