Resetting the Windows Password[Hacked]If you wish to gain access to a Windows computer whose account is password protected,
resetting the password is an easy option. Windows stores all its account information and
encrypted passwords in a file called “SAM”. By modifying the “SAM” file it is possible to
reset the password of any user account including that of the “administrator”. You can
accomplish this task using a small open-source tool known as Offline NT Password &
Registry Editor. This utility works offline, that means you need to shut down and boot up
the target computer using a CD or USB device such as thumb drive.
The tool has the following features:
- You do not need to know the old password to set a new one.
- This tool will allow you to reset the password of any user account.
- This tool can also detect and unlock locked or disabled out user accounts.
You can download the tool from the link below:
Download: click here
Resources to create a bootable CD and bootable USB device are available for download
separately. Both works similarly and is a matter of your convenience. However, in this
book I will give a demonstration of the USB version to reset the existing password. To
create a bootable USB drive, download and unzip the USB version of the tool from the
above link by following the simple instructions given in the readme.txt file.
Once you have the bootable USB device in your hand, plug-in the device and boot from it.
Make sure that you have enabled the USB boot option and set the top boot priority for
your USB device in BIOS.
Step-by-step instructions to complete the password reset
process is given below:
Once the tool is running from your USB device, you should see the screen similar to the
one shown above. Just follow the screen instructions and the tool will automatically detect
the partition on which the Windows is installed. Usually the right options are preloaded in
the square bracket as shown in the below snapshot. So, just pressing Enter key should
In the next step, you will be asked to “select which part of the registry to load”. You need
to select the option-1 that is “Password rest [sam]” which is preloaded by default as shown
below. So just press Enter to proceed.
In the next step, select the option-1 which is “Edit user data and passwords” as shown
below and hit Enter.
Figure 8. 4
Now, you should see a list of “Usernames” and their “Admin” status being displayed.
Select the user who has administrator privilege and hit Enter.
Figure 8. 5
In the next screen you will be asked to select from a list of options that you may want to
perform on the selected user. Here, just select the option-1 which is “Clear (blank) user
password” and hit Enter.
This should reset the password for the user account to make it go blank, so that the next
time you reboot your Windows you should be able to login automatically as if there was
no password set for that user account.
Now quit editing user by pressing q and hit Enter until you proceed to the screen where
you will be asked to confirm “writing back changes” to the SAM file. This step is very
important where you need to press y and hit Enter as shown in the snapshot below. If you
accidentally press Enter keeping the default option which is n, the reset process will fail
and the whole procedure will have to be repeated again from the beginning. So, changing
the default option from n to y before pressing Enter is very important.
This will complete the reset process where the existing password will be removed and set
to blank. Disconnect the USB device and press CTRL+ALT+DEL to reboot the
computer. Now, the Windows should let you login to the system without insisting to enter
Restoring the Password After BreachResetting the password is a wonderful option to easily gain access to the password
protected accounts. However, this method has a clear drawback as the password reset
process is permanent. The administrator of the target machine will easily come to know
about the security breach as thereafter no password will be asked during the login process.
To overcome this drawback, we will have to device a means to restore everything back to
normal once the purpose of breach is completed. For this we will have to take a backup of
the original SAM file before modifying it in the password reset process and safely restore
it back to make everything look normal.
The SAM file is located in the drive where the Windows is installed (usually C:) under the
following path: \windows\system32\config. You can easily access this location by booting
up the computer from your live Kali Linux DVD. Once the Kali DVD is loaded, doubleclick
the “Computer Icon” present on the desktop to open up the explorer window. Now,
navigate to the above location to find the SAM file and back it up to a different location
such as a different drive or to your own USB device.
Figure 8. 8
Now reboot the system and perform the password reset process as discussed earlier. Once
you are done with your work, reboot the system again with Kali DVD and navigate to the
location of SAM file. Rename the existing file to SAM.OLD and restore the original
SAM file from the backup location. This should bring everything back to normal and
Bypassing the Windows Authentication ProcessIn the previous section we had discussed on how to reset the password to gain access to
the system. But there is another smart way to gain access to the Windows system by
silently bypassing the authentication process itself. This is done by applying temporary
changes to the Windows kernel on the fly (while booting) to disable the authentication
process. A tool called Kon-Boot allows you to accomplish this task. You can download it
from the link below:
Kon-Boot is a handy tool that allows you to enter any password protected Windows user
account without having to enter the password during the log-in process. The tool allows
you to create a bootable CD or a USB drive. Once you boot the target computer from this
bootable device, it will virtually modify parts of Windows kernel to load the operating
system in a special mode where you will not be insisted to enter the password. The
advantage of this tool is that all the changes are temporary and disappear after reboot, so
that everything looks normal thereafter and does not arouse suspicion of a possible
These were the simple ways to hack your windows password......
Please like ,comment and share..