Quote Originally Posted by RageLtMan View Post
My issue was actually not with recovering an administrative passwd but a user's - they had old domain logins and we needed his password in order to update his OSX keychain, l0phcrack came through, but i'd still like to find some solution that doesnt require a boot into windows. Awesome guide btw, slowly making my way through it.
I don't understand. You don't have to boot into windows to retrieve a user's password. You can boot BT, and run samdump which will dump all of the users passwords to the screen. Either use the option redirect the output (I don't remember what it is at the moment) or use samdump2 >hash.txt
Now you can use john the ripper, l0phcrack, or plain-text.info to crack the hash.