How to Break Windows Password?
KARAN KOHALE
Cybersecurity Engineer | Cyber Threat Intelligence | Certified Ethical Hacker | Incident Response | XDR | IT Security Engineer | SOC Analyst | ZTA | SIEM |
In this write up we are going to break any windows password. You would be thinking how is it possible, we haven’t heard of it before. Reality is, this type of content is only for educational purpose, because this is explicit content. If you upload it on YouTube your video would be blocked.
I’m going to explain its concept with practical and countermeasure to protect yourself from this attack.
Before preceding further you have to be clear that there are two concepts Password Breaking and Password Cracking.
So why are you waiting, lets get started.
Concept
lets have basic concept of Booting Sequence.
1. when we start our machine its BIOS performs an initial check on the input/output devices, computer’s main memory, disk drives, etc. Moreover, if any error occurs, the system produces a beep sound.
2. After that our OS is loaded in memory (RAM). The operating system starts working and executes all the initial files and instructions.
3. After that its system configurations, drivers, system utilities are loaded in memory
4. If any password has been set up in the computer system, the system checks for user authentication. Once the user enters the login Id and password correctly the system finally starts.
We are interested in step 4. we somehow have to get access of command prompt at this step.
This step looks like this
You would be thinking there’s nothing interesting seems here. How can we get access to Command prompt. Well don’t worry I’m here.
Practical Time
There is an interesting program “Ease of Access”, which is executed in following directory C:\Windows\System32 and its name is Utilman.exe.
In simple word it means that you have access to Utilman.exe without getting into windows. We have to replace cmd.exe with utilman.exe name. When next time we start our PC and click on this Ease of access button instead of running actual utilman.exe our file cmd.exe runs and we have access of CMD.
Don’t be happy actual work is remaining.
Using Windows Bootable USB/DVD
We have to boot our USB with Windows ISO. If you don’t know how to boot check out this link .
Now we have bootable usb, lets plug in and start our PC. We have to boot through our USB, in different computer companies like dell, hp, lenovo etc there is different boot key, you have to find it online.
Further steps:
Little Concept Here
In command prompt we have two OS directory files, one in USB and second in Default System.
6. In order to move to our system OS type following command on command prompt
C: if it does not work type D:
To see if you are in right OS type Dir command on command prompt.
Windows, Program Files (x86) shows it is our OS. Now when we are in right OS lets do our real work
7. Let go to our following directory, type this command
cd Windows\System32
Now we have come to our destination lets replace utilman.exe with cmd.exe Type the following command
copy cmd.exe utilman.exe
It is best practice to have cmd.exe and utilman.exe backup in case of any mistake, which can be done by following:
copy cmd.exe cmd_backup.exe
copy utilman.exe utilman_backup.exe
If you don’t want to backup its okay.
Now we have replaced our programs, lets reboot your PC and this time unplug USB (Boot from system OS). Click on Ease of Access, now we have access to Command prompt, we can change password of user. for this we have to see users on system.
9. Type following command to see users
net user
10. Type this command to change password of user
net user <username> <password>
e.g net user abdulrehman window10@
We have successfully change its password, now login with that password you can successfully log in
Wait for part2 to bypass fingerprint, Pin & Microsoft ID.
Security Lead at Saama
2 年Good one KARAN KOHALE keep going ??