Custom boot CDs help fix Windows disasters

Ryan russell By Ryan Russell

What do you do when your PC won’t load Windows — or it loads, but you’re locked out?

Panic is the first thing that comes to mind. But a better alternative is to create custom boot CDs to access your files and recover lost passwords.

Different boot CDs for different needs

The boot CD most familiar to Windows users is the installation disc that came with their system. There are, however, many more specialized, third-party boot CDs that help with difficult recovery and maintenance tasks.

Subscribe to our Windows Secrets Newsletter - It's Free!

Get our unique weekly Newsletter with tips and techniques, how to's and critical updates on Windows 7, Windows 8, Windows XP, Firefox, Internet Explorer, Google, etc. Join our 480,000 subscribers!

PC Drive Maintenance (Excerpt)

Subscribe and get our monthly bonuses - free!

Your hard drives store photos, books, music and film libraries, letters, financial documents and so on. This ebook is aimed at helping you understand your hard drives, expand their capacities and length of life, and recover what you can from them when they fail. We're offering you a FREE Excerpt! Get this excerpt and other 4 bonuses if you subscribe FREE now!



For example, the anti-malware rescue CDs produced by AV vendors scan hard drives for malicious code and attempt to remove it. These boot CDs are invaluable when malware renders a Windows machine unusable or unbootable — PCs so hosed that it’s no longer possible to install and use normal anti-malware tools.

That’s just one kind of boot CD. There are many others, and I’ll give you some examples. In particularly difficult cases, you should try multiple types of boot discs to see which works best for you. As I’ve mentioned many times before in this column — multiple tools, multiple scans.

In most cases, you won’t be buying a specialized boot CD but rather making it yourself. You’ll download an image file and burn a disc on a functioning computer. Not too tall an order for most knowledgeable PC users nowadays — especially if you’re a part-time, friends-and-family computer tech.

Recovering lost passwords using boot CDs

For every PC user, there comes a time when you need a password and don’t have it. Someone hands you a computer to use, but no one remembers the password. Someone leaves the company, and you cannot get those critical files off the PC left behind. You’re running the Windows installation CD to perform a repair, and surprise! It asks you for an administrator password you never knew you’d created. I’ve run into all of these problems and more.

In fact, I had a lost-password problem come up recently. I looked at a number of boot CDs used to recover passwords. I started out by checking with my friends on Twitter (@ryanlrussell), asking them to list their favorite password-cracking CDs.

Because I did not fully evaluate each program, I’ll not mention the ones I didn’t care for. But my favorite was backtrack-linux.org’s Linux-based security tools package, BackTrack 4, available free on its download page. In my informal testing, BackTrack 4 was the most-compatible password-cracking app and was also the easiest to use.

Yes, this is a Linux boot CD. In fact, most of the boot CDs available are Linux (or another free Unix) under the hood. This OS has good compatibility with most PC hardware, there is a large set of Linux-based diagnostics and security tools, and it’s free. You could craft a similar boot CD out of Microsoft’s Windows XP Embedded environment, but the company wouldn’t be happy if you gave it away free to all your friends.

To use BackTrack fully, you need to know a bit about Linux. If you’re not familiar with this operating system, a couple of helpful YouTube videos show, step-by-step, how to perform the password-cracking operations. (I’ll assume you know how to download, burn, and boot a BackTrack CD.) The first shows you how to reset a password, if that’s all you need. The second details how to acquire the lost password.

An alternative technique, which I prefer, is to crack passwords in a full Windows environment, using the free Ophcrack application (download page) hosted by SourceForge. This tool is not part of BackTrack but can work with it.

Once you have BackTrack running and the Windows drive mounted, copy the SAM and SECURITY files (found originally in the c:windowssystem32config directory) to a functioning Windows system and run Ophcrack on the files.

Boot CDs for emergency backups and maintenance

BackTrack 4 has many other tools in addition to password-cracking — far more than I can cover here. You can find a number of tutorials on the BackTrack Web site for these other operations. It makes a good playground if you’d like to learn more about PC security.

With a little experimentation, for example, you can learn how to access almost any file on the failed PC. This offers a way to recover and back up data files before you erase the hard drive and completely reinstall Windows.

A more specialized boot CD I’ve used and recommend is the GParted Live app (info page). GParted’s specialty is drive partition management — use it to copy, expand, and edit partitions.

A word of warning: Since you’re working on live drives, a mistake could potentially erase lots of data. So exercise extreme caution when using apps like GParted. Back up if you can. That said, more than once I’ve had to break out these tools when the data was in such poor shape that I could not back it up cleanly with traditional methods.

Finally, I will also mention that some folks carry Linux around on discs or USB flash drives to boot unknown machines. It lets them run public PCs in a configuration to their liking and with more trust than they’d get with a random, walk-up Windows box.

Have more info on this subject? Post your tip in the WS Columns forum.

The Perimeter Scan column gives you the facts you need to test your systems to prevent weaknesses. Ryan Russell is the Director of Information Security at BigFix Inc., a configuration management company. He moderated the vuln-dev mailing list for three years under the alias “Blue Boar.” He was the lead author of Hack-Proofing Your Network, 2nd Ed., and the technical editor of the Stealing the Network book series.
= Paid content

All Windows Secrets articles posted on 2010-04-22:

Ryan Russell

About Ryan Russell

Ryan Russell is a quality assurance manager at BigFix Inc., a configuration management company. He moderated the vuln-dev mailing list for three years under the alias "Blue Boar." He was the lead author of Hack-Proofing Your Network, 2nd Ed., and the technical editor of the Stealing the Network book series.