Home > Products > Windows Passwords > Reset Windows Password > Screenshots > Search and recover Windows passwords
Searching and recovering Windows account passwords
Reset Windows Password v7.1.0
RWP now can create new SAM user accounts and supports for Win 10 Creators Update
Wireless Password Recovery v4.0.3
Some problems and bugs were fixed
Windows Password Recovery 11.2
Some improvements and speed optimization
Wireless Password Recovery v4.0
This version can recover multiple handshakes simultaneously almost without speed loss

Articles and video

You may find it helpful to read our articles on Windows security and password recovery examples. Video section contains a number of movies about our programs in action

Reset Windows Password:
searching and recovering user passwords


Setting search and recovery methods

Searching and recovering lost Windows passwords

Finding user's passwords takes 11 major steps:

  1. Finding information in Windows system cache. This method, in its turn, consists of over a dozen of mini-attacks, during which the program analyzes all kinds of system passwords, from secrets through DSL, FTP, IM, etc. passwords.
  2. Analyzing simple, short passwords, keyboard shortcuts, etc.
  3. Password search using Passcape rainbow tables. The program comes with a set of 8 simple NTLM tables. Even though the overall table size (52 Mb) is too small to attack complex passwords, it is often enough to decrypt common ones. This feature is not available in DEMO version.
  4. Scan, parse and analyze most recently used files of the target system.
  5. Primitive dictionary attack. The application checks all passwords from the built-in dictionary for the Light and Standard editions or from several dictionaries (Arabic, Chinese, English, French, German, Portuguese, Russian, Spanish) for the Advanced Edition. If the deep search option is on, simple word mutations will also be taken into account during the search.
  6. Primitive brute-force attack.
  7. Artificial Intelligence attack. The attack analyzes network activity of a user on the computer. Over thirty mini-modules take care of that. Upon the results of the analysis, the application generates user preferences and generates a semantic dictionary for the attack, which it later uses it for finding the password.
  8. Search for passwords in deleted files.
  9. Primitive Fingerprint attack on some complicated English passwords.
  10. Extract strings from huge files: RAM images, hiberfil.sys, pagefile.sys and so on. When this option is set, the program tries to skip files useless in password analysis like video, huge archives, audio files, etc.
  11. Search passwords by reading and analyzing raw sectors of the selected drive. This feature works for both LM and NTLM hashes, looking for both ASCII and UNICODE passwords. If the 'Password mutation level' is set to 'Deep search', the program additionally tries to mutate all found passwords, thus walking through all sectors of the drive may take quite a time. The sector-based scanning algorithm can be extremely helpful, because it allows to extract passwords even if the target file was deleted from disk long time ago. On the other hand, it is inefficient against compound files (for example, Microsoft Office) and is absolutely useless against drives which have a full-disk encryption set on. Like Bitlocker or TrueCrypt.



Selecting data source

Selecting data source to search in

When searching for passwords, special attention is to be paid to entering files and folders required for the analysis process. Without those, password search will be inefficient. The application finds the files automatically, but sometimes, e.g., when the computer has several operating systems installed, you may need to use the 'manual control'. Please also keep in mind that if the computer has 2 or more hard disk drives, the sequence of the letters for these disks can be set totally different than in the original system.



Searching and decrypting passwords

Searching and decrypting Windows passwords

Finding/decrypting passwords can take some time, which depends on attack settings and peculiarities of your system. Completing the search normally takes not more than a half an hour (without Passcape table attack). The Passcape table attack however takes much longer and depends on your CPU and the number of hashes to recover. For example, on a 2-core CPU it takes usually up to 3-4 minutes to check a single hash.

Note that not all passwords can be extracted but only vulnerable ones!