Header Ads

Home Hacking Tricks Hack windows 7/8/10 user passwords 2017

Hack windows 7/8/10 user passwords 2017

20:08
hack win 10
Did you ever try to login into your friends’ computer and failed ? After this you can do it 🙂 The OS can be Windows 7 or 8 or it can be the latest windows 10. You could break and login with the password protected user accounts.
This exploit takes advantage of the ease of access tool on the login page by ‘tricking’ windows into launching a fully privileged command prompt by selecting ‘on the screen keyboard’ this is done by renaming the on the screen keyboard exe to something random, and renaming the cmd.exe to on the screens previous name. It will all make sense later.
What you want :
  • Any Linux Live CD/DVD/USB with Live option (ex. Ubuntu Live, Linux Live, Kali, etc.).
  • Ability to use said Linux CD/DVD/USB.
  • Basic understanding of Windows file structure. i.e. can navigate.
  • Physical access to said Windows box.
  • Ability to use the command line and the basic understanding of net user command.

  • Boot Live Linux
    Insert CD/DVD into the drive and reboot the machine. Start your Live DVD. You may need to go into the BIOS screen and change the boot-up order to CD/DVD drive first, HDD second.
  • Navigate to sys32
    Use the file browser in your Linux environment, navigate to %windir%/system32/. You may have to right-click and mount the Windows partition/drive first or use the NTFS-3G command.
  • Renaming
    Find and rename magnifier.exe (Magnifier file) to magnify.old.
  • Rename cmd.exe
    Find and rename cmd.exe to magnify.exe.
  • Shutdown Linux & reboot windows
    Logout, remove DVD/USB, and reboot into Windows.
  •  Get CMD Prompt Modify Accounts
    When Windows reboots, click on the ease of access button in the bottom left corner.
    Click magnify and hit apply.Then You have a system level command prompt. At this point is where we will only change the Admin password and not any of the 1000 other things that could be done at this point!
Tip: You can right-click on cmd.exe and click run as administrator inside of Windows for escalated privileges. To edit files, it would never be allowed at basic admin level (caution).
Your options at here. 
Change Password:
net user username new_password
When you do so, the password changes without prompting you again.
Add an account:
net user username password /add
Tip: If your username has a space, like sivarathan sivarajah, use quotes like “sivarathan sivarajah”.
Admin that:
net localgroup administrators username /add
Delete that:
net user username /delete
Remote Desktop Users Group: (just in case)
net localgroup Remote Desktop Users UserLoginName /add
Net User Syntax Reference:
net user commands
Domain i.e. Servers:
net user for domain
That is it now you could login into any windows password protected ones.
This tut is written by my silent mentor OccupytheWeb ( But he didn’t know that 🙂 ) in a site. I just make some changes in that and provide here
Tags :

No comments:

Subscribe to: Post Comments ( Atom )
Powered by Blogger.