«
»

Hacking into VMWare images

Last week I posted a question asking how I could recover or change the password for a VMware guest operating system (Windows 2000) that I had forgotten the password for. After receiving no useful suggestions, this week I allocated some time to solving the problem.

Windows password recovery tools usually consist of a bootable CD image containing a version of Linux that will overwrite the NT password with a known value or will extract the hashed password from the filesystem.

To boot your virtual machine from a CD, you must change the boot order in the virtual machine’s BIOS. Press F2 while the VM is starting up to access the BIOS.

VMware BIOS setup

I used the free software available from Windows XP Login Recovery. This is good because it does not try to write to your file system, it just retrieves the hashed password value.

VMware password recovery

Once you have the password hash, you enter it in a form on their website and they look up the hash value in their database and give you a password that matches the hash. Note that even though they ask for your email address the password is displayed on a web page rather than being sent to your inbox.

VMware password retrieval

After all that effort, I discovered that my password was blank.

[Slashdot] [Digg] [Reddit] [del.icio.us] [Facebook] [Technorati] [Google] [StumbleUpon]

This entry was posted on Thursday, October 19th, 2006 at 5:41 pm and is filed under General. You can follow any responses to this entry through the RSS 2.0 feed. You can skip to the end and leave a response. Pinging is currently not allowed.

6 Responses to “Hacking into VMWare images”

  1. Anon Says:
    October 19th, 2006 at 5:43 pm

    Google for “forgot the adminstrator password”

    http://www.petri.co.il has several links.

  2. Stuart Moncrieff Says:
    October 27th, 2006 at 5:30 pm

    Previous post:

    Confession time. I have several VMWare images (Windows 2000) on my laptop which I was using for software development earlier in the year. I can no longer remember the password for any of these images.

    Does anyone have any tips on recovering the passwords?

    Note that Google says plenty about recovering Windows passwords, but nothing about recovering passwords from an operating system running inside a Virtual Machine.

    Any help is appreciated.

    Cheers,
    Stuart.

  3. Stuart Moncrieff Says:
    May 24th, 2007 at 10:05 am

    The loginrecovery.com website now requires an email address to send you the plaintext password. Try ophcrack instead.

    http://lasecwww.epfl.ch/~oechslin/projects/ophcrack/

  4. charlotte Says:
    June 12th, 2007 at 11:33 am

    i forgot my password of my adminstrator please lr\et me change it now

  5. Matthew Says:
    July 8th, 2008 at 1:08 pm

    I thought this might be useful to someone

    http://nova-security-research.blogspot.com/2007/11/debugging-vmware-systems.html

  6. Jim Sifferle Says:
    December 27th, 2008 at 12:02 pm

    Nice idea. I used the concept but substituted the Gentoo based System Rescue CD instead of the Windows XP Login Recovery program. SysRescueCD has a built-in ntpasswd boot option to reset Windows passwords.

Leave a Reply