Home > Products > Windows Passwords > Windows Password Recovery > Program FAQ
Working with the program - FAQ
Happy New Year!
New Year greetings and holidays discount
Windows Password Recovery v11.1
Some minor improvements, changes in DPAPI engine
New blog post
Hash encryption in Windows 10 Anniversary Update
WPA password recovery benchmarks
New devices

Articles and video

You may find it helpful to read our articles on Windows security and password recovery examples. Video section contains a number of movies about our programs in action

Windows Password Recovery - program FAQ

Q: What do the question marks in LM passwords mean?
A: As you may have already known, an LM password consists of two halves. If an LM password has 7 leading question marks, that means that only the second half of the password is found. The trailing question marks indicate the first half of the password recovered.
Q: What's the difference between LM and NT passwords? I have found both passwords: MASTERGURU and MasterGuru. Which of them is the right one? Which one should I use?
A: To log on to the system, you need to use the NT password.
Q: When brute forcing an LM password, the program complains and tells me that it truncates the password to 7 characters. Is that a bug?
A: No. As you know, an LM password is split into two 7-character halves. Therefore, the maximum length of brute forced LM passwords is 7 characters.
Q: I know my NT password, but the program fails to find it for some reason? Why?
A: The NT password is case sensitive. Perhaps, you have set an incorrect search range. Try checking the password manually in (Tools-Password Checker). Password Checker automatically checks all possible combinations of uppercase and lowercase characters.
Q: I have recovered the administrator password, but when attempting to log on with it, the system tells me that the password is incorrect. What's the matter?
A: Most likely, you have recovered the local administrator's password, while your computer belongs to a domain. Domain passwords are stored in Active Directory, including the domain Administrator's password. Try logging on to the system in the safe mode.
Q: During a dictionary attack, I have recovered a password that was not in the dictionary. How did that happen?
A: Most likely, you had set the maximum mutation level, when the program also checks dictionary words typed in a non-English, national character set, depending on the keyboard layout. For example, the word 'secret' typed with the Cyrillic layout will produce the word 'ыускуе'. Besides swapping keyboard layouts, the active mutations can mutilate the words to the point where they are hard to recognize. Mutation is used in the preliminary, intellectual, dictionary, and combined attacks, as well as in the key word and phrase attacks.
Q: In a batch attack, can I set the same attack type but with different settings?
A: Yes, you can do that.
Q: I've got a question concerning online dictionaries. I've noticed that they are extremely compressed, to the level greater than those that are produced by the archivers. What is the PCD format?
A: That is a proprietary dictionary storage format developed in Passcape, which uses additional optimization and encryption algorithms. Some dictionaries can indeed be compressed harder than with a regular archiver. For example, the Australian.pcd dictionary in the original format takes 926 KB of space, while in the compressed format it's only 53 KB.
Q: I chose to run a dictionary attack and set the medium mutation level. When I launched the attack, I was unpleasantly surprised with the low speed, only a few thousand passwords per second. Why is it so slow?
A: The program shows the attack speed without mutations. For example, if 1000 words has been processed within a second, it shows 1000 p/s, although the mutation module could have generated 1000 additional words per each word during that time. Thus, the actual search speed is by hundreds or even thousand of times greater than what you see on the screen.
Q: Can I use the regular dictionaries in a combined dictionary attack?
A: Yes, you can.
Q: I know that the password begins with "blue". Which attack would be the best one to use?
A: You can try dictionary attack. For example, the mask 'blue%c%c%c%c%c%c' would search the range from 'blueaaaaaa' through 'bluezzzzzz'. You can also try running a combined dictionary attack. In order to do that, open notepad, then type 'blue' and save the file as, for instance, 1.dic. Then open the combined attack options and set 1.dic as the primary dictionary and any other - as the secondary dictionary. This way the program would search for disyllable words like bluepig, blueberry, bluegirl, etc. If you add the third dictionary, the program will search through the combination of the three components. For example, bluecoolgirl, blueblackhash, bluebadboy.
Q: The Artificial Intelligence attack goes too slow. What's the matter?
A: It's either because the password cache is full. In this case, you need to try emptying it. Or because you have set too deep mutation, and the program has found quite many 'suspicious' words; i.e. the words that are considered as the potential passwords.
Q: I am launching the brute force, but the program complains that it has nothing to do. Why?
A: Before launching the brute force, you must first select the hashes. You can do that through the Edit - Select menu.
Q: What are Rainbow tables? And how can they be used for recovering passwords?
A: To launch a rainbow attack, in the attack options you need to load the *.RT or *.RTI files that contain Rainbow tables. The type of the tables must match the type of the hashes selected for the attack. Therefore, the names of the files with the tables must begin correspondingly: "lm_*.rt" for LM hashes, "ntlm_*.rt" for NT hashes. You can get some additional information and download rainbow tables at Wiki.