Bypass and Reset Windows 7 Password
Reset Windows 7 Password Without Using Any External Softwares
Hello friends. Today we are going to go over the process of bypassing and resetting the password Windows 7 without using any software or an external device like flash drive or CD/DVD. You will not require any prior admin privilege to the victim's machine either to carry out this process.
Okay I understand that. What's next?
Many of you might have heard about this before, but I'd like to repeat this part for those people who don't know about it yet. When we are in the logon screen of windows, we can press the shift key 5 times to turn the sticky on unless it is disabled. Our aim here is to exploit this vulnerability to gain unauthorized access to the victim's machine. It will take you a few minutes to carry out this process, so proceed further only when you have a little time to spare.
I am ready. Lets do it!
That's wonderful. Now start the victim's machine and verify that it has a password to be bypassed. It would be such a waste if you went through the length to reset the password which never existed.
Okay, now that you have verified that you have a password to be bypassed and reset, restart the machine. When the animated windows logo is in process of appearing on the screen, force the windows to shut down by pressing the power button. This should lead you to the Windows Error Recovery screen next time you start up.
You will have an option of choosing either of the following options :
Launch Startup Repair (Recommended)
Start Windows Normally
Choose to launch the Startup Repair. That will lead you to another screen where windows will load files for the recovery.
After loading the the files, you will be taken to another screen where windows will try to search for the problems related to startup in a dialog box. You will have to be patient and let windows do this job uninterrupted. It will be sometime before this is over. In between, you'll be asked if you want to use the System Restore to restore your computer. You should press on Cancel when this is asked to you. After that it will continue the process by trying to attempt repairs to your machine.
After few minutes, a dialog box will be displayed informing you that the start up could not be repaired automatically. You will be asked if you want to send the information to Microsoft or not.
Before you choose any of these options, click on View Problem Details present below these options. The dialog box will extend in size displaying problem signatures, OS version, etc. Below these details, you'll find a link to read the privacy statement online, and another location in your machine to read it offline. Click on the link to the privacy statement's offline location in your machine.
The privacy statement will be opened in a Notepad page.
Hey! Why exactly are we doing this?
When we press shift key 5 times to activate sticky, it is sethc.exe in system32 that is executed which prompts the user to activate sticky. But now that we renamed cmd.exe to sethc.exe, original cmd.exe will be executed when the user presses shift 5 times in a row.
Lets carry on with what we were doing. Now that you have renamed the cmd.exe and original sethc.exe, close everything and shut the machine without sending any information detail to Microsoft.
Is it over?
Not yet. But the major part of it is done now. You just need to start the machine now and wait for the logon screen to appear. When the screen appears, press shift 5 times in a row. This should display command prompt on your screen.
Type net users and press enter to see the list of users who use the machine if you are not sure.
Now type net user hustfisher * and press enter. You will be asked to enter password and then confirm it. This will be the new password which you can now use to log on to the victim user. Simply press enter and leave those fields blank if you don't want to keep any password.
Type exit and press enter to close command prompt.
Now use the new password you just set to gain access to the victim's machine.
Note : Rename sethc.exe and sethc1.exe to cmd.exe and sethc.exe after you are done with the process to keep the machine from behaving funny in future.
Use this tutorial for educational purpose only and don't break into someone's machine without his/her permission for any malicious/non-malicious purpose.
Regards,
The Arcanist
Hello friends. Today we are going to go over the process of bypassing and resetting the password Windows 7 without using any software or an external device like flash drive or CD/DVD. You will not require any prior admin privilege to the victim's machine either to carry out this process.
Okay I understand that. What's next?
Many of you might have heard about this before, but I'd like to repeat this part for those people who don't know about it yet. When we are in the logon screen of windows, we can press the shift key 5 times to turn the sticky on unless it is disabled. Our aim here is to exploit this vulnerability to gain unauthorized access to the victim's machine. It will take you a few minutes to carry out this process, so proceed further only when you have a little time to spare.
I am ready. Lets do it!
That's wonderful. Now start the victim's machine and verify that it has a password to be bypassed. It would be such a waste if you went through the length to reset the password which never existed.
Okay, now that you have verified that you have a password to be bypassed and reset, restart the machine. When the animated windows logo is in process of appearing on the screen, force the windows to shut down by pressing the power button. This should lead you to the Windows Error Recovery screen next time you start up.
You will have an option of choosing either of the following options :
Launch Startup Repair (Recommended)
Start Windows Normally
Choose to launch the Startup Repair. That will lead you to another screen where windows will load files for the recovery.
After loading the the files, you will be taken to another screen where windows will try to search for the problems related to startup in a dialog box. You will have to be patient and let windows do this job uninterrupted. It will be sometime before this is over. In between, you'll be asked if you want to use the System Restore to restore your computer. You should press on Cancel when this is asked to you. After that it will continue the process by trying to attempt repairs to your machine.
After few minutes, a dialog box will be displayed informing you that the start up could not be repaired automatically. You will be asked if you want to send the information to Microsoft or not.
Before you choose any of these options, click on View Problem Details present below these options. The dialog box will extend in size displaying problem signatures, OS version, etc. Below these details, you'll find a link to read the privacy statement online, and another location in your machine to read it offline. Click on the link to the privacy statement's offline location in your machine.
The privacy statement will be opened in a Notepad page.
- Click on File Menu
- Choose Open and enable viewing of All File (*.*) types instead of Text Files (*.txt)
- Navigate to the System32's location in you machine (Probably C:\Windows\System32)
- Rename sethc.exe to sethc1.exe (for back up)
- Rename cmd.exe to sethc.exe
Hey! Why exactly are we doing this?
When we press shift key 5 times to activate sticky, it is sethc.exe in system32 that is executed which prompts the user to activate sticky. But now that we renamed cmd.exe to sethc.exe, original cmd.exe will be executed when the user presses shift 5 times in a row.
Lets carry on with what we were doing. Now that you have renamed the cmd.exe and original sethc.exe, close everything and shut the machine without sending any information detail to Microsoft.
Is it over?
Not yet. But the major part of it is done now. You just need to start the machine now and wait for the logon screen to appear. When the screen appears, press shift 5 times in a row. This should display command prompt on your screen.
Type net users and press enter to see the list of users who use the machine if you are not sure.
Now type net user hustfisher * and press enter. You will be asked to enter password and then confirm it. This will be the new password which you can now use to log on to the victim user. Simply press enter and leave those fields blank if you don't want to keep any password.
Type exit and press enter to close command prompt.
Now use the new password you just set to gain access to the victim's machine.
Note : Rename sethc.exe and sethc1.exe to cmd.exe and sethc.exe after you are done with the process to keep the machine from behaving funny in future.
Use this tutorial for educational purpose only and don't break into someone's machine without his/her permission for any malicious/non-malicious purpose.
Regards,
The Arcanist
541
被折叠的 条评论
为什么被折叠?
到【灌水乐园】发言
