Home > Products > Windows Passwords > Reset Windows Password > Screenshots > Search and recover Windows passwords
Searching and recovering Windows account passwords
14.11.2022
Reset Windows Password v12.2
Resource usage monitor, wireless password locator, network drive mapper
09.11.2022
Hindi translation
A Hindi translation of the paper dedicated Windows Hello biometrics flaw
11.10.2022
Office password recovery tools
Support for Nvidia RTX 4xxx devices
11.10.2022
Windows Password Recovery v15.1
Support for Nvidia RTX 4xxx devices

Articles and video

You may find it helpful to read our articles on Windows security and password recovery examples. Video section contains a number of movies about our programs in action

Reset Windows Password:
searching and recovering user passwords

 

Setting search and recovery methods

Searching and recovering lost Windows passwords

Finding users' passwords takes 11 major steps:

  1. Finding information in the Windows system cache. This method, in its turn, comprises over a dozen mini-attacks, during which the program analyzes all kinds of system passwords, from LSA secrets through DSL, FTP, WiFi, internet, mail, network, Sticky Notes, Windows clipboard, and other stuff.
  2. Analyzing simple, short passwords, keyboard shortcuts, etc.
  3. Password search using deep learning algorithms. Even though these algorithms are cut significantly to meet CPU requirements, they work much better compared to previous ones.
  4. Scan, parse and analyze the most recently used files of the target system.
  5. Primitive dictionary attacks. The application checks all passwords from the built-in dictionary for the Light and Standard editions or from several dictionaries (Arabic, Chinese, English, French, German, Portuguese, Russian, Spanish) for the Advanced Edition. If the deep search option is on, simple word mutations will also be taken into account during the search.
  6. Primitive brute-force attack.
  7. The artificial intelligence recovery. The attack analyzes the network activity of a user on the computer. Over thirty mini-modules take care of that. Upon the results of the analysis, the application generates user preferences and generates a semantic dictionary for the attack, which it later uses it for finding the password.
  8. Search for passwords in deleted files.
  9. Primitive Fingerprint attack on some complicated English passwords.
  10. Extract strings from huge files: RAM images, hiberfil.sys, pagefile.sys, and so on. When this option is set, the program tries to skip files useless in password analysis like video, huge archives, audio files, etc.
  11. Search passwords by reading and analyzing raw sectors of the selected drive. This feature works for both LM and NTLM hashes, looking for both ASCII and UNICODE passwords. If the 'Password mutation level' is set to 'Deep search', the program additionally tries to mutate all found passwords, thus walking through all sectors of the drive may take quite a time. The sector-based scanning algorithm can be extremely helpful because it allows extracting passwords, even if the target file was deleted from the disk a long time ago. On the other hand, it is inefficient against compound files (for example, Microsoft Office) and is absolutely useless against drives that have full-disk encryption set on. Like BitLocker or TrueCrypt.

To apply a custom recovery method, turn on the 'Custom recovery' and select one of the available attacks. In the next step, you will be prompted to set up various options related to the selected attack.

 

Selecting data source

Selecting data source to search in

When searching for passwords, special attention is to be paid to setting files and folders required for the analysis process. Without those, the password search will be inefficient. The application finds the files automatically, but sometimes, e.g., when the computer has several operating systems installed, you may need to use the 'manual control'. Please also keep in mind that if the computer has 2 or more hard disk drives, the sequence of the letters for these disks can be set totally different than in the original system.


 

Searching and decrypting passwords

Searching and decrypting Windows passwords

Finding/decrypting passwords can take some time, which depends on the attack settings and the peculiarities of your system. Completing the search normally takes less than a half of an hour (without a deep learning attack). The deep learning attack, however, takes much longer and depends on your CPU and the number of hashes to recover.

Note that not all passwords can be decrypted, but only simple and vulnerable ones!