Password Recovery Bundle |
Only $29.95 to get All-In-One toolkit to recover passwords for Windows, PDF, Office, Outlook, Email, MSN, and more... |
In this tutorial we'll show you how to decrypt and recover the original Pin code and Picture Password in Windows 8/8.1, without brute-forcing them. Both Pin code and Picture Password are authentication methods based on a local user account. During setting up a Pin code or Picture Password, you'll be prompted to enter the traditional text-based password. The problem is that Windows 8 will then store your Pin code / Picture password as well as the original text password in plain text.
Mimikatz is a free open-source tool to recover this plain-text password, it saves you time and power needed to brute force a 16 character NT/LM password during pen-testing or tech work. Follow this tutorial and you can extract the Windows Pin code and Picture Password in plain text.
Note: Mimikatz needs admin privileges to work properly. If you couldn't log on to Windows 8 as administrator, you can reset the forgotten local administrator password or Microsoft account password with WindowsUnlocker Live CD/USB drive.
How to Decrypt / Recover Windows 8 Pin Code and Picture Password?
- Download the Mimikatz tool (mimikatz_trunk.zip) from Benjamin Delpy's blog. Decompress the zip file and you'll then find that the tool has both 32-bit and 64-bit versions – make sure you pick the correct version.
- Right-click on the Mimikatz.exe file and select Run as administrator from the context menu.
-
You'll be provided with an interactive prompt that allows you to perform a number of different commands. Firstly we'll need to enable debug mode with the privilege::debug command:
privilege::debug
- Next run the token::elevate command to elevate your privilege to NT Authority\SYSTEM.
token::elevate
- Execute the following command and it will quickly extract all types of plain-text passwords from Windows Vault, including Pin code, Picture Password and traditional text password.
vault::list
If you use a Microsoft account to log on to Windows 8 and then switch to a Picture Password or a Pin, the Mimikatz tool will be able to dump your Microsoft account password as well. This is the first critical security flaw in Windows 8/8.1 that has already been discovered.