How To: Hack Windows 7 (Become Admin)

Hack Windows 7 (Become Admin)

Step 1: Introduction:

Hello! Hackers
In this tutorial I will tell you how to hack windows 7 administrator password. However you already know (I think)
Specifically, it is used in school, computer labs or other workplaces,
where, administrator is locked with a password, while you can only use standard user or guest.

Step 2: Start That PC:

  • Turn on the UPS and the CPU, tap F8 continuously on the boot screen to get some windows start-up options .
  • Choose "Start windows normally" option and turn the UPS off immediately.
  • Then turn on the PC again, let it load.
  • After that you will be prompted with two options in the boot screen (again), select the first option - "Launch Start-up Repair(recommended)"
  • Let it load and Scan for issues.
  • After 5 min, It will ask you to "restore defaults", select "Cancel" option.
  • Let it continue...

Step 3: Wait for About 15-20 Minutes:

Now this is where the tricky part comes:

  • After 20 min, an error report screen will pop-up, asking to send information or not.
  • Ignore it, click on "View Problem Details" arrow, scroll down to the end of the report, then click a link stating X:\windows\ something...something (the link starts with an"X")
  • Another Window will pop-up, and will look like a notepad (it is a notepad)
  • Click File on the Menu-Bar, then select Open, and another window will pop-up (that's just too many windows!)
  • Navigate to C: drive (or whatever drive on which windows is installed), click Windows, then System32, after that click on the arrow beside the "File Type" option and select "all files"
  • Then search for a file named "sethc"(this is the shortcut to stickey keys), rename it to something else (Eg:abc)
  • Search for cmd, make its copy and rename the copy as "sethc"

--------------------------------------ITS DONE!!!---------------------------------------------
(Almost)

  • Close everything, restart the PC, go to the log-in screen, press shift 5 times, until a cmd (command prompt) pops-up.
  • Type in "net user administrator /active:yes", and this will activate the default administrator account of the PC.
  • Change/delete/manage/reset passwords from there.
  • Or you can directly change passwords from cmd, type "net user (admin/any admin account's name) and then after a space put an asterix.

---------------------------------------HACKED------------------------------------------------

Step 4: The End:

I know that many of you may know this vulnerability in Windows 7, I just wanted that a tutorial like this should be in Null Byte.

Unfortunately, this vulnerability been overcame in Windows 8 :(

Thank You,
F.E.A.R.

69 Comments

Hello guys & ladies, I'm a year 7 school kid and i don't really know anything about cmd, i know a few commands and one javascript command but could someone please simplify this for me? my goal is to make the school bells ring out Nirvana and Queen on the last day. I know I'm a little late to this conversation but please, if someone could help me.

Thanks,
The little school kid...

Another One Bites the Dust obviously nobody's ever tried to wipe off the administrator on this computer because I'll tell you what I've been doing this coming up on for months I tried every f*** thing out there nothing works nothing I'm about ready to go to break into Fort Knox and steal the gold there because you know my chances are probably

1000 2 one shot I would probably get away with stealing the gold before I get the administrator off this computer it's an Acer Inspire 1 it's Windows 7 starter built-in administrator with domain knowledge base and Vista so you have 3 administrators to f** with and the ministrator and guests are not activated and you can't activate them by the time I'm done with this I'll be dead might as well just go buy a new computer be better off

Wouldn't it be easier to reset the password, if you find yourself locked out and you don't have an access to computer? No admin account, no user account.

According to this tutorial, you should be able to reset password in 5 minutes:
http://resetpasswordhow.com

Or you can just use a live windows CD or Linux.

Welcome to Null Byte, have a nice stay and hope you can keep it up.

You both are correct, but what if there is a big board outside the lab saying "no flash drives or any C.D.s allowed in the lab, before asking permission" and cameras all around (I have experienced that).

In this guide you can just leave the process going on, came back after a while and then resume.

A positive fact is that the repairs "cannot be cancelled"

Depends on points of view, you are totally right. I was not trying to put down what you wrote.

Thank you F.E.A.R that's work today on my HP Notebook. I've try several times hard booting to get start up repair but whatever u'r trick help me out. ThAnk you F.E.A.R

How do you use Linux? I think you do it by booting a live disk and entering single user mode (how do you do that). It will start in tty and you type in passwd and the password that you want. (please tell me if that is correct as I want that for my 'computer instructions' folder.

You can use konboot.it makes it easier

And how will you take that software in the lab? With C.D.? Or will you download on that PC with Wi-Fi? What if you don't have access to the A.P. there until you are the administrator?

This is a 'natural' vulnerability, which can be exploited without any softwares etc.

And I will +1 you for that.
"This is a 'natural' vulnerability, which can be exploited without any softwares etc."

Thank You CYBERHIT! (my first +1 yay!)

Second.

Thank You CIUFFY! (woohoo!)

Third.

Welcome to Null Byte and thanks for that awesome tutorial.

Fourth.

Welcome to Null Byte; you'll fit in nicely.

ghost_

Thank You! GREENLEMON. I''ll make some more tutorials if you just keep encouraging me like that.

I like how confident you are with what you're sharing us. I can see how you answer the comments. It just shows that you really know what you're saying.

@F.E.A.R
Thank you very much for that awesome tutorials.
Thumbs up, more grease to your elbow!!!!!!!!

Great tutorial, besides that some of us or all of us already knew about this, but congratulations and thanks for doing it, keep it up.

Welcome! I know that some you may know about this, I had also mentioned in the tutorial's 3rd line. But I wanted one like this to be in nullbyte.

