Wednesday, 18 March 2015

Password recovery with Elcomsoft System Recovery

(Part three of Three ways to recover from a forgotten Windows password)

You've forgotten your Windows password. What now?

You will need to buy a copy of Elcomsoft System Recovery and burn the provided ISO file to a CD.

Boot off this CD and choose the hard disk containing the Windows installation from the list supplied. Continue through the Wizard choosing the default options if you are a regular home user or your work PC is not on a Windows domain.

With any luck your password will appear in the list. You can reboot and type it in. If you have created a good, secure password then you have more work to do.

Dump the hashes
Return to the main menu and select ‘Dump password hashes for further audit/recovery’. This will create a text file containing the hash values of your password(s). Use a USB flash drive to help move these files to a computer over which you have control.

You can now use any number of tools and websites to determine your password.

We’ll use HashKiller.co.uk, which lets you submit a hash and returns the associated clear-text password. Paste the hashed password into the left field and press Submit at the bottom to discover your password.

If your password was very complex and you wisely don’t want to disclose it to any cracking website you could buy specialist cracking software. Elcomsoft also sells this, specifically the Proactive Password Auditor. At £299 this is quite expensive but a free trial version allows you to use it for up to 60 days and can check only 10 accounts. If you’ve forgotten your password, rather than conducting an investigation, this should do the job.