Hack windows 7/8/10 user passwords 2017
This exploit takes advantage of the ease of access tool on the login page by ‘tricking’ windows into launching a fully privileged command prompt by selecting ‘on the screen keyboard’ this is done by renaming the on the screen keyboard exe to something random, and renaming the cmd.exe to on the screens previous name. It will all make sense later.
What you want :
- Any Linux Live CD/DVD/USB with Live option (ex. Ubuntu Live, Linux Live, Kali, etc.).
- Ability to use said Linux CD/DVD/USB.
- Basic understanding of Windows file structure. i.e. can navigate.
- Physical access to said Windows box.
- Ability to use the command line and the basic understanding of net user command.
- Boot Live Linux
Insert CD/DVD into the drive and reboot the machine. Start your Live DVD. You may need to go into the BIOS screen and change the boot-up order to CD/DVD drive first, HDD second.
- Navigate to sys32
Use the file browser in your Linux environment, navigate to %windir%/system32/. You may have to right-click and mount the Windows partition/drive first or use the NTFS-3G command.
Find and rename magnifier.exe (Magnifier file) to magnify.old.
- Rename cmd.exe
Find and rename cmd.exe to magnify.exe.
- Shutdown Linux & reboot windows
Logout, remove DVD/USB, and reboot into Windows.
- Get CMD Prompt Modify Accounts
When Windows reboots, click on the ease of access button in the bottom left corner.
Click magnify and hit apply.Then You have a system level command prompt. At this point is where we will only change the Admin password and not any of the 1000 other things that could be done at this point!
Your options at here.
net user username new_password
When you do so, the password changes without prompting you again.
Add an account:
net user username password /add
Tip: If your username has a space, like sivarathan sivarajah, use quotes like “sivarathan sivarajah”.
net localgroup administrators username /add
net user username /delete
Remote Desktop Users Group: (just in case)
net localgroup Remote Desktop Users UserLoginName /add
Net User Syntax Reference:
net user commands
Domain i.e. Servers:
net user for domain
This tut is written by my silent mentor OccupytheWeb ( But he didn’t know that ) in a site. I just make some changes in that and provide here