Retrieving lost Windows 10 password, using Kali Linux, mimikatz and hashcat

Recently, my girlfriend forgot her Windows 10 password, locking her out of her almost-brand-new laptop. I took it as a personal challenge to break into the Windows security layer and extract her password. Resetting the password was not an option!

With Windows 10 Anniversary Update, things got tougher when it comes to cracking Windows password but after trying different approaches, I managed to do it. Here’s a guide to show you the steps to follow.

TLDR;¬†We’ll be cracking Windows 10 password without admin access, and this method works with Windows 10 Anniversary Update!

Requirement: a password-locked computer, a not-password-locked computer, one (or two) USB keys.

Steps overview:

  1. Retrieve the encrypted Windows 10 password database: SAM and SYSTEM files
  2. Extract Windows 10 password hash from those files using mimikatz
  3. Crack the hash quickly using hashcat

Continue reading