Windows Password recovery - Use a Penguin

Its a bit cobwebby in here, who outsourced the housekeeping ?

In the purely hypothetical instance of not being able to login to Windows-10 with a given password and that password being apparently wrong I would turn to something like Trinity Rescue Kit to remedy things.

However TRK has dropped into obscurity and all remaining references to a download look a bit shifty.

So what is a bloke to do ?
Can this be done with verifiable open source software ?

Why Yes, Yes it can!
All you will need is a USB stick and an Ubuntu Live ISO image

I created the USB stick image from an Ubuntu 20.04 Desktop system

Before you plug in your usb, identify the disks to be left alone
$ lsblk |egrep "disk|part"
sda 8:0 0 465.8G 0 disk
└─sda1 8:1 0 465.8G 0 part /

Plug in your USB and run that again
$ lsblk |egrep "disk|part"
sda 8:0 0 465.8G 0 disk
└─sda1 8:1 0 465.8G 0 part /
sdc 8:32 1 7.2G 0 disk
├─sdc1 8:33 1 870M 0 part /media/ian/Ubuntu-Server 18.04.4 LTS amd64
└─sdc2 8:34 1 2.4M 0 part

The target drive is sdc so lets blat the ISO on it, note the “&& sync” to ensure all data is written before you get your prompt back

$ sudo dd if=~/Downloads/ubuntu-18.04.4-live-server-amd64.iso of=/dev/sdc bs=4M status=progress && sync
[sudo] password for mikeoxlong:
217+1 records in
217+1 records out
912261120 bytes (912 MB, 870 MiB) copied, 0.51143 s, 1.8 GB/s

Now we take a look at the problem system.
If you can have a wired ethernet connection life will be much simpler towards the end.

One thing to trip you up is Windows 10 deciding that a shutdown command is really a hibernate.
This will leave the disk in a unclean state which may be impossible to access.

Solution : hold the SHIFT key before you click shutdown and it will do an actual shutdown.

Do you know which Fn-Key invokes the boot menu ?

Plug in the USB, power up and interrupt the boot to get a boot selection menu.
If you miss the menu and windows wakes up, use the DAYAFT method by holding SHIFT again.

If all goes to plan it will spring into life with a “GRUB MENU” and start beavering away installing but panic-ye-not it wont install unless you configure things and select OK a few times.

When it shows “Language selection” press ALT F2 and you will have a shell prompt to work with so
check if you have a working network connection

ubuntu-server@ubuntu-server:~$ ip neigh
10.2.5.254 dev enp0s31f6 lladdr c0:4d:c0:de:ad:7e REACHABLE
ubuntu-server@ubuntu-server:~$ ping -c3 www.bbc.co.uk
PING uk.www.bbc.co.uk.pri.bbc.co.uk (212.58.233.254) 56(84) bytes of data.
64 bytes from 212.58.233.254 (212.58.233.254): icmp_seq=1 ttl=53 time=8.16 ms
64 bytes from 212.58.233.254 (212.58.233.254): icmp_seq=2 ttl=53 time=8.13 ms
64 bytes from 212.58.233.254 (212.58.233.254): icmp_seq=3 ttl=53 time=8.13 ms

uk.www.bbc.co.uk.pri.bbc.co.uk ping statistics —
3 packets transmitted, 3 received, 0% packet loss, time 2003ms
rtt min/avg/max/mdev = 8.137/8.144/8.160/0.104 ms

If it looks like that, all is good, if not you may have to find a USB ethernet adapter or something.

Now the good stuff begins - add a tool to the live image - chntpw
sudo apt update
sudo apt install chntpw

  • find the windows slice - probably tagged “MICROSOFT BASIC DATA” and the biggest on /dev/sda
    sfdisk -l

  • make a mount point and mount the slice
    sudo mkdir /media/disk
    sudo mount /dev/sda4 /media/disk

  • move to the directory we need
    cd /media/disk/Windows/System32/config

  • Now for the money shot, can we list the local accounts ? (-l is lowercase L)
    sudo chntpw -l SAM

  • Change the account that has caused you vexation (Hint, set it to blank its easier to remember!)
    chntpw -u JoeBloggs SAM

  • cleanup
    cd /
    umount /media/disk
    init 0

unplug the usb and power up, set a new password and put it on a post it note in the back of your diary.