Surely more than one has happened to you that you have forgotten the password of your windows or a Windows 10 that was in domain is not able to access the AD.
In this tutorial I will show you how to enter the machine without knowing the password, either physical or virtual machine (in this case it requires console access).
Requirements:
- Windows Machine – The one that will be attacked
- USB or Virtual ISO – Windows 10 in boot mode
Responsibility:
In this tutorial we will use hacking techniques, with the only purpose of learning. We do not promote its use for profit or improper purposes. We are not responsible for any damage or impairment that may be generated in the systems used. The responsibility lies entirely with the user of this tutorial.
Knowledge:
- Linux – Not applicable
- Programming – Not applicable
- Kali Linux – Not applicable
- Windows – Medium
- Networks – Not applicable
Let’s get started:
To start as I said before, you will need access to the physical machine (in this case have USB port) or Virtual machine (with access via console).
Part 1
To create a Windows 10 installation media please refer to the following page: Create Windows installation
Part 2
Insert the Windows 10 installation disc into the computer where you need to reset the local Windows administrator password, and then make the computer boot from the disc.
Part 3
Replacing Utility Manager with Command Prompt (CMD)
- After the computer boots up, the Windows Setup screen will appear. On the Windows Setup screen, press the keyboard shortcut Shift + F10 and a Command Prompt window will open.
- In the Command Prompt window, execute the following two command lines, which will replace the Utility Manager on the Windows 10 logon screen with the Command Prompt. Note: Replace the letter c with the drive letter of your operating system and press the Enter key after typing each command.
move c:\windows\system32\utilman.exe c:\ copy c:\windows\system32\cmd.exe c:\windows\system32\utilman.exe
Once the two commands have been successfully executed, remove the Windows 10 installation disc and reboot the computer. You can restart the computer by using the “wpeutil reboot” command or by turning the computer off and then on again.
Part 4
Reset the Windows 10 local administrator password using the command prompt.
- After the computer restarts and you reach the Windows 10 logon screen, click the Ease of Access icon in the lower right corner. This will bring up a Command Prompt window if the previous three steps were successful.
- In the Command Prompt window, type the password reset command: net user and press Enter to set a new password for your Windows 10 local administrator account. Once the password reset is complete, close the Command Prompt and then you can log in to the administrator account with the new password.
Alternatively, you can add a new local administrator account using the following commands and then use this new administrator account to log in to Windows 10.
net user <username> /add net localgroup administrators <username> /add
Step 5
Put the Utility Manager back as before (VERY IMPORTANT).
For the security of your system, you’d better put the Utility Manager back after you finish resetting the password of Windows 10 local administrator account. Otherwise, other people clicking the Ease of Access icon will open the Command Prompt window and might change your password or make other changes to your system. In order to reset the Utility Manager, you just need the steps as below:
- Restart your computer from the Windows 10 installation disc again.
- When you reach the Windows setup screen, press Shift + F10 to bring up the Command Prompt window.
- Run the command: copy c:\windowssystem32\utilman.exe c:\windowssystem32\utilman.exe. When the message “Overwrite c:\windows\system32\utilman.exe? (Yes/No/All)” appears on the screen, type Yes and press Enter. That’s it. Remove the Windows 10 installation disc, reboot the computer, and you’re all good.
Final Step
Access the machine.
Once these steps are completed, simply reboot the machine and log in with the username and password you set.
I hope you found this tutorial helpful and that you liked it.