Bypass Windows Login Password using Android Phone with DriveDroid

Drive Droid is an Android application that allows you to boot your PC from ISO/IMG files stored on your phone. This is ideal for trying Linux distributions or always having a rescue-system on the go… without the need to burn different CDs or USB pen drives.

Drive Droid also includes a convenient download menu where you can download USB-images of a number of operating systems from your phone. You can also create USB-images which allow you to have a blank USB-drive where you can store files in. Blank images also allow you to use tools on your PC to burn images to the drive and create a bootable USB disk that way.

You can manually download it from google playstore.

Note: need root privilegde means you need rooted phone.

Let’s start!!!

Install DriveDroid app on your smartphone and run the application.

Click on plus sign at the lower right corner to add any iso image file.

Under preference here we need to select image directories so that we can browse konboot iso image file.

Further it will move into internal storage to let you choose your iso file, I have opt for konboot.iso and click on select (Please note that the kon-bootCD.iso file should exist on your phone)

Selected the koonboot iso file and it will get mounted

Tap on the mounted file and we can see three boot options as shown in the figure below Select the third option of CD-ROM and connect the smart phone with the system and reboot the system

Now plug the USB cable between phone and system for booting it from your phone and restart the system (pc) then continuously press function key of your desktop system.

Select the smartphone as the boot device from the bios boot menu of the system and system will boot with koonboot.

Great!!! Successfully you will get administration console; now hit the enter button on the key board. This will bypass the admin console without entering password.

Hack Locked Workstation Password in Clear Text

For this tutorial we will be using kali Linux iso which can be found on their official website and wce(windows credentials editor) which can be found at http://www.ampliasecurity.com/research/windows-credentials-editor/

Download the universal version if you don’t know the target system architecture (32 bit or 64 bit).

Windows Credentials Editor (WCE) is a security tool to list logon sessions and add, change, list and delete associated credentials (ex.: LM/NT hashes, plaintext passwords and Kerberos tickets).

First of all make your pen drive bootable with kali linux (you can choose any other linux distro) and then copy the wce.exe to the pen drive and then boot up the kali linux with the PD on target system  and from the boot menu choose Live boot option and hit enter.

Now after OS boots up go to File Manager and browse to other locations and choose the 16 GB volume (size of the windows installation which will be different in your case).

Now browse to the Windows/System32 folder.

Now rename the Utilman.exe file to any other name and then rename the cmd.exe to Utilman.exe.

Now restart the system but this time doesn’t boot the system to kali Linux, let it boot to the installed windows and you will be presented with password screen after choosing the user.

At the password screen to lower left side a blue icon named ease of access will be present, click on it and a command windows will be opened

Now you have to execute the wce.exe file in the pd so type the following command to know the external devices connected:

diskpart  (a windows command line utility which enables us to manage disk and partitions)

and then on diskpart prompt type command:

list volume (show all the connected drives)

Now choose the FAT32 Fs type drive (to be sure also confirm the drive name with the size of your pen drive)

In my case it is F. Now exit the diskpart by pressing ctrl^c.

So now browse to the pd by typing the following command: f:  (Here f is the drive letter name In your case it could be different) and then execute the wce.exe file which you copied previously with command:

wce.exe –w (-w is used to dump all the passwords in clear text)

As you can see it has successfully dumped the password in clear text.

2 Ways to Hack Windows 10 Password Easy Way

Start your computer and enter into Bios Setup. Change your boot preferences to boot from CD /DVD. Click on Next

Now select the “Repair your computer” option from the lower left-hand corner.

Then click on Troubleshoot option.

Then click on advanced options.

Now click on command prompt

Then you’ll copy the command prompt executable (cmd.exe) over top of the On Screen keyboard executable

Copy d:\windows\system\32\cmd.exe d:\windows\system32\osk.exe

Now you can reboot the PC.

Resetting the Password

Once you get to the login screen, click on On-Screen Keyboard, and you’ll see an administrator mode command prompt.

Now to reset the password—just type the following command, replacing the username and password with the combination you want:

Syntax : net user account.name *

Example: net user raj * and hit enter. Set any password for that account.

Second Method

Start your computer and enter into Bios Setup. Change your boot preferences to boot from CD /DVD. Click on Next

Press SHIFT + F10 to open a command prompt

Then you’ll copy the command prompt executable (cmd.exe) over top of utility manager executable

Copy d:\windows\system\32\cmd.exe d:\windows\system32\utilman.exe

Now you can reboot the PC.

On the Windows 10 sign-in page, click the Utility Manager icon

Now to reset the password—just type the following command, replacing the username and password with the combination you want:

Syntax : net user account.name *

Example: net user raj * and hit enter. Set any password for that account.

Hack Windows 7 Password from Guest Account using 2015-1701 Exploit (Easy Way)

From Wikipedia

Privilege escalation is the act of exploiting a bug, design flaw or configuration oversight in an operating system or software application to gain elevated access to resources that are normally protected from an application or user.

The result is that an application with more privileges than intended by the application developer or system administrator can perform unauthorized actions.

Now here type net user command to change the admin password but it will show you the error “Access is denied”

Download CVE 2015-1701 from here and unzip in your Pc. Then go to the compiled folder in CVE Master. Here you will find 2 exe files for 32-bit user and 64-bit user(in my case I’m using 64-bit user).

Now run Taihou64.exe, it will open a command prompt with admin priveleges. Now you can change the password using net user command. Example is given below:

Syntax:

net user (username) *   then press enter

Note: This trick works only on Windows7(all versions) not available for Windows8 and Windows10 yet.

Related Posts Plugin for WordPress, Blogger...