How To: Hack a Windows 7/8/10 Admin Account Password with Windows Magnifier

Hack a Windows 7/8/10 Admin Account Password with Windows Magnifier

Greetings. This how-to on hacking Windows 7/8/10 etc. admin account passwords using Windows Magnifier is focused on adding, changing, or deleting an admin level account on a Windows 7/8/10 etc.

Maybe you forgot or lost the password to your Windows Admin account, this guide will help with that. If you are trying to hack the computer lab at school then you will need a different method

Disclaimer: This is for use on a PC that you own. Breaking into someone else's PC is considered a serious crime in most places. If you make a mistake or change something else, your Windows may become a non-boot. If so, just undo whatever you changed outside of the hack shown here, and it will back to normal. Need I say this is for Educational Purposes! You are responsible for your own thoughts and actions.

Difficulty Level: 2/10

Prerequisites:

  • Any Linux Live CD/DVD/USB with Live option (ex. Ubuntu Live, Linux Live, Kali, etc.).
  • Ability to use said Linux CD/DVD/USB.
  • Basic understanding of Windows file structure. i.e. can navigate.
  • The desire to modify user account(s) on said Windows boxen.
  • Physical access to said Windows box.
  • Ability to use BIOS if needed.
  • Ability to use command line and basic understanding of net user commands.

Things to Note:

  • If you are trying to hack a coworker / boss / job / school / customer / friend / spouse's account, you are screwed because they won't be able to use the old password anymore—try explaining that.
  • This hack works on Windows 7, 8, 10 and basically any that have "Ease of Access".
  • Servers require "net user Administrator blabla /domain".
  • This will destroy all data encrypted with EFS on the account if it's enabled (you have to enable it first).
  • If you do not undo the hack after you change the password, you will get the magnifier every time you use cmd or nothing at all.
  • If you modify or delete any other files in Sys32, your next boot up is doomed (maybe).
  • Scared? You should be. Now let's get hacking.

Step 1: Boot Some Flavor of Linux Live CD

Insert CD/DVD into drive and reboot the machine. Start your Live DVD. You may need to go into the BIOS screen and change the boot-up order to CD/DVD drive first, HDD second.

Step 2: Navigate to Sys32

Use the file browser in your Linux environment, navigate to %windir%/system32/. You may have to right-click and mount the Windows partition/drive first or use the NTFS-3G command.

Step 3: Rename Magnify.exe

Find and rename magnify.exe (Magnifier file) to magnify.old.

Step 4: Rename cmd.exe

Find and rename cmd.exe to magnify.exe.

Step 5: Shut Down Linux & Reboot Windows

Logout, remove DVD, and reboot into Windows.

Step 6: Get CMD Prompt Modify Accounts

When Windows reboots, click on the ease of access button in the bottom left corner.

Click magnify and hit apply. Ta da. You have a system level command prompt. At this point is where we will only change the Admin password and not any of the 1000 other things that could be done at this point!

Tip: You can right-click on cmd.exe and click run as administrator inside of Windows for escalated privileges. To edit files, it would never be allowed at basic admin level (caution).

Image via whstatic.com

(Hacked system level command prompt. -Cx2H)

As the photo above shows, typenet user to get a list of accounts. To the point type: net user administrator *

Your Options (Choose One That Applies):

Change Password:
net user username new_password
When you do so, the password changes without prompting you again.

Add an account:
net user username password /add
Tip: If your username has a space, like John Doe, use quotes like "John Doe".

Admin that:
net localgroup administrators username /add

Delete that:
net user username /delete

Remote Desktop Users Group: (just in case)
net localgroup Remote Desktop Users UserLoginName /add

Net User Syntax Reference:
net user commands
Domain i.e. Servers:
net user for domain

Step 7: Reboot Linux & Fix magnfiy.exe

Now you should insert your Linux Live CD/DVD and rename the files back to original names or you will have issues later.

  1. Repeat Step 1
  2. Repeat Step 2
  3. Rename magnify.exe back to cmd.exe
  4. Rename magnify.old back to magnify.exe
  5. Log out, take out CD/DVD USB, reboot into Windows

Recommended Resources:
Kali Linux
CreateLive USB Sticks Rufus

Conclusions:

Well, that was how you hack a Windows 7/8/10 etc. administrator account password with Windows Magnifier. This also demonstrates how you could Pwn a machine if you think about it some, have hands on and they have not disabled EoA. Hope it helps you in some way. Cx2H

25 Comments

Wow a clever trick. Nice & thanks

Hi,
When i use use cmd by this code

net user
net user administrator *****

but it showing :
net user administrator password / domain

My question what is the domain? how i will be able to break this password?

I can't hack admin of win 7 of my computer at work, they prevent me to access cmd
limited access to everything.

How do they prevent you to access cmd may I ask?

lol nicely worked out. Simple yet effective. If someone is silly enough to have UAC turned off you can skip the linux distro boot and change it from a standard user account.

Haha, quite clever. :) I like this one...

you should type
net user administrator *

yahoooooo !!! worked for me on pc (on laptop it failed)

Congrats. Wonder why the Laptop failed?.?

where can i download this linux live cd? i know how to burn it to a cd/dvd but i dont know where to find the said app to do this hack. Also, can you do this with a flashdrive instead of a cd? ty

Any of the Linux's can be run as a live cd. You could use Kali Linux as well, but Ubuntu, Red Hat, Debian, etc. will all work. Yes, you can use a flash drive.

Thanks for answering that . (Was taking a digital free vacation. Last few days.)

cleverly actions... :)

Nice one but downloading the live cd is the problem.

Can't we do it with windows bootable USB/Disc???

IDK I don't use windows tools or disks. Can you?

It worked thnx

You could also rename sethc.exe to cmd and all you would have to do is hit shift a couple of times.

Hello Everyone ,

I tried these steps on a windows 8 laptop. Drive was successfully mounted and I was able to browse . When i tried to rename Magnify.exe file system displayed rename operation is not supported. Then I realize system is showing the same for all dll or exe files. When I ran "ls -la" it showed that all dll and exe files are showing a symbolic link to "unsupported reparse point" . So I am unable to rename these files. Can anybody explain why this is happening??

P.S. -When I boot windows it still shows all the files so no corruption is there.

It can also be done with sethc.exe (sticky keys ) so that there will be no need to undo hack and use it whenever by pressing shift key 6-7 times

when i tried to rename magnify.exe it wouldn't let me and said i didn't have permission
does this have to be performed using the cli:
I was using the gui

Make sure you delete ".exe" after you type in magnify. That is the only way my computer would accept it being deleted. Or you may have to be in root in Linux for it to accept it. I don't know it if makes any difference for sure. I always open Ubuntu terminal and type sudo -s that will put you in root access. I just tried this method myself so I thought I would try to help. If no one else responds I'll help the best I can. Find me on FB.

I know this thread is a few years old, but I have to thank the creater of this "how-to". You have saved my life!! My soon to be ex wife changed my password on every account she could think of. I have been locked out of my own computer for months. I finally got a cheap mini Dell Inspiron at a yard sale and put Ubuntu on it just for fun. I had no idea it could help get into my other laptop until I started learning how to use it (Linux) better. Thanks again! I will be following you lol!

Could you give me any indication as to how long this process could take?
Preferable format: {hh:mm:ss - hh:mm:ss}, i.e: {00:19:16 - 01:42:23}.

Thanks.

Share Your Thoughts

  • Hot
  • Latest