home-Computer-Review of Elcomsoft System Recovery and Reset Windows Password! Or how to find out your Windows password without leaving any trace of your account being hacked. Restoring access to blocked Windows Elcomsoft System Recovery accounts on board the Admi Live disk

Review of Elcomsoft System Recovery and Reset Windows Password! Or how to find out your Windows password without leaving any trace of your account being hacked. Restoring access to blocked Windows Elcomsoft System Recovery accounts on board the Admi Live disk

To reset/recover the administrator password, we recommend using

Below we provide another step by step instructions to recover (change/reset) the administrator password using the bootable ISO image of Elcomsoft System Recovery. The method is much more complex for advanced users.

Important: If your VDS uses Virtio drivers (almost all new VDS with Windows 2008 from our OS templates) - change the HDD controller type to "default" in . If you don't do this, the LiveCD "will not see" HDD server and you won't succeed. Don't forget to change the controller type back after resetting your password.

Step 2. Open the VNC console and initiate a reboot of your VDS server.

Step 3. To boot from ISO you need to press the key F12 immediately after the message " Press F12 for boot menu"then enter the number of the DVD/CD option (usually 1) and then you must have time to press the spacebar or another key immediately after the VDS starts loading (when the prompt “Press any key to boot from CD...." appears, otherwise the server will continue loading from your hard drive!

Step 4. Wait until the server boots from the mounted ISO image, then select " I accept the agreement", and press the " button OK":

Step 5. In the next window, make sure that your server’s HDD is in the list of disks. If HDD drives there is no suitable size - most likely you did not change the type of HDD controller as described at the beginning of the instructions and the system “does not see” your disks. If the disks are in the list, click the "Next" button:


Step 7 Make sure that Windows folder discovered. If you have several systems, you can select the one you need manually (note that the drive letter will be different!) Otherwise, leave “Auto selection”. Uncheck "Test short and simple....", then click the "Next" button:

Step 8 A list of accounts on the server opens. Double-click on administrator (or any other person whose password you want to change):

Step 9 In the window that opens, enter New Password(the password must be complex! If you specify a simple password, it will most likely not be possible to log in!). If at the same time “only numbers are printed” - check that the English layout is turned on on your (!) computer, and not the Russian one. Make sure that the "Administrator account" checkbox is checked and that "Account is disabled" and "Account is locked out" are NOT checked. Click the "Apply" button, then you will be asked to save a backup copy of the SAM file (not necessary, you can answer "No"):

Step 10 We confirm our understanding that access to all personal certificates, encrypted files, etc. will be lost, click “Yes”:

Step 11 A message will appear asking that the user data has been changed and whether we want to reboot the system. Answer “Yes” and the VDS will reboot into the normal system:

Step 12 Once the download is complete, you can log in with your new password. Don't forget to disable the ISO image in the control panel and return to HDD controller mode if you changed it.

Attention: If something doesn’t work out for you or goes wrong, you can

This lesson is a continuation of the topic: Computer security.

So, the password is forgotten, we cannot log in, but now we have boot disk Elcomsoft System Recovery programs.

Let's force the computer to boot from this disk. To do this, you need to set the appropriate BIOS settings.

Immediately after turning on or restarting the computer, press the “Delete”, “Esc” or “Tab” key more often. It depends on the BIOS manufacturer. For laptops - "F2". Until the window opens BIOS settings. In these settings, you need to find and assign the CD/DVD drive as the first boot device. Everything here, of course, is in English, so you’ll have to delve into it and figure it out. It’s time to write another lesson on this topic. Although, there are plenty of such guides in RuNet. But you need to learn how to enter the BIOS and make settings in it.

When we have set the CD/DVD drive as the first boot device in the BIOS and inserted the boot disk into the drive, we turn on the computer. For a few seconds, a phrase appears on the monitor asking you to press any key to continue. We do so - we manage to press some key. Now the computer boots from the ESR disk.

The window opens first license agreement programs. Here, select the Russian language, accept the agreement and confirm “OK”. Next, we see a welcome window with a cemetery landscape, logo and company motto: “The Lord saves fallen souls. We save lost passwords”:

In the next window, also leave the default settings and click “Next”:

After this, the program begins checking account passwords. Within a minute, ESR finds a difficult - eight-digit, mixed-case, forgotten administrator password:


Here, we can already close the program - the lost password has been restored. To change this password, click “Next” and go to the password change window. We assign a new password or delete the old one - reset it. Then, click the "Close" button. The system asks to reboot, confirm “Yes”.

