Saturday, 2 February 2013

Changing Windows Admin Password

             So now you have a usb with live linux in it (If not then go here and learn how to make one http://greyhatsspeak.blogspot.in/2013/01/creating-live-linux-usb.html).
I have tried this method upto windows 7 and found it working. Remember dont use this for unethical activities, breaking into somebodies computer without permission is simply 'illegal'.

INTRODUCTION
Have you ever pressed shift key a few times and noticed such a window



What happens is a program called sethc.exe gets executed. It is located at c://WINDOWS/system32/sethc.exe(If 'c' is root directory).

There is another program cmd.exe at the same location which will get executed when we open command prompt. What we are going to do is rename cmd.exe to sethc.exe and access command prompt at at login screen (by pressing shift key five times). Now we will get a command prompt with administrative privileges. And we can simply reset password with a dos command.
The thing is that with a live linux usb you can access the filesystem of windows with administrative privileges, so that we can rename cmd.exe.

THE ATTACK

Boot from the linux-live usb in the system you want to reset password. Go to the drive where windows is installed, then go to the folder  WINDOWS/system32. Now rename the file sethc.exe to some other name (say sethc1.exe). Then rename cmd.exe to sethc.exe. Now restart the machine and boot from the hard disk. At the login screen press sift key 5 times. This will now give you the command prompt.

Now type

net user "username" "new_password"




Here the password of the user buser is resetted to a.

Replace username with the one whose password you want to crack  and password with the new password you want to set. Now close the prompt and login using the new password!!



Tags:- hack, windows, 7, xp, vista, sethc, method, cmd, reset, admin, password, live, linux, usb, sticky, keys, vulnerability, net, user, hacking