Recover windows 10 administrator password by Kali Linux

Similar as previous version of Window’s Operating system like Window XP/7/8/8.1 password of Window 10 are saved in SAM (Security Account Manager) file located in C:/Windows/system32/config. These password are encrypted with NTLMv2. In this post I will show you to dump the hashes and crack it using John password cracker tool. User can do that by follow the given steps:

Step 1:Boot Window machine with Kali Linux Live DVD/Flash Drive

Step 2: Mount Windows System Drive

1. Click on the Places and the menu bar will open click on Computer. The file manager will open.
2. Click on other location, and again click on the Windows media. New windows will be open and looks like image.
   Note: If you will not able to open this drive automatic use following command to fix error. This happen because Windows 10 does not shut down properly. By default it is going to sleep mode, So you will have to run following command.
   #fdisk -l
   this command is used to check the attached hardisk and its partition. its upto you how will you find the windows partition. if you will run following command with wrong partition, then no issue.
   #ntfsfix /dev/sda2 (partition address)
3. Try again to open Windows media, Once you will open go to next step.

Step 3: Open terminal and Go into the SAM file location

#cd /Media/Media No./Windows/System32/config

Old method to get windows 10 password hashes

Step 4: Find the system bootkey using bkhive utility

#bkhive SYSTEM /root/Desktop/system

Step 5: Dump Password hashes using samdump2

#samdump2 SAM /root/Desktop/system > /root/Desktop/hashes.txt

New Method to get windows 10 password hashes – 2017

STEP 4+5: This is very important step, because in this step you are going to retrieve Windows 10 password hashes. So run the following command and dump the hashes.

#pwdump SYSTEM SAM > /root/Desktop/hashes.txt

You can provide any name instead of hashes.txt

Step 6: Change working directory as /root/Desktop

#cd /root/Desktop

Step 7: See available hashes in hashes.txt file

#cat hashes.txt

Step 8: Find the password from hashes using John the Ripper

#john –format=nt2 –users=UserName hashes.txt

Find the password Have a fun 

Method 2. How to Recover Windows 10 administrator password If You Forgot.

Another tool that can be used to recover windows 10 administrator password is the iSeePassword Windows Password Recovery Pro, this is a best PC Unlocker software. It is a professional password recovery tool that is meant to reset or unlock computer password. It is available for many other Windows operating systems including Windows Vista, 7, 8 and XP. You only need a USB flash drive. When compared to other methods mentioned above, this is the easiest way to recover a lost password and has no drawbacks. It works by listing all user accounts on your computer, you only need to select a user account on your computer and click the password reset button. You can login to your Windows account after restarting.

Let’s see how iSeePassword Windows Password Recovery Pro Works.

Step 1. Download iSeePassword Windows Password Recovery Pro and install and launch it on another available PC. There are 2 ways to burn a password reset disk, USB or DVD/CD,  just inset a USB flash drive into it. Click “Burn”.

Step 2. When successful message pops up, click OK and exit removal device. Password recovery disk have been burned successfully.

Step 3: Insert the newly created USB drive to the locked Windows 10 computer. Set USB drive as the first boot device in BIOS setup. This computer will reboot. Then it will load the program, and detect all system and account on your computer, follow the interface to reset your Windows 10 password.

After you successfully reset the password, disconnect the boot disk and reboot your PC when password is reset to blank. Then your PC will restart normally and Windows 10 can login without password.

iSeePassword Windows Password Recovery Pro is easy to use and safe. With it,you can fast access to your windows if you forgot login password on Windows 10 without system re-installation.