If this blog helped you in any way, please donate a dollar here

Sunday, September 5, 2010

The Windows Logon Password

It's no secret. And it can be hacked in a million ways.

However, let me begin by saying, that this obviously assumes we have unrestricted physical access to the target machine. This also does *not* mean that this is a great Windows flaw, no it's not! It's a method and there are other methods of hacking passwords of other Operating Systems, including ANY other OS, provided we have physical access.

Here I have presented 2 methods to access your system after you have conveniently forgotten your password. Which I hope you would not. ;)

So, enough of crap. Here we go :~

1. For beginners, at the windows logon screen, the place where you enter passwords to enter, you can try accessing the administrator account. Many systems have no password for that account. So you can just login by pressing Ctrl+Alt+Del twice at the logon screen, give username as "Administrator" and login.

Now, that was easy! What if the administrator has a password in the first place? Well, we still have a solution.

2. The hack is the famous sethc hack. All you have to do is replace the file : "sethc.exe" in the system32 sub-folder of the WINDOWS directory (or %WINDIR%) with anything that can enable you to login to the system. I prefer replacing the sethc.exe file with the cmd.exe file. The idea is that when you activate sticky keys, this executable is run. So it can run at the login screen!

So here's what I do:

  • Zeroth step: Boot the computer with a Linux based OS Live Disk. The Live Disk will start the computer and enable you to mount the WINDOWS partition.
  • First: Open the windows partition and navigate to system32 folder and make a backup of the sethc.exe file.
  • Second : Create a copy of the file, cmd.exe and delete sethc.exe.
  • Third: Rename the copy of cmd.exe as sethc.exe
  • Fourth: Now reboot and start Windows. The login screen appears now.
  • Fifth: Activate sticky keys (by pressing any sticky key 5 times atleast). So the command prompt starts up now. Go ahead do anything now!
  • Sixth: To reset "Administrator" password use the "net user" command. Type this:
    net user Administrator 12345
    and the new passwords becomes 12345
  • Seventh: Don't forget to clean up. Just restore the original sethc.exe and delete all backups. This is optional. To clear traces of your intrusion.
So, that was 2 methods of doing it. There are really a million. Post some of your own. And do comment if you liked this or not.

Cheers... And Happy Hacking!

1 comment:

  1. ya dats true bt roflmao windoze can do........bullshit..