Home > Products > Windows Passwords > Windows Password Recovery > Screenshots > Recovering password hashes
Recovering Windows password hashes
Reset Windows Password v14.2
Telegram data recovery, Photo Database and Media Player investigation tools, and some more
Office password recovery tools
Resetting VBA passwords
New blog post
Dumping the history of users' IP addresses in Windows
Reset Windows Password v14.1
IP addresses history viewer, fast disk search, local security editor and some more

Articles and video

You may find it helpful to read our articles on Windows security and password recovery examples. Video section contains a number of movies about our programs in action

Windows Password Recovery - recovering password hashes

Use this simple instruction for the recovery of any passwords in Passcape programs. This instruction is offered in the format of recommendation and is meant primarily for the recovery of passwords encrypted with OWF; e.g., from Windows hashes.

When recovering certain types of passwords the major question is: How to organize the recovery process - which attack should I start with to raise the probability of its successful completion?

For choosing the type and the sequence of the attacks, we advise to follow this algorithm, which is applicable in the majority of cases to all types of passwords to be recovered:

First, enable the preliminary attack option, if it is available. It will help to recover simple and frequently used combinations.

Second, select one or several hashes you need to decrypt first of all and run Online recovery to find out simple and frequently-used passwords.

Third, if you are aware of any specifics of the password you are looking for, it's better to try mask attack or base-word attack first. Specifically, if you know a part of the password - using mask attack would be more effective. If you know the basic component of the password or, for example, know the password but don't remember the sequence of caps and lowercase characters in it, base-word attack would do the job better.

Fourth, if you there's no information on the password you are looking for, which occurs most frequently, be guided by the following sequence of steps:

  1. Launch Artificial Intelligence attack with mutation and indexing options set to light.
  2. If the password was not found, try once again with mutation option set to normal level and indexing set to deep.
  3. Run a rainbow table attack if there are any tables.
  4. Run a Passcape rainbow table attack.
  5. Run dictionary attack with the mutation option disabled.
  6. Launch a dictionary attack with the mutation option enabled; the depth of mutation depends on the amount of available time and the attack speed. When searching for passwords typed in the national keyboard layout, the depth of mutation should be set to strong.
  7. Select and download online dictionaries and repeat steps 6 - 7.
  8. Run Hybrid dictionary attack
  9. Repeat Hybrid attack using alternative wordlists
  10. Launch pass-phrase attack with the mutation option disabled.
  11. Launch pass-phrase attack with the mutation option enabled and set to the maximum productivity. This will allow finding even passwords typed in the national keyboard layout.
  12. Select and download online pass-phrase dictionaries and repeat steps 10 - 11.
  13. Launch combined dictionary attack with defined phrase generation rules.
  14. Select and download online dictionaries for combined attack and repeat step 13.
  15. Run fingerprint attack with default dictionary.
  16. Select and download new online dictionary for the fingerprint attack, adjust options, set the new dictionary and repeat step 15.
  17. Select a charset and password length for the brute-force attack, launch the attack.
  18. If necessary, select a new or complete the old character set and repeat the brute-force attack; i.e. step 17.
Based on the given recommendations, it is easy to create your own rules for the automated batch attack.