Google Search

Sunday, August 12, 2012

Awesome Windows 7 Password Hack

First of all, my disclaimer: THIS IS SPECIFICALLY MEANT TO GIVE YOU ACCESS TO A PC THAT YOU LEGALLY HAVE A RIGHT TO ACCESS BUT SOMEHOW GOT LOCKED OUT OF, AND NOT INTENDED TO BE USED FOR ANY ILLEGAL PURPOSES WHATSOEVER.

Right, now that's out of the way.  I am currently a full-time high school computer technology teacher.  And as I'm sure all the other computer technology teachers around the world would agree, you always have a few learners who just want to see the world burn.  They will do whatever they can to hack the administrator password, and occasionally, they will manage to do it and you as the teacher will be locked out.

Maybe you are one of us.  Or maybe you just lost access to your PC through some other means.  But either way, if you are reading this, chances are that you managed to get locked out of your Windows system and you need to "hack the password".  So here's a nice little trick that I discovered recently:

  1. Get Linux.  Yes, I know this could take some time, but even a very small version of Linux will work.  You get some that are smaller than 100MB, a rather fast download, but then you will need to know Linux' command prompt in order to do what you have to do.  But even the regular CD-ROM version of Ubuntu will be perfect, and it will at least have a graphical interface to help you get around.  So go and download any Linux ISO.  Here are links to some of them:  Ubuntu     Linux Mint     Damn Small Linux
  2. Make your ISO usable.  You do this by either burning it to a CD / DVD, or by making a bootable installation flash drive using UNetbootin.
  3. Now make sure that the disc is in the drive, or your USB flash drive is connected to a USB port, and reboot.  Enter your BIOS (usually using "DEL" or "F2") and set your PC to boot FIRST from the appropriate device (CD / DVD or USB).  Then save your settings and exit.
  4. As soon as the system boots up, you should see a menu with a few options, including something similar to "Install" and "Run from CD".  Choose the option that allows you to run Linux without installing it first.
  5. When you are presented with a Linux desktop, open the file manager (in Linux Mint, there's an icon called "Computer" on the desktop).  Then open the PC's main hard drive, and navigate to the Windows\System32 folder.
  6. Now copy the cmd.exe file to your desktop.
  7. Find the file called "sethc.exe" and rename it to anything else (just to make a backup).
  8. Now go to the "cmd.exe" on your desktop and rename it to "sethc.exe", and COPY (NOT CUT) the renamed file to the System32 folder.
  9. Now (still in System32) find the file called "Utilman.exe" and rename it to anything else (again, to create a backup).
  10. Now go back to the renamed cmd.exe on your desktop and rename it again, this time to "Utilman.exe" and copy it to System32.
  11. Now reboot your computer and remove the disc, making sure that you boot to the Windows 7 drive.
  12. As soon as you are presented with the Login screen, press Windows Key + U.  Normally this would open up the Accessibility Options screen, but that has now been replaced with an Administrator-level command prompt!
  13. In the command prompt window, type the following: net user accountname * (obviously replacing "accountname" with whatever the account's name is).
  14. You will be asked for a password.  Type the password (no nothing will appear on the screen) and press enter.  Re-enter the password and press enter again.
  15. Close the command prompt and login with the new password, and voila!  You are back in Windows.  You can now go back into Linux and delete the changed sethc.exe and Utilman.exe, if you want to, but if you never use accessibility options, why bother?
To see a video of how it's done, feel free to check my YouTube channel.

Happy hacking! ;-)

No comments:

Post a Comment