Hacking into one's own computer with no skills (XP, believe it or not)

So, I have this old XP laptop. And I have a password protection on it. In my brilliance, I gave it an admin password.

Since it is ancient, I have forgotten said password. As in, I have zero clue – the clue I thought I did have is not correct. I have tried multiple variations.

I also have no way to create an XP recovery disc (ancient tech, no idea where I put the damn things) because my current tablet/laptop has no drive for such things.

Does anyone know how to break into Windows XP with a) no software other than what would already be on the machine and b) no idea what the admin password might be. And no, “blank” is not the answer. I tried that, but I must have set a password somewhere.

I’m screwed, aren’t I?

(In semi related news: memo to self – next computer you get, first thing you download after the requisite security software, is VLC. It’s bailing me out of this situation… for what I need to do anyway. I still can’t get into the damn ancient machine. But when it comes to obsolete media file formats… Bless you, VLC. Bless you).


One thing I have heard of people doing: if you can get to the BIOS, set it to try to boot from USB first and then the hard drive. Then make a bootable USB with Ubuntu or some other sort of Linux on it. Plug in the USB, turn on the machine, and it should boot to Linux. If the hard drive isn’t encrypted, you might be able to copy files from there.


This. There are Linux based recovery images that can be used to change the password or at least get your data off. Just burn to a CD or USB drive and boot from that. I would suggest a CD if the laptop is that old.


It depends on what you want to use the laptop for.

XP didn’t use full-disc encryption, so if you just want to copy the files, buy (or borrow) a USB-to-IDE* adaptor, and plug the drive into your new computer.

If you actually want to log in, you can boot from a USB drive and use the Offline NT Password Reset Tool to reset the password for your account.

*Edit to add: if it’s a laptop, you’ll need to make sure the adapter has a laptop IDE connection and/or SATA, depending on the drive.


What’s your budget for fixing this? Most tech places like geek squad or staples should be able to recover your password for a fee.

If you want to do it yourself, you’ll need either a CD burner (assuming the old laptop has a CD drive) or a USB to IDE adaptor (so you can pull the hard drive of the old laptop and attach it to the current laptop as an external drive). Then google ophcrack, which is a piece of software for recovering passwords for Windows. You can either burn a liveCD version or run the software to scan a drive for passwords.


I would rather light my computer on fire, run it over while it is on fire, take off and nuke it from orbit and then throw the remains into a black hole than take it to Geek Squad or Staples.


If your problem is a lost internal Windows password, I have used a tool called L0phtcrack to retrieve those passwords. Works nicely and surprisingly fast.

If you are using a full-disk encryption solution, like TrueCrypt or Veracrypt, you’re screwed.


confirmed, used that in the past to get passwords.

I don’t think XP had any full-disk encryption (at least not native)


We had a nice bootable .iso where I used to work which did all kinds of windows magic including reset of the local admin password which I can not for the life of me remember the name of ERD Commander. But there are a plethora of tools out there to do that.

If you just need the data any live linux image will get you that and you can copy it to an external drive.


Seconded. I used Rufus (Free) to make it bootable. Dead easy to use. Follow the onscreen prompts.


Thirded then. I have also used Rufus to build Windows images that booted from USB, which was surprisingly difficult without it. (These days Windows doesn’t seem worth the trouble to me. Maybe Windows 7 is still OK.)


Have you looked under it to see if there’s a Post-it note?


Nah. If it’s XP, it should be easy. It’s been years since I’ve done this, but this is what I remember:

  • At the login screen, trigger the accessibility function (I think repeatedly hitting the SHIFT key does it), that should pop up something about accessibility with a Help link.
  • Clicking that Help link opens a help page in Internet Explorer.
  • Once in Internet Explorer, because of the way it’s integrated with the OS and functions as a file manager with admin level access, you can do whatever you want, including copying and renaming files. Type C:\Windows as the URL in the URL bar, and you should see a file listing. That means, for example, that you can right-click and copy the command interpreter in place of one of the accessibility tools, and execute it from that pre-login accessibility button, then use that command line to reset the admin password.

I’ve used this to recover systems that were locked out by malware/rootkits before. It’s deceptively simple. But it’s been years, and my google-fu is failing me wrt finding clear step-by-step instructions. (Maybe I’m wrong and it was Windows 9x?)

But as others have said, the easiest way to get files from it is to boot from a bootable Linux USB. And if you can do that, you can basically do the same thing - stick a copy of cmd.exe in place of stickykeys or something and use it to do net user <username> <newpassword>, then get your access within Windows.


Who knew that all of those “password recovery” programs hidden in the darkest corners of the internet actually had a legitimate use? :grin:


I worked IT at a college with a bring-your-own-laptop program.

I may be among the few, but I used them a lot for legitimate purposes.


Don Norman talks about how current password rules are useless in The Design of Everyday Things.

I rather suspect there are a lot of legit uses. Me, I always have to make sure I change mine in only one or two passes, because otherwise I get my substitutions and subterfuges mixed up. Then I wind up calling support for multiple resets.


Use Windows 7 for gaming, works great. I’ll only get 10 if I have to buy a new computer.


On an unrelated note, I found an old 7z archive file that I password protected before I switched computers. I have no idea what the password was (At the time I thought it would be easy to remember, so I didn’t need to put it in the password manager, but that was a couple of years ago.) I have a vague recollection that I left myself a clue somewhere, or followed some pattern, but I don’t remember what that was now.

Hashcat tells me it would take a year or more of continuous running to brute force it, if I even guessed the length range right. :cry:

On the bright side, I no longer remember what was in the files, and haven’t needed them in a couple years, so they probably weren’t that important. But then again, I must’ve thought that they were important enough to password protect. :confused:


Curse you, all the younger mes!


Have you tried looking in that one spot that younger you would have been absolutely sure you would immediately look in when you wanted to get in, but which you have never, ever looked at or even thought of once in all the time since then?


Very useful tool when you’re needing to do that sort of thing often. Has all sorts of caveats, but I haven’t run into any issues using that one yet.