21 July 2017

643. 'Hacking' a windows 10 computer w/o password

The scenario: a colleague's masters student had finished, and returned his university issued laptop. He didn't write down the password, and no he can't remember it. It's running Windows 10.

My colleague wants to use the laptop for a bit of testing. No IT support around, so can't reinstall windows.

It has Ubuntu installed as well.We have the password for it.

The local admin account in windows was not activated.

Solution:
I looked at http://www.hackcave.net/2015/10/hack-windows-10-login-password-in-2.html, https://www.ghacks.net/2014/11/12/how-to-enable-the-hidden-windows-10-administrator-account/ and http://webcache.googleusercontent.com/search?q=cache:XXlk7evcUggJ:www.thewindowsclub.com/net-user-command-windows+&cd=4&hl=en&ct=clnk&gl=us

1. Boot into windows 10. Hold 'shift' while clicking on 'Shutdown', in order to force a proper shutdown rather than hibernation.

2. Boot into Linux (in this case it was a dual boot setup, but you could boot from a linux cd or usb stick). Mount the windows partition, open a terminal and navigate to Windows/System32. Rename cmd.exe to sethc.exe and sethc.exe to cmd.exe. Restart.

3. Boot into windows. When you get the log in screen, hit 'shift' 5-6 times. You'll now get a terminal with admin powers!

4. Activate the administrator account so that safe mode becomes useful:
net user administrator /active:yes
net user administrator *

Set the password.

5. Add a new user (users: john, password: b3ngalt0r1n.) and give it admin capabilities:
net user john b3ngalt0r1n. /add
net localgroup administrators john /add
exit

Hold 'shift' while clicking on Shutdown

6. Boot into linux, and swap cmd.exe and sethc.exe back.

7. Boot into windows.




No comments:

Post a Comment