file encryption – Crack Windows 10 password with Cain and Able

A few months ago I reset my Windows password but my keyboard must have had a sticky key or two, effectively changing my password to an unknown password. Out of desperation and a little research I used PCUnlocker to forcefully reset my password. Little did I know that this would cause my EFS encrypted files to be unreadable.

My understanding is that non-domain, local user, Windows 10 passwords are based on the NTLM hashing algorithm.

Through much research I found an article describing that a tool such as Cain and Abel that can help crack my old password by making use of rainbow tables and the old SAM file.

After getting back into your system, you can install and run various
password cracking software (for example, Ophcrack, Cain and Abel) to
recover the old password in the original SAM file. After recovering
the password, change the current password to the old password and
you’ll gain access to the EFS encrypted files again.

I’ve created my own rainbow tables using the Winrtgen utility that comes packaged with Cain and Able and luckily PCUnlocker automatically backed up my SAM file. When cracking passwords with Cain and Able the UI asks for a SAM file and the SYSTEM file where the latter to my knowledge does not change when resetting a password. (Correct me if I’m wrong on this.)

The rainbow tables that I generated vary, however the one which I expected to work was based on the mixalpha-numeric-all type i.e upper + lower-case of alphanumeric and all special characters. The password I used can range in between 25-33 characters (accounting for several sticky charters)

All in all I have not been successful in cracking my password with my old SAM file, my current SYSTEM file, and my custom rainbow tables.


  1. Are rainbow tables less effective the more potential characters there are? (e.g., lower-cased only vs. mixed-cased + special characters)
  2. Does the salted hash in the SYSTEM file change when changing passwords?
  3. Any other suggestions?