Thank You everyone for your likes and comments

cool hack but does not work on certain hp pc with windows 7 because of the way the system restore options are set up. Awesome article none the less ....Thanks for sharing

Sorry for the late reply Buckero,

I think, it works on every win7 PC , but sometimes the boot options arnt enabled from the start. I'll tell you the cmd afterwards (12hrs)

You could be right on that one, but the instance i saw on the HP windows 7 pc i tried it on was that after step/bullet point 6 it loaded a HP system restore screen and did not let me go back to the default windows one. Check it out if you can , I am curious to hear your feedback on this issue. If i can ill take a screen shot and post it.

PS. Agreed that the issue with most local hacks of windows pc's is that in most instances you will not be able to boot from a USB or CD because any admin that has any sense will disable those functions on company/school comps.

HP computers do still give you an option to get into a windows screen. Whether it be cmd or the system restore screen.

I can't remember exactly how to get back there because it's been about half a year since my previous job, but it is there I know it.

ghost_

Type this in a command prompt, (open a command prompt with admin privileges):

  • bcdedit /set {default} bootmenupolicy legacy

I use this to in win8 to bring up the options, where you can also press F8 for more...
To revert back type:

  • bcdedit /set {default} bootmenupolicy standard

so i tried to enter bcdedit /set {default} bootmenupolicy legacy as admin but it throws this:

The element specified is not recognized, or does not apply to the specific entry
Run "bcdedit /?" for command line assistance.
Element not found.

cool ..will let you know how it goes......thanks again

Can you get me a screenshot of the command prompt and the HP PC's boot screen?

I can't get through the lat procchangw to chthe passwop asterisk writi?ng the password

?? could you re-frame your question please

f.e.a.r
sir,
i have completed all the steps as you have mentioned above but the last step was creating a problem so please help me.

At the last step when i have restart the PC, go to the log-in screen, press shift 5 times, until a cmd (command prompt) pops-up.

then i have changed all the guest account on my window but not the administrator password because it was not changing i think my administrator had created a security setting. so, please suggest me some help. please thanking youuuuuuuuuuuu.............

Hi Manohar!
Welcome to Null-Byte!
Use this command on the log-in screen in cmd:

  • net user administrator *

Replace 'administrator', with any admin account name, you want to change password for.
It will then ask for a new password.

Nice, works, Thanks

I have no, "sethc" file in my system32 folder. Just to let you know this is a hp dinosaur. Thanks for any help. probably just going to Re install Windows.

You probably didn't change the "Files Type" to "All Files".

I had the same problem. For some reason, there isn't a sethc file in the same folder. I was however able to see copy and rename CMD to sethc without being prompted to replace a file, but when I press shift four times on the startup sticky keys shows up instead of the command prompt.

Does It work on w8 or w10?

He said that they fixed it in windows 8 unfortunately.

what is UPS?

Uninterrupted Power Supply

Hi F.E.A.R.!

I'am really amazed with what I have learned about this. But, I encountered another problem. I followed all the steps until I typed "net user administrator /active:yes" in cmd. But shockingly, I says "system error 5 has occured

Acces is denied". What is the next step? Thanks!

win 7, 32 bit
net user administrator /active:yes
I got the following message:
DNS server not authoritative for zone

when i get to this step,"ignore it, click on "View Problem Details" arrow, scroll down to the end of the report, then click a link stating X:\windows\ something...something (the link starts with an"X") the window that pops" that is not the window that pops up.

options are view diagnostic and repair detaiils but no link to the x: and the other option is view advanced options. laptop is lenovo

everything is great until i search for "sethc" ... it ends up just opening the notepad file instead of leading me to the destination! does anyone know the exact destination sethc and cmd so i can search/rename manually?

all good! figured it out. fantastic way to do it without a third party. it took a second go because i messed a bit with other files and had to restore, but i manually looked for sethc and cmd and it went well. another thing i noticed - just in case this happens for others - is that when i typed a new password for the admin, it didn't show. but don't fear! if you type it correctly twice it'll still work without characters appearing. the chance to retype it to make sure it works it there.

Having trouble while changing password. When i open the notepad, it shows the window that contains the drivers. When i click the c: drive , it shows the empty window. In c: drive only i installed the OS .

Can any one clarify the problem???

this will delete new files right? if so i dont want to delte new imortant files

Does this work on an encrypted drive?

Playing league of legends on school pc now thanks.

I tried this exploit on a Windows 10 PC (Modifying the "sethc" executable using Ubuntu) and it worked. The Windows operating system is still vunerable unless someone locks up the BIOS.

Ntpasswd deserves an honorable mention -- it's one of the classic tools for resetting/blanking windows passwords (if cracking it is too much trouble) and it will go right into the SAM hive and rewrite the password to any local account. The only caveat is that if you reset a password where the user account has folders that are encrypted with bitlocker then you will lose the encrypted stuff. That said, most PCs don't use bitlocker as it must usually be manually implemented.

So uh im new to this, what is this Ntpasswrd thing and how do you use it?

you should delete this tutorial now because it no more working on new iso files . in new iso files it requires password from admin to start the repair ,so it is a old school tutorial now!!1

using net user administrator /active:yesgives the output as the command completed successfully but it doesn't give me the access. Nothing happens after the message so i tried net user administrator <asterisk> and it worked so i could change the password. Is there an update patch that prevented the first command from executing?

Can't detect the CD once boot from it.

I got through everything until I get to the login screen, it just comes up quickly and says something like "Program is too big to fit the memory" or something like that

Help please! Windows 7, did everything from start to finish cmd only pops up for a split second. What did I not do?

Is this will got you caught by the IT department or its safe ? Thnxxx

A nice topic ,but if we want to unlock Windows admin password when hackers ,especially card screen, we can bypass the login password to open the Windows , or we can reset a new login /admin password ,

This is a neat trick, but having physical access to a system basically means having root access.

Share Your Thoughts

  • Hot
  • Latest