Yeah, you read it right. Following this, you’ll be able to hack into a real Windows machine. Lost your password? or ever wanted to play with your friend.

Usual Disclaimer : For Educational purpose only

Googling on how to hack windows or how to break into windows password, you may find plenty of methods, but still you may need some additional third party softwares. And also finding a easy working method will always be difficult.

Diving in

Things you’ll need
1.A windows machine
2.USB stick
3.Linux iso file (Ubuntu, kali or any distro that can run live without installation)

If the machine already has ubuntu (with Administrator account) in dual boot, only thing needed is your fingers, jump to step 4

UPDATE: This technique may not work on latest Windows 10 systems.
You can follow this tutorial to reset windows password using a tool named chntpw. You can use any linux distro of your choice. (Not only kali linux as chntpw can be manually installed)

Let’s start

Step 1: Download Linux ubuntu from their website or just get a copy from your friend. Download here.

Step 2: Create a bootable USB from the downloaded iso file. There are plenty of tutorials on the web. Here’s one

Step 3: To boot from the USB, Plug in the USB and then switch on your machine. you may need to press del or f12 key repeatedly based on your machine. Again there are plenty of tutorials on the web for this. http://lifehacker.com/5991848/how-to-boot-from-a-cd-or-usb-drive-on-any-pc

Step 4: Once you get inside ubuntu, it’ll ask you to install the OS. you don’t need to install, just go with try ubuntu, when you are in desktop, open the file manager. In case you can’t find it, press ctrl+alt+t, and type nautilus and press Enter

Step 5: Navigate to your windows partition mostly your C: in the case of C: Navigate to

C:\windows\system32\

Inside system32 folder, you can find a file called sethc.exe.
Make a copy of sethc.exe in the same directory and rename the copy to cmd.exe. If cmd.exe is already there in the folder, rename the original cmd.exe to something else.

Step 6: Now the real part of hacking begins, get ready to work on the cmd. Shut down the system, plug off the USB and boot into windows. When windows ask you for the password, Hit the shift key 5 times. Hooray, you got the cmd now.

Step 7:
type

net user [Enter]

to get the list of usernames

To reset password a username:

Choose a username and reset password using the below command, where password is the new password.

net user username password [Enter]

If username or password in above contain spaces, Enclose them in double quotes like "user name"

Log in using the new password. wow, you have just hacked the windows.

If it’s a windows 10 machine with Microsoft account login, you can’t hack the Microsoft account. you have to create a new Administrator account. To do that:

net user /add username password
net localgroup administrators username /add
net share share_name=c: /grant:username,full

replace username and password with your own. You can find many tutorials on the web to change the password using cmd.

How this works

Windows has a sticky key feature which will be activated on pressing shift key 5 times. C:\windows\system32 has file named sethc.exe which will run on pressing shift 5 times. We replace that file with cmd.exe, Windows gets tricked into running command prompt instead of sticky keys.

Disclaimer Again
Only for learning purpose.