An Easy Way to Break Into a Windows User Account - Technibble
Technibble
Shares

An Easy Way to Break Into a Windows User Account

Shares

In this article, I am going to show you an easy way to access a Windows user account without knowing the original password. First of all, I know there many other ways to do this such as using a live CD like Ophcrack or something like Knoppix to access the Windows password file etc… but I find this way is the easiest, most reliable and gives the most options.


This knowledge is not intended for malicious purposes. It is intended to be used by computer technicians for times when clients forget their password or unable to log in for some other reason. Don’t use this information to be a tool.

Note: You will need access to a working computer to create a boot CD. You will also need a fairly good knowledge of computers and BIOS in order to do this. This article is aimed towards computer technicians.

If you don’t have it already, download UBCD4Win using one of the mirrors here. If you do already have it on a CD, skip to step 3.

To run it, create an ISO and burn it to CD. You can read the instructions here. I wont write the instructions here because the ones on the previous link are better and this article is more targeted at computer technicians and most of them already have this CD.

Once the CD has been created, goto the BIOS and make sure your CDRom is set as the first boot device. Start up the computer with UBCD4Win in the CDRom and you will have some boot options. Choose the “Launch The Ultimate Boot CD for Windows” option.

It will take a few minutes to load fully, but when it does you should see a Windows XP like interface. Once there, goto Start > Programs > Password Tools > Password Renew.

Remove Windows Password

Once Password Renew is open, you need to tell it what Windows install you would like it to effect, so press “Select a Target” and choose the Windows installation (in most cases, its c:\windows).

Remove Windows User Password

You can “Renew existing user password”, “create new Administrator user” or “Turn existing user to Administrator”. For this example, we’re just going to gain access to an existing user account so choose “Renew existing user password”.

Remove Windows Password

Choose the account you would like to change the password for and enter in the new password. Now press “Install” on the left hand side. Restart the computer, eject the boot CD and you should be able to use that user account.

  • focuz says:

    UBCD4win is a must have for any technician, not just for changing passwords but also virus scans, data retrieval, and many others. Good article.

  • Ron says:

    If you need a boot CD, UBCD4Win is a good one, but there is also other ones out there as well, and I recommend having multiple boot CDs to use.

    If have access to an administrator level account and can login and you want to say change the password of any other account, like for example the Administrator account, from a command prompt, type net user Administrator *

    Of course all of these things and more are why I’m switching to Linux.

  • Derek says:

    Have used it several times, always works great

  • Remote Computer Repair says:

    Ahh… good times! Love this stuff :-)

  • Chris says:

    Thanks for this articel great help

  • Bryce W says:

    @Ron, yep, no such thing as security in Windows.

  • jj2000 says:

    must admit i never go on a call without the ubcd but i find i’m using it less than my knoppix cd/dvd combo nowadays.

  • 1pixel says:

    If they have encrypted files using this profile and you change the password, can they access the files?

    They could become unhappy with your fix if it breaks something else.

  • lonagcio says:

    thanks for the post

  • Crgky127 says:

    I have heard that wiping/overwriting passwords can lead to profile corruption, so I try to recover the original password when at all possible(OC usually). But it is nice to have plan B on our favorite multi-tool.

  • Fred Jones says:

    Its a good tool for XP, but has anyone come across anything that will work with Vista yet?

  • Noodle2732 says:

    http://home.eunet.no/pnordahl/ntpasswd/cd080802.zip

    Thats what i use, very simple linux boot disc.

    Its command line based and easy to use. Works on both XP and Vista but only NTFS file systems, i have had a few problems with some of the newer sony laptops aswell it freezes when loading a few drivers.

    the options it gives you in the command line for most of them the defaults are fine normally you only have to actually make a selection when you want to select a user account.

    Have used Password Renew before but found that it can be a bit unstable, one instance it changed the administrator password and then wouldn’t run again, after using rainbow tables to get the password it was a random Hex key…

  • Eddie says:

    Fred J:

    There is a version of Ophcrack for Vista that I’ve used successfully.

