- 10
- Jul
Have you ever changed or forgotten your Windows password? Fear not because I have the solution for you - and its completely free.
The following method works on Windows XP and Vista.
All you need is a Linux live CD (that auto mounts Windows partitions - ex. Ubuntu, Backtrack, Fedora, openSUSE).
Save the .iso and burn it to a disc.
Boot from the CD and follow these simple instructions - these instructions are assuming your are using backtrack, but should be similar for other Linux distributions:
- Open a Linux terminal and enter the following commands:
- cd /mnt
- ls (Take note of the folders listed here. You might need them in the next step.)
- cd sda1/Windows/System32/ (If this didn’t work you might have the wrong hard drive, try replacing ’sda1′ with sda2, hda1, or hda2)
- mv utilman.exe utilman.old && cp cmd.exe utilman.exe
- reboot (and remove the CD)
- Once rebooted, at Vista or XP log in screen, Press Windows key + U to run CMD with system privileges. Replace username below with the one of your choice - it must not already exist!
- c:\>net user username mypassword /add
- c:\>net localgroup administrators username /add
- Log in with the new admin account!
After completing don’t forget to copy the utilman.old back to utilman.exe or you will leave your system vulnerable - this is very important!!
I hope this helped in regaining access into your XP or Vista PC and if you know of any other tips like this please let us know in the comments.
UPDATE: Here is a backtrack video tutorial that covers the instructions.
![[del.icio.us]](http://images.del.icio.us/static/img/delicious.small.gif){kind=small}
Related Posts
Tags: Featured, Linux, Lost Password, Open source, Security, Vista, Windows, XP
July 10th, 2008 at 7:12 pm
Yellow,
This is a great tip, if i may dare to complement your post.
i believe that this hack will only work if the HDD is not write protected witch is normal in enterprise environment (i have already come face to face to this problem).
In this case, is not easy (not to say impossible) to mount an NTFS partition on Linux. After “googling” a while a came across with this links usefull links,
[1] http://www.petri.co.il/forgot_administrator_password.htm#20
[2] http://www.petri.co.il/reset_domain_admin_password_in_windows_server_2003_ad.htm
[3] http://www.password-changer.com/screens.htm (this is not a freeware)
[4] home.eunet.no/pnordahl/ntpasswd/ (this is a freeware)
if you read some blogs and some posts on the subject, you will realize that windows stores passwords in a file (i can not remember the location of the file and i do not want to search it at this time) as a known hash so, with a little work and the use of “jonh the ripper” you can crack the admin password, and/or change it.
note: this should be only use to:
1st - prove how stupidly fast and easy is to hack into a windows machine, and you do not have to know nothing more than open you browser
2nd - prove why windows should not be used in enterprise/productions environments and other places where you store sensitive information
3rd - prove why *nix is better (until this day i never managed to hack into a *nix workstation)
4th - it is WRONG to hack in to workstations with out permission to do so.
July 10th, 2008 at 8:00 pm
Zuss, thanks for the great feedback. I wish more people left as valuable comments as this.
Thanks again for stopping by.
July 11th, 2008 at 2:16 am
Hi!
Great post. Will come handy next time I can’t find my OphCrack CD’s :)
/daniel
July 11th, 2008 at 4:25 am
i shane,
i’m glad to share my experience.
July 19th, 2008 at 11:07 am
I would recommend PCLogin (http://www.pcloginnow.com/). Its a freeware and also easy to use. No need to remember commands at all.
July 23rd, 2008 at 8:45 pm
Thanks for the Tip :D
PC Login is simply easy in comparison to this …
July 29th, 2008 at 10:20 am
[changefrom]I hope this helped in regaining access into your XP or Vista PC and if you know of any other tips like this please let us know in the comments.[/changefrom]
[changeto]I hope this helped in regaining access into your XP or Vista PC and if you know of any other tips like this please let us know in the comments.
UPDATE: Here is a backtrack video tutorial that covers the instructions.[/changto]
**CHANGED**
August 14th, 2008 at 5:30 pm
Everyone keeps saying how Windows is less secure because of this. The fact of the matter remains that if any system is not physically secured, an attack like this is possible. Any Linux box can be compromised in a similar way if you have access to the keyboard and the monitor.
August 14th, 2008 at 5:55 pm
True. You can do much the same on some Linux distros by booting to single user mode. ;)
August 15th, 2008 at 7:29 am
I simply don’t use any password for windows admin account, I lock my pc in my room :D
Anyways nice trick, even though its little long., trick is trick.
August 15th, 2008 at 9:14 am
You don’t have a password set for your admin account on an internet connected Windows PC? Asking for trouble, I’d say…
August 15th, 2008 at 9:18 am
Ryan,
Actually it is better to have no password than a weak password, so I have heard.
August 15th, 2008 at 9:45 am
Well actually, if you think about it, Windows won’t allow access over the network for accounts that don’t have a password, so this might work…
Confirmed from Microsoft… Interesting…
http://www.microsoft.com/protect/yourself/password/create.mspx
August 15th, 2008 at 6:50 pm
[...] Alright, try this one. Lost Windows Password? Regain Access with Linux | Hackosis [...]