Home » Hacking Windows

Recover Administrators Password through Guest account without changing the password

28 August 2009 2 Comments

Ever wanted break your  Administrator Account if u don’t know Account Password !!!!there ? or just wanted to Step in to  your friend’s PC to make him gawk when you tell your success story of  Magic ? well,there is a great way of hacking an administrator account from a guest account by which you can reset the administrator password and getting all the privileges an administrator enjoys on windows..Interested ? read on…

Concept

Press shift key 5 times and the sticky key dialog shows up.This works even at the logon screen. But If we replace the sethc.exe which is responsible for the sticky key dialog,with cmd.exe, and then call sethc.exe by pressing shift key 5 times at logon screen,we will get a command prompt with administrator privileges because no user has logged on. From there we can hack the administrator password,even from a guest account.

Prerequisites

Guest account with write access to system 32.

Method 1 (Change Admin Password)

Here is how to do that -

1.Go to C:/windows/system32
2.Copy cmd.exe and paste it on desktop
3.Rename cmd.exe to sethc.exe
4.Copy the new sethc.exe to system 32,when windows asks for overwriting the file,then click yes.

5.Now Log out from your guest account and at the user select window,press shift key 5 times.
6. Instead of Sticky Key confirmation dialog,command prompt with full administrator privileges will open.

7.Now type “ NET USER ADMINISTRATOR aaa” where “aaa” can be any password you like and press enter.

8.You will see “ The Command completed successfully” and then exit the command prompt and login into administrator with your new password.

9.Congrats You have hacked admin from guest account.

Method 2 (Access admin without changing password)

Also, you can further create a new user at the command prompt by typing “NET USER DJRohan/ADD” where “DJRohan” is the username you would like to add with administrator privileges. Then hide your newly created admin account by -

Go to registry editor and navigate to this key

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\SpecialAccounts\UserList]

Here create a new “DWORD value”, write its name as the “DJRohan” (the username that you entered in the previous step),now you can live with your admin account forever

Random Posts

2 Comments »

  • D said:

    I got to system32.
    I copied the file “cmd” to my desktop.
    I renamed it “sethc” and copied it back into the system32 folder.
    I clicked yes on overwriting the file.
    This is what I get:

    “Cannot copy sethc: Access is denied.

    Make sure the disk is not full or write-protected and that the file is not currently in use.”

    What should I do? Dx

    # 16 September 2009 at 7:56 am
  • Rohan (author) said:

    Try this on safemode. User F8 key at startup.

    # 16 September 2009 at 9:51 pm

Leave your response!

Add your comment below, or trackback from your own site. You can also subscribe to these comments via RSS.

Be nice. Keep it clean. Stay on topic. No spam.

You can use these tags:
<a href="" title=""> <abbr title=""> <acronym title=""> <b> <blockquote cite=""> <cite> <code> <del datetime=""> <em> <i> <q cite=""> <strike> <strong>

This is a Gravatar-enabled weblog. To get your own globally-recognized-avatar, please register at Gravatar.