Yeah, you read it right. Following this, you’ll be able to hack into a real Windows machine. Lost your password? or ever wanted to play with your friend.
Usual Disclaimer : For Educational purpose only
Googling on how to hack windows or how to break into windows password, you may find plenty of methods, but still you may need some additional third party softwares. And also finding a easy working method will always be difficult.
Things you’ll need
1.A windows machine
3.Linux iso file (Ubuntu, kali or any distro that can run live without installation)
If the machine already has ubuntu (with Administrator account) in dual boot, only thing needed is your fingers, jump to step 4
UPDATE: This technique may not work on latest Windows 10 systems.
You can follow this tutorial to reset windows password using a tool named chntpw. You can use any linux distro of your choice. (Not only kali linux as chntpw can be manually installed)
Step 1: Download Linux ubuntu from their website or just get a copy from your friend. Download here.
Step 2: Create a bootable USB from the downloaded iso file. There are plenty of tutorials on the web. Here’s one
Step 3: To boot from the USB, Plug in the USB and then switch on your machine. you may need to press del or f12 key repeatedly based on your machine. Again there are plenty of tutorials on the web for this. http://lifehacker.com/5991848/how-to-boot-from-a-cd-or-usb-drive-on-any-pc
Step 4: Once you get inside ubuntu, it’ll ask you to install the OS. you don’t need to install, just go with try ubuntu, when you are in desktop, open the file manager. In case you can’t find it, press
ctrl+alt+t, and type
nautilus and press Enter
Step 5: Navigate to your windows partition mostly your C: in the case of C: Navigate to
Inside system32 folder, you can find a file called
Make a copy of
sethc.exe in the same directory and rename the copy to
cmd.exe is already there in the folder, rename the original
cmd.exe to something else.
Step 6: Now the real part of hacking begins, get ready to work on the cmd. Shut down the system, plug off the USB and boot into windows. When windows ask you for the password, Hit the shift key 5 times. Hooray, you got the cmd now.
net user [Enter]
to get the list of usernames
To reset password a username:
Choose a username and reset password using the below command, where password is the new password.
net user username password [Enter]
If username or password in above contain spaces, Enclose them in double quotes like
Log in using the new password. wow, you have just hacked the windows.
If it’s a windows 10 machine with Microsoft account login, you can’t hack the Microsoft account. you have to create a new Administrator account. To do that:
net user /add username password net localgroup administrators username /add net share share_name=c: /grant:username,full
replace username and password with your own. You can find many tutorials on the web to change the password using cmd.
How this works
Windows has a sticky key feature which will be activated on pressing shift key 5 times.
C:\windows\system32 has file named sethc.exe which will run on pressing shift 5 times. We replace that file with cmd.exe, Windows gets tricked into running command prompt instead of sticky keys.
Only for learning purpose.