Yeah, you read it right. Following this, you’ll be able to hack into a real Windows machine. Lost your password? or ever wanted to play with your friend.
Usual Disclaimer : For Educational purpose only
Googling on how to hack windows or how to break into windows password, you may find plenty of methods, but still you may need some additional third party softwares. And also finding a easy working method will always be difficult.
Diving in
Things you’ll need
1.A windows machine
2.USB stick
3.Linux iso file (Ubuntu, kali or any distro that can run live without installation)
If the machine already has ubuntu (with Administrator account) in dual boot, only thing needed is your fingers, jump to step 4
UPDATE: This technique may not work on latest Windows 10 systems.
You can follow this tutorial to reset windows password using a tool named chntpw. You can use any linux distro of your choice. (Not only kali linux as chntpw can be manually installed)
Let’s start
Step 1: Download Linux ubuntu from their website or just get a copy from your friend. Download here.
Step 2: Create a bootable USB from the downloaded iso file. There are plenty of tutorials on the web. Here’s one
Step 3: To boot from the USB, Plug in the USB and then switch on your machine. you may need to press del or f12 key repeatedly based on your machine. Again there are plenty of tutorials on the web for this. http://lifehacker.com/5991848/how-to-boot-from-a-cd-or-usb-drive-on-any-pc
Step 4: Once you get inside ubuntu, it’ll ask you to install the OS. you don’t need to install, just go with try ubuntu, when you are in desktop, open the file manager. In case you can’t find it, press ctrl+alt+t
, and type nautilus
and press Enter
Step 5: Navigate to your windows partition mostly your C: in the case of C: Navigate to
C:\windows\system32\
Inside system32 folder, you can find a file called sethc.exe
.
Make a copy of sethc.exe
in the same directory and rename the copy to cmd.exe
. If cmd.exe
is already there in the folder, rename the original cmd.exe
to something else.
Step 6: Now the real part of hacking begins, get ready to work on the cmd. Shut down the system, plug off the USB and boot into windows. When windows ask you for the password, Hit the shift key 5 times. Hooray, you got the cmd now.
Step 7:
type
net user [Enter]
to get the list of usernames
To reset password a username:
Choose a username and reset password using the below command, where password is the new password.
net user username password [Enter]
If username or password in above contain spaces, Enclose them in double quotes like "user name"
Log in using the new password. wow, you have just hacked the windows.
If it’s a windows 10 machine with Microsoft account login, you can’t hack the Microsoft account. you have to create a new Administrator account. To do that:
net user /add username password
net localgroup administrators username /add
net share share_name=c: /grant:username,full
replace username and password with your own. You can find many tutorials on the web to change the password using cmd.
How this works
Windows has a sticky key feature which will be activated on pressing shift key 5 times. C:\windows\system32
has file named sethc.exe which will run on pressing shift 5 times. We replace that file with cmd.exe, Windows gets tricked into running command prompt instead of sticky keys.
Disclaimer Again
Only for learning purpose.