How to Hack Any Windows 7/8/10 User Password Without Logging In

Dec 9, 2015 06:05 PM
Dec 9, 2015 06:06 PM
635852519312851918.jpg

Hello! This is my first post on this awesome website! I know that Windows exploits are less common than the more advanced hacks, but I found something I deem pretty cool and figured why not share it with you all. Alright, enough about me, lets begin.

Warning: This resets your password, it does NOT tell you what your old password was, making things such as the windows password based encryptions unaccessible, as this isn't changing your password, so it will not update.

This exploit takes advantage of the ease of access tool on the login page by 'tricking' windows into launching a fully privileged command prompt by selecting 'on the screen keyboard' this is done by renaming the on the screen keyboard exe to something random, and renaming the cmd.exe to on the screens previous name. It will all make since later.

635852048782913396.jpg

Step 1: Launch Any OS That Allow Full Access to the Windows Folders

In this case, I am going to be using Kali. Although you can use many different linux distros or even a windows disk/usb, as long as you can access the terminal/command prompt your good.

Step 2: Navigate to Sys32

I'm going to infer you know basic navigation and be able to navigate to the Windows partition.

In my case, im currently writing this on my laptop rather than my desktop, so my Windows is known as BOOTCAMP, as I am on a macbook with Windows dual booted.

635852060214804117.jpg

Once you reach this location, cd to Windows, then to System32.

Step 3: Rename osk.exe to osk.exe.old

oks.exe is the name of the ease of access 'On screen keyboard' file. Rename this using whatever your systems rename command is, in Kali the command would be: mv osk.exe osk.exe.old

635852068922387233.jpg

Step 4: Rename cmd.exe to osk.exe

Now I'm sure you see how this works, but ill explain it anyways. Basically, when you press 'on screen keyboard' in the ease of access terminal, Windows launched osk.exe, which normally is the on screen keyboard application. But we changed it to launch cmd instead. Like magic.

Command: cmd.exe osk.exe

Kali: mv cmd.exe osk.exe

635852071119074364.jpg

Step 5: Launch Windows and Select 'on Screen Keyboard' in Ease of Access Menu

635852488879308483.jpg

I found this picture off of the interwebs, but what you normally see should be something like this. After going through all the steps above, you should instead see a command prompt.

635852507740012021.jpg

Sorry for crappy picture, couldn't find how to take screen shot on login menu.

Step 6: Resetting the Password

Now you can type in the magical command to change the password.

The Command: net user

Example: net user "Admin" temppass

If you don't know the password type in net user and locate it there.

Net User - /More Info Here

Step 7: Finished! You Can Login Now!

Viola, you can now login with whatever password you typed in. If you want to reset it simply go back to Kali and redo what you've done! Rename osk.exe to cmd.exe and rename osk.exe.old to osk.exe

Well that's it for my first post! I came across this exploit a while ago and found that it still works so I don't know how common this is or anything like that. Hopefully its not too popular and too many this article is something new! Well, Enjoy!

Comments

No Comments Exist

Be the first, drop a comment!