    If one just needs to clear the account password rather than retrieve it I’d just use the Offline NT XP/2000 utility (or whatever it’s called) on UBCD or Hiren’s. Booting to UBCD4Win takes much longer. If you’re already booted to it though might as well use this.

    Often you will have to retrieve the password rather than clear it, though; for that always have the XP and Vista versions of Ophcrack handy.

  • Christopher Shennan says:

    I’ve always known that there would be tools to do this but I’ve never managed to find them until now.

    I’ve just tried to blank the password on a Vista installation I have here and it worked perfectly… logged in straight away and everything was there as it should be so this UBCD4Win is another CD to add to my expanding collection to take onsite (just hope I don’t forget to pick it up on the way out again!).

    I’m currently downloading the Ophcrack for Vista to see if I can get the recovery working as well rather than just wiping.

    Many Thanks

  • Elsa says:

    What if I can not download this mirror because I am not logged in as administrator? I needed to block my daughter out NOT myself. I lost my administrator log in password.. PFFFT!!! Help what do i do!

  • This is a useful work-around for acquiring access to one’s system. Concepts like this are fine to spread around, since the point when someone has access to one’s computer is the point when any security loses its relevance. The people that want this information are quite readily able to get to it.

  • jimf says:

    Just tried out the instructions…booted up nice, but I did not have keyboard or mouse support…either usb or standard type…

  • Heriberto t. says:

    cant you just go to safe mode with command prompt and type, net user (user name) * that seems to work.

  • Ivan Kolevski says:

    Here’s a linux bootcd that has GUI and works well on xp and vista. However I prefer Active Boot disk 4.

    http://www.pcloginnow.com

    Cheers,
    Ivan

  • wyath says:

    anydude heard ’bout bartpe
    that’s quite a good tools too

  • Tony McKimm says:

    Hiren’s Boot CD does the trick for me. Many command-line tools (including DOS) available in a non-windows boot menu; Windows tools for when you use the CD in Windows; and a MiniXP capable of offline system-restore, otherwise I’d only get with ERD Commander.

  • Zach says:

    If you lost windows passwordIf you lost windows password. I think the best solution is making a windows password recovery disk with the third part utility. The disk works perfectly to recover windows password to “Blank”. It is also useful for administrator password recovery, you can wrote it to an blank CD or USB flash drive to recover administrator password. Booting up and clearing a password takes a minute or two works like a charm.
    more info: http://www.windowsloginrecovery.com

  • casdfck says:

    I ever used a windows password recovery tool to bypass windows password http://www.anypasswordrecovery.com/ ,its easily and safely to use ,not need to reinstall windows OS and with no data losing.you can have a try.

  • Jeff says:

    I have found IN MOST CASES booting into safe mode will give you the Administrator login option that rarely is password protected. It’s only there when booting into safe mode. Once you sign in, just go to user accounts and remove the password for the user. That is the quickest way I’ve found but doesn’t work in all cases!

  • smitheanhy says:

    I would like to introduce Windows Password Key 8.0 . it not only supports XP, 2000, and NT, I have personally tested it with Vista Home Premium and Ultimate. It creates a password recovery CD/DVD,USB Flash Drive for home, business and enterprise. It works perfectly to reset your Windows password.
    http://sn.im/vaptp

  • Xavier says:

    I have recently bought a second-hand computer from a store. But when it starts up, it requires me to type the administrator password, and it makes me quite disappointed!
    Eventually I have managed to reset the administrator password using a password reset boot CD from http://www.top-password.com/reset-windows-password.html

  • Tony says:

    There is a way to reset windows password without erasing anything.
    Follow the instructions:
    1.Free download the iso file : http://www.windows-key-finder.com
    2.Burn it to a disk to create the boot disk, that simple.
    3.Configure your pc or laptop to boot in the cd drive,
    4.Insert the CD, reboot from CD drive, and then just follow the process of instruction. A few steps later, admin password would be cleared
    Took about 5 minutes for the whole process.

  • >