# Off-Topic Discussion > The Lounge > Tech Talk >  >  I lost my Vist password

## Indeed

Yeah, I lost the password to my Windows Vista laptop. How do I get in?

Wow, I screwed up the title.

----------


## Marvo

There is a chance you might be able to make your way into Windows through the safe boot mode. Try that.

----------


## Indeed

> There is a chance you might be able to make your way into Windows through the safe boot mode. Try that.



Already tried. Nope.

----------


## LikesToTrip

Yea, sadly Vista removed the default Administrator that could be accessed in safe mode  :Sad: . You could try Ophcrack. I've never used it, but I hear it's one of the best password recovery programs. Ophcrack

----------


## Taosaur

I haven't had a chance to try it out, and I don't know how to get it aside from torrents or knowing an IT guy, but you could try the MS DaRT Locksmith tool.

----------


## Indeed

> Yea, sadly Vista removed the default Administrator that could be accessed in safe mode . You could try Ophcrack. I've never used it, but I hear it's one of the best password recovery programs. Ophcrack



Tried twice. Not found.

----------


## MindGames

You could boot from a live disc and move all your important files to a flash drive, then reinstall.

----------


## Jeff777

If you're still under warranty, call tech support.

----------


## Artelis

> Tried twice. Not found.



you can't just pretend to be my dad and think you can get away with it.

----------


## OldNutter

Again.. nothing you've tried worked. this will: Redirecting.... Download, burn and run Dos programs, go to password tools then go to active password changer. Problem solved.

----------


## Artelis

I wouldn't listen to this guy. He has Old in his name, and we all know old people are awful at computers.

----------


## OldNutter

> I wouldn't listen to this guy. He has Old in his name, and we all know old people are awful at computers.



Smart ass  :tongue2: 

Also forgot to mention, the download is at the bottom of the page.

----------


## Snowboy

> I wouldn't listen to this guy. He has Old in his name, and we all know old people are awful at computers.



Do not forget that he is also slightly insane.

----------


## Sornaensis

Should've made a password reset disc!

----------


## Jeff777

Once you get back into your computer, go into program files and delete system 32.  You'll never have this problem again.

----------


## dakotahnok

*Yeah you could always call tech support.*

----------


## OldNutter

> Once you get back into your computer, go into program files and delete system 32.  You'll never have this problem again.



Its C:/Windows/system 32  ::lol::

----------


## dark_grimmjow

I would suggest using the software from this place: Windows Password Reset - Reset Windows Password with Windows Password Recovery Software

I used it to reset the password on my cousin's windows 7 laptop. It will work for vista too. Don't bother for the free version; it will just bring you right up to the point where you can reset the password and then tell you that you have to buy it to reset it. If you don't want to pay for it, you might could find a free download of it somewhere like a torrent. Not that i'm advocating piracy, ::roll:: , but i doubt this is something your going to need more than once; so why pay for it. Anyway, i'd definitely say give it a try, it worked like a charm for me. Just make sure you pick the right account if you have more than one to choose from.

----------


## Indeed

> should've made a password reset disc!



s

t

f

u

----------


## Jeff777

> Should've made a password reset disc!

----------


## tommo

Download regedit, find where you password is stored in the registry, copy it and get this tool John the Ripper password cracker to decrypt it.  Or another decrypting tool.

----------


## LikesToTrip

> *Download regedit*



 ::laughhard:: 




> find where you password is stored in the registry, copy it and get this tool John the Ripper password cracker to decrypt it.  Or another decrypting tool.



That wouldn't be possible if he can't even log on...

----------


## tommo

Lol shutup I haven't used a windoze computer for at least 3 years, and it was 2:30 in the morning when I wrote that.
I'm sure you can get in by installing linux or something.

----------


## LikesToTrip

I found the 'download regedit' really funny. And yes I'm sure you could use Linux to fix the problem. Linux is tha shit.

----------


## Indeed

Oh, yeah. Because linux is able to manage windoze file systems and edit them. Yeah, of course.

----------


## LikesToTrip

> Oh, yeah. Because linux is able to manage windoze file systems and edit them. Yeah, of course.



One of the many reasons Linux is tha shit. Windows won't even recognize ext file systems. And yet Linux has no problem reading NTFS.

----------


## tommo

You don't need to edit anything?
Just get the encrypted password.
Anyway I'm pretty sure it can..

----------


## Indeed

So far, Hiren's boot disk seems like it'll help. I'll try that.

----------


## Marvo

While it is possible to change a Linux password by editing a simple file, this is not true for Windows installations. There really is no good way to recover a lost password, as far as I know.

----------


## OldNutter

> While it is possible to change a Linux password by editing a simple file, this is not true for Windows installations. There really is no good way to recover a lost password, as far as I know.



Correct me if I'm wrong, but i think you can create/modify an entry in the registry. It will be encrypted, and anything you type won't work, but at least it'll create the password file so it can be wiped.