Elcomsoft System Recovery comes as a program that allows you to quickly create a bootable disk (CD or USB). You will be able to create bootable devices for computers with 32-bit and 64-bit BIOS, as well as for all devices with 32-bit and 64-bit UEFI.

Windows PE provides a convenient and familiar Windows interface. No scripts, no command line, no complicated settings!

Elcomsoft System Recovery supports the widest range of hardware, including SATA controllers, SCSI and RAID from most manufacturers. Even if some exotic controller is used, you can load the necessary driver (usually supplied with the equipment) from a CD or flash drive.

Unlike other products that use their own code, the reliability and compatibility of which is not guaranteed, Elcomsoft System Recovery includes native (from Microsoft) support for all file systems Microsoft: FAT, FAT32 and NTFS.

If you don't have EFS-encrypted data on your computer, resetting the password is the fastest and fastest way effective way restoring access. Elcomsoft System Recovery allows you to change your password to any other one - without needing to know the original one. There is no need to carry out complex attacks to recover a password (which also do not guarantee results) - it’s easier to set a new one.

SYSKEY passwords were used in old Windows versions as an additional layer of protection. If the SYSKEY password is set, it was requested at the system boot stage even before the system asks for a password for the user account. SYSKEY passwords have been actively used by ransomware scammers; As a result, Microsoft developers have eliminated the possibility of setting such passwords in operating systems. Windows systems 10 and Windows Server 2016 (build 1709). Users of older versions of Windows may still be affected by scammers. Elcomsoft System Recovery allows you to find or reset SYSKEY passwords, restoring system functionality.

In cases where the password saved in the system is still needed, Elcomsoft System Recovery has tools for restoring it. In this case, you do not need to specify any special parameters- we have already prepared for you a number of effective attacks, including both brute-force attacks and checking the most frequently used passwords - they only take a few minutes, and the probability of recovery is very high.

Elcomsoft System Recovery knows where the system stores system passwords and how they are encrypted, and in some cases can retrieve them instantly.

If the password turns out to be long and complex, there is still a chance of recovery. A dictionary attack is available in ESR, which allows you to use any dictionary (for example, containing user passwords from other devices) and up to 4 levels of mutations.

In difficult cases, the program allows you to extract password hashes (both for local users, and for users in the domain, i.e. from the database Active Directory) and save them in a file so that later you can carry out more advanced attacks on another computer. We recommend using our solution for this - a powerful tool that scales across a network of thousands of computers, with hardware acceleration using NVIDIA video cards.

In Windows 8, it became possible to log in online using your account Microsoft records(Live!); the same mechanism is now actively used in Windows 10. Authentication occurs on Microsoft servers; however, in Elcomsoft System Recovery it is possible to replace the password hash stored in the system for such accounts and temporarily switch authentication for them to local.

In addition to resetting the password, the product has the ability to export password hashes of such accounts, which makes it possible (just like for local accounts) to recover the original passwords (for example, using Elcomsoft Distributed Password Recovery. Having a password for a Microsoft account, it becomes possible access to other Microsoft services linked to this account: Skype, Hotmail, OneDrive and others. In addition, you have access to cloud backups. Windows Phone and Windows 10 Mobile, detailed information about the user, a list of linked devices (including their current location), and in some cases, browsing history, bookmarks, data entered in the browser, and even saved passwords for online services and social networks. Finally, the account can store a backup recovery key for drives encrypted with BitLocker.

Elcomsoft System Recovery creates backups all system files in which changes are made - if necessary, you can roll back, returning the system to its original state.

Product Video

Hello friends. And again, an article devoted to the issue of password-protected access to Windows. On the pages of the site, we have more than once resolved the issue of a forgotten, lost or initially unknown password for accounts operating system, there’s even one. But all this time we have provided instructions on how to reset your password. How can you recognize it without leaving traces of your Windows account being hacked? Two specialized programs can offer this kind of service; they are on board two popular intensive care programs and AdminPE10. Let's see how to solve the problem with their help.

But, alas, I want to upset those who are going to spy on Windows users 10: none of the proposed programs will help if you want to quietly peek the password of someone who is using latest version systems from Microsoft. And I also won’t please those who want to find out the password for someone’s Microsoft account. Everything suggested below will only apply to simple passwords for local accounts. The programs do not display complex passwords, they can only offer a classic of the genre - resetting them.

Elcomsoft System Recovery on board AdminPE10 Live disk

The first program is Elcomsoft System Recovery. This is a profile multifunctional product that can:

Reset and change passwords for accounts – local, Microsoft, Active Directory;

Don't peek complex passwords;

Manage accounts, in particular, block them, unblock them, disable them;

Reserve special system files to be able to recover subsequently reset or changed passwords;

And such other possibilities.

