How to crack a Windows XP password

Posted by in Questions & Answers

To crack Windows XP password we’ll use a program I personally used a hundreds of times, called Ophcrack

Well, to crack a password there is one big science discipline called cryptography. Here we won’t get into details but rather explain how this program works.

So, if you lock your account in Windows with a password for example admin, here is what happens. Windows takes that password and encrypts it with one of the methods of encryption and then saves it into a file(with Windows XP it’s a SAM file located in system32). Now your password is no longer stored as admin, but rather something like 3ujf92+*?jdhsa=)jsadn , depending on the encryption method. However, we ask ourselves, why don’t we just take that encrypted password and decrypt it back to admin. The thing is we can’t because it’s a one way encryption and that is actually the point of it all. So how do we actually crack it?

There is a number of methods but the most famous one is brute force attack. Brute force actually means to start with a letter a and encrypting it. Then see if the encrypted strings match. If not then b, c, … until we’ve gotten to admin. Then the encrypted strings will match and we’ll know that is the right password. Brute force attack is the slowest method of cracking, but there is no risk that you’ll not find the password. The thing about brute force is that the time of cracking rises rapidly depending on how long the password is, how many characters are being used in it and so forth.

Other methods, such as dictionary attack and an attack using rainbow tables are a better option. Ophcrack itself works using rainbow tables and brute force combined.

1. Download Ophcrack LiveCD

2. This program is now an ISO image. Just burn it with Nero or whatever you’re already using for burning images( for burning only ISO images download this burning program – ISORecorder)

3. Now reboot your computer with the CD inside (if the CD will not boot you need to set the boot priority inside BIOS, so that the CD-ROM is the first in the list)

4. A menu like this will appear:

crack pasword

Select the Ophcrack Graphic Mode

5. After the CD is done loading, a user interface like this will appear:

crack pasword

The last right column are the passwords for the given users.

Now depending on many reasons, the cracking of the password could take a long time. So the thing I mostly do is go to sleep and by the time I get up in the morning, Ophcrack has cracked it.

Now just reboot your computer and log into Windows. :)