----------


## Marvo

> Correct me if I'm wrong, but i think you can create/modify an entry in the registry. It will be encrypted, and anything you type won't work, but at least it'll create the password file so it can be wiped.



I know nothing about this. Where did you read it?

----------


## OldNutter

I didn't read it, its just common sense that the password would be in the registry. .... this calls for some Virtual box testing!

----------


## Marvo

> I didn't read it, its just common sense that the password would be in the registry. .... this calls for some Virtual box testing!



I'm not seeing how that's common sense, but if you figure out how to crack a Vista password, then you could probably become pretty popular.

----------


## Vertebrate

Here's a video on how to use a BackTrack Linux Live CD to login to windows vista without a password:
0wning Vista - Offensive Security
You can download backtrack linux from this site: BackTrack Linux - Penetration Testing Distribution

EDIT: TESTED AND WORKING IN LATEST VISTA UPDATES.
I was able to change the administrator account password using this. Once you have done the swap so you can access cmd.exe with Windows+U, type "NET USER <username> <new password>" and it will change <username>'s password to <new password>. You don't need to know the current password because you have administrator privileges.

----------


## LikesToTrip

Very nice find Vertebrate. Would you even need backtrack, looks like it should work with any linux distro.
EDIT: Works on Win7 and I used Ubuntu. Had to get to the Windows files through /media rather than /mnt but still works just fine. I'm posting this on my win7 without having logged in. I wish I could thank you twice Vertebrate, this is a very nice find!

----------


## Marvo

Yeah it's quite fascinating. I might try it out in my school one day, just to mess with them.

----------


## tommo

I miss being at school for that very reason.

----------


## Vertebrate

> Very nice find Vertebrate. Would you even need backtrack, looks like it should work with any linux distro.
> EDIT: Works on Win7 and I used Ubuntu. Had to get to the Windows files through /media rather than /mnt but still works just fine. I'm posting this on my win7 without having logged in. I wish I could thank you twice Vertebrate, this is a very nice find!



No problem. I actually found this using stumbleupon a couple weeks ago. I assumed it would probably also work with Win7 but I haven't tested it on my laptop yet. And yeah other linux distro live CDs work too. Backtrack is just a nice live CD with even more tools on it. You can even do this as an unprivileged user, the only thing that stops you from renaming Utilman.exe is explorer. I was able to rename it from a regular user account using a tiny C program I wrote.

----------


## Taosaur

> Very nice find Vertebrate. Would you even need backtrack, looks like it should work with any linux distro.
> EDIT: Works on Win7 and I used Ubuntu. Had to get to the Windows files through /media rather than /mnt but still works just fine. I'm posting this on my win7 without having logged in. I wish I could thank you twice Vertebrate, this is a very nice find!



Were the commands in Ubuntu identical to the video? I tried it with an Ubuntu LiveUSB on my Win7 x64 machine, and "ls" turned up no results for /mnt or /media, with sda1 kicking out "no such file or directory."

I'd like to try this on my sister's Vista PC--she's been locked out of the admin account for months. I'll be out there this weekend, but I know squat about Linux and she doesn't have internet, so if it doesn't work as-is, I'm SOL.

----------


## LikesToTrip

> Were the commands in Ubuntu identical to the video? I tried it with an Ubuntu LiveUSB on my Win7 x64 machine, and "ls" turned up no results for /mnt or /media, with sda1 kicking out "no such file or directory."
> 
> I'd like to try this on my sister's Vista PC--she's been locked out of the admin account for months. I'll be out there this weekend, but I know squat about Linux and she doesn't have internet, so if it doesn't work as-is, I'm SOL.



The drive has to be mounted to be viewed, and the drive might not be sda1. If you go to System>Administration>Disk Utility you can find the drive with Windows on it and mount it from there. Then it should show up in /media as a random number/letter combination. After that it's the same as the video.

----------


## Taosaur

Sweet, that did it. Oddly, I get I/O errors when I try "Run Ubuntu from this USB," and have to "Install Ubuntu on a Hard Disk" then quit the installation process to get the OS to load, after which it works fine.

To sum up for fellow Linux-illiterates and make this post semi-useful: 
1) boot from pretty much any Linux LiveCD or USB
2) In the System menu, go to Administration>Disk Utility
3) Choose the drive with Windows on it and Mount Volume
4) Note the directory (/mnt or /media) and string of characters assigned to the volume
5) In the Applications menu, go to Accessories>Terminal
6) Enter the commands from the video:




> cd /mnt (or /media, see step #4)
> ls (will produce a list of drives and partitions in that directory, including the one you mounted)
> cd dr1v3n4m3 (string of characters from step 4)
> cd Windows
> cd System32
> mv Utilman.exe Utilman.old
> cp cmd.exe Utilman.exe
> reboot



7) Let system boot to Windows log-in screen
8) Press WindowsKey + U to open the Utilities Manager
9) Enter this command:




> NET USER <current username> <new password>



Correct? I'm guessing the first two commands could be condensed to "cd /media/dr1v3n4m3" which could also be copied to the clipboard in step 4, am I right? Do all or most distros have the same Application and System menus?

ETA: Would it be wise to switch the files back when you're done?




> rm Utilman.exe
> mv Utilman.old Utilman.exe



Would that do it?

----------


## LikesToTrip

> Sweet, that did it. Oddly, I get I/O errors when I try "Run Ubuntu from this USB," and have to "Install Ubuntu on a Hard Disk" then quit the installation process to get the OS to load, after which it works fine.



That's weird, I've never used a USB so I have no idea how to troubleshoot that  ::?: . At least you figured out a work around.

Yup, those steps are correct. And actually you can condense the first 5 commands. Assuming your drive name is dr1v3n4m3 you could type 'cd /media/d*/Windows/System32' the asterisk is a wildcard for any length of characters so you don't have to type the whole name. Oh and make sure you get the capital letters correct Linux is case sensitive.
And when you get into windows you can use 'net user' to view all the accounts to find the one you need. I'm pretty sure you're correct with the 'net user <username> <password>' but I always do 'net user <username> *' and then it prompts for a new password.
And once you've set the password and are able to get on to the Admin you can go into the System32 folder and rename Utilman.exe to cmd.exe and then rename Utilman.old to Utilman.exe to revert what you changed.




> Do all or most distros have the same Application and System menus?



Any distro running GNOME desktop environment should have a similar enough set up to where you could find what you need. Every distro is slightly different though. If it's running KDE or XFCE it will be different and you might have to do some googling to find what you need.
Good luck, you should be able to figure it out just fine.

----------


## Vertebrate

> I'd like to try this on my sister's Vista PC--she's been locked out of the admin account for months. I'll be out there this weekend, but I know squat about Linux and she doesn't have internet, so if it doesn't work as-is, I'm SOL.



If you have access to a non-admin account you should be able to force rename utilman.exe and then copy cmd.exe. from there logout, press windows+u, type "NET USER <admin account name> <new password>" and it will change the password to _<new password>_

If you need help forcing a rename I wrote a program in C++ to do it. Let me know if you couldn't get the drive mounted in ubuntu. The commands should be identical once it's mounted up.





> ETA: Would it be wise to switch the files back when you're done?
> 
> Would that do it?



Yeah that would be a good idea (Unless you foresee this happening in the future! You could just leave it there. Be aware that it would be a rather large security hole if somebody had physical access). My C++ program does that _to the best of my knowledge._ I sort of accidentally deleted my original Utilman.exe while debugging it. It seems to work with a dummy Utilman.exe file.


*EDIT:* As much as I hate sharing EXE files, I don't well see a better way to do it. Here's the program.
Open it, type y for yes or anything else for no. I don't think backspace works so don't mess up! Anyway open it again and it will ask you to restore the utilman file. If it gives you an error it's probably a file ownership or access problem and you will have to boot to linux. (That would mean you have no permissions at all in \windows\system32, which is not the default behavior of non-admin accounts surprisingly)

----------


## Taosaur

Update: I was able to use this method to swap the .exes from an Ubuntu liveUSB and change my sister's password to get her back into her PC. The Windows command was indeed "net user <username> *" not "net user <username> <password>"

----------


## Vertebrate

> Update: I was able to use this method to swap the .exes from an Ubuntu liveUSB and change my sister's password to get her back into her PC. The Windows command was indeed "net user <username> *" not "net user <username> <password>"



Both work. * shows a prompt. if you type a password instead of a star it works the same without a prompt.

----------


## Taosaur

No, net user <username> <password> did not change the password.

----------


## Vertebrate

> No, net user <username> <password> did not change the password.



Weird, it did for me >_>

----------


## Marvo

> No, net user <username> <password> did not change the password.



Did it return an error message?

----------


## Taosaur

> Did it return an error message?



No, it either said "password changed successfully" or just dropped down to a new command prompt (there was some confusion with the admin username in the command window being different from the one on the log-in screen, so I don't remember exactly which combinations produced which outputs). When attempting to log-in after using the <un> <pw> command, though, the old password hint remained and the new password did not work.

----------


## Marvo

Are you sure you're trying to log in as the right user? There might be multiple users on that computer.

----------


## Taosaur

We did ultimately arrive at the right username, and the "<un> *" command successfully changed the password allowing us to log in to the account, whereas "<un> <pw>" did not. While I cannot rule out user error in entering the "<un> <pw>" command, I can only personally vouch for the "<un> *" command.

----------


## Vertebrate

> We did ultimately arrive at the right username, and the "<un> *" command successfully changed the password allowing us to log in to the account, whereas "<un> <pw>" did not. While I cannot rule out user error in entering the "<un> <pw>" command, I can only personally vouch for the "<un> *" command.



I'd like to personally vouch for "net user <un> <pw>" as I've used it multiple times on multiple installations of windows vista and windows 7  :armflap:

----------