Elcomsoft System Recovery works from bootable media; its distribution can be downloaded from the official website www.elcomsoft.ru. Also, this program, among other tools for resolving issues with password-protected access, is presented on board the Live disk for system administrators - AdminPE10. Its ISO image for recording on a flash drive can be downloaded from the project website:

http://adminpe.ru/download/

We boot, for example, from AdminPE10. Launch Elcomsoft System Recovery.

We accept the license agreement.

And now we get a list of accounts with their passwords, if they exist, of course.

Reset Windows Password on board the Live disk of Sergei Strelets

Reset Windows Password is an analogue of the previous program, it can do the same thing as Elcomsoft System Recovery, but in addition it also provides additional functions like this: determining web account passwords, Bitlocker decryption, deleting personal user information, etc. Reset Windows Password also works from bootable media; the program distribution is available on its official website www.passcape.com. And it is also included in the software for resolving password issues. Windows access on board the Live-disc from Sergei Strelets. You can download its ISO image on Sergey’s website:

http://sergeistrelec.ru/

We start the computer, for example, from the Sagittarius Live disk. We find the Reset Windows Password program on it.

In its window, select the Russian language. And in the column “What do you want to do” - “Search for user passwords”.

If you know that the password is relatively complex, at this stage we can choose a deep one instead of a quick search. This will increase the time it takes for the program to scan passwords, but it does not guarantee that the result will be successful. Simple passwords can be found even if quick search. Click “Next”.

If there is only Windows on the computer, then simply click “Next”. If there are several, from the drop-down list we indicate the paths to the files on the corresponding disk partition where the desired system is installed.

Click “Search for passwords.”

After a while we get the result.

What to do with Windows 10 and complex passwords

So, friends, in a simple usable way using the programs proposed above we can only get simple passwords from local Windows 7 and 8.1 accounts. Perhaps there are some ornate ways to spy on complex passwords in all versions of Windows. But the same Elcomsoft System Recovery and Reset Windows Password programs, as mentioned, offer the ability to create backups of passwords and roll back to the values ​​captured in these backups. This means that by creating a backup, we can reset the password, do our business, and then boot again from the Live disk and recover the password, essentially without even knowing it. But this is a topic for a separate article, if, of course, you, friends, are interested in it.

And in principle, the password snooping procedure is still not suitable for serious espionage.

Firstly, the user can change the password at any time.

Secondly, the contents of the computer and, in particular, a specific user profile, are perfectly viewable from the same Live disks. Well, if you need, for example, to delve into someone’s Internet correspondence, we simply copy it to the cloud or to removable media browser folders inside . And we replace them with the same folders of the same browser on our computer. But there is more better way to quietly track someone else's Internet activity, it includes all possible software through which any Internet communications were carried out:

We make a Windows backup on the spy target’s computer using Acronis or AOMEI backup programs. By the way, they are on board AdminPE10 and the Sagittarius disk;

We go into the account, open all available browsers, instant messengers, and other client software. And we slowly explore everything that the object was doing on the Internet. Outside of launch, of course.

The Windows backup method leaves no traces, but in terms of efficiency, it is naturally inferior to specialized spying software, which can offer both a convenient format for delivering information and its relevance when setting up data delivery in real time over the Internet.

Hi all! In the last article I wrote how, now we’ll look at a super program for how to recover a password on Windows 7/8 and download this program Elcomsoft system recovery professional.

Elcomsoft system recovery professional - Forgot windows 8 password, reset windows 8 password

Elcomsoft system recovery professional - password recovery on windows 7/8

The Elcomsoft system recovery professional program is not just a utility that will help you reset your Windows password, it is quite a powerful tool to help the system administrator, as you can see above you will see a list of accounts, status - blocked, active, expired password and much more. You can manage any parameters of all accounts in your Windows OS. In the screenshot, the program is in English, but don’t worry, you can select Russian when starting.

How to burn system recovery professional to a USB flash drive

elcomsoft system recovery professional is supplied as an ISO image; in order to use the program, you need to burn it to disk or usb flash drive. Writing to a disk is not difficult, let’s look at how to write to a USB flash drive:

  1. Download the program - https://yadi.sk/d/UlRuVMstekWgP
  2. Launch it, select your flash drive (ATTENTION, all data on the flash drive will be erased), check the box, select iso file, and click Do It. 7 minutes and you're done, a message will appear.

Download Elcomsoft system recovery professional

Guys, we have opened a new section “” you can easily make money from articles.

Similar publications: