There are many utilities to reset your XP administrator password out there available to the consultant, but only one that will discover your password for you and that is a Rainbow Crack Table. A rainbow crack table is a large (very large - 610MB to 64GB) table of pre-computed hashes to be compared with the hashes pulled from your computer. In this manner, instead of brute forcing your way through and spending all kinds of time looking for the password, you are looking through a database, comparing hashes, then printing out the corresponding password. Much faster. If do much consulting, it might be to your benefit to pre-compute a set of tables just to have on hand, or you could try an online password recovery service like http://www.loginrecovery.com/ (free and fee based) Although in many instances it doesn't matter if you reset a password or discover the password if you EFS on your system, you won't have access to it anymore.
Running Rainbow Crack
Running rainbow crack should really be done on multiple machines speed things up, I ran mine on 5 Compaq Presario 1.6ghz machines and I spent the better part of a month computing the 36GB database. (I also stopped them multiple times to move the computer room) so you can see the advantage of splitting the task up for many cpu's. I'm going to give you an overview of the process on XP, but it is similar in Linux.
Generate and sort your tables as per Tutorial
- Download http://www.antsight.com/zsl/rainbowcrack/rainbowcrack-1.2-win.zip and unzip it, it is all command line driven, so put it somewhere easy to type to.
- Figure out how accurate (and how much time and disk space you will use) by picking out a charset from this list http://www.antsight.com/zsl/rainbowcrack/configurations.htm
- If you have multiple machines, just give each machine a few of the jobs from the list and have them save to the same place on a network share.
- When you have computed the tables, use rtsort.exe on them to make rtcrack.exe faster.
- Crack the hash with rcrack.exe and the sorted rainbow tables.
Isn't there an easier way?
Why thanks for asking, yes in fact there may be a couple! I say may because the bootable cd Ophcrack has the 650 MB set of Rainbow Tables, so it might not work if the password is tricky. The second option http://www.loginrecovery.com/ has always worked for me, but you wait a week for results unless you pay a fee.
- Ophcrack is a small linux distro with a small alpha numeric tableset that is in one convenient .iso for download http://sourceforge.net/project/showfiles.php?group_id=133599&package_id=167699
- Rainbow Crack page with everything you need to generate tables and discover passwords. http://www.antsight.com/zsl/rainbowcrack/
- http://www.petri.co.il/forgot_administrator_password.htm Great site in general with nice article on password issues, including rainbow crack tables.
- http://www.loginrecovery.com/ has a bootdisk and .iso to download, they you email them the hash file, then presto you have passwords.