POST CATEGORY : Window Password Hacking

Bypass Admin access through guest Account in windows 10

Open command prompt and check windows user account status using “whoami” command.

Account name is “joe” and account status is ‘DefaultAccount’ which is a non-administrator account type.

Try changing administrator using the ’net user’ command. You will see an error ‘Access is denied’

Now download “CVE-2017-0213_x64” from here and unzip in your PC. Go to the folder and you can find the .exe file, double click on it to run it.

The moment you double click on it, it will automatically open a new command prompt with administrator privileges.

Use ‘net user’ command to change the administrator account password. Message ‘The command completed successfully’ will appear. You have now successfully changed the administrator accounts password.

Author– Abhimanyu Dev is an Aspiring Cyber Security Expert Contact Here

Bypass Windows Login Password using Android Phone with DriveDroid

Drive Droid is an Android application that allows you to boot your PC from ISO/IMG files stored on your phone. This is ideal for trying Linux distributions or always having a rescue-system on the go… without the need to burn different CDs or USB pen drives.

Drive Droid also includes a convenient download menu where you can download USB-images of a number of operating systems from your phone. You can also create USB-images which allow you to have a blank USB-drive where you can store files in. Blank images also allow you to use tools on your PC to burn images to the drive and create a bootable USB disk that way.

You can manually download it from google playstore.

Note: need root privilegde means you need rooted phone.

Let’s start!!!

Install DriveDroid app on your smartphone and run the application.

Click on plus sign at the lower right corner to add any iso image file.

Under preference here we need to select image directories so that we can browse konboot iso image file.

Further it will move into internal storage to let you choose your iso file, I have opt for konboot.iso and click on select (Please note that the kon-bootCD.iso file should exist on your phone)

Selected the koonboot iso file and it will get mounted

Tap on the mounted file and we can see three boot options as shown in the figure below Select the third option of CD-ROM and connect the smart phone with the system and reboot the system

Now plug the USB cable between phone and system for booting it from your phone and restart the system (pc) then continuously press function key of your desktop system.

Select the smartphone as the boot device from the bios boot menu of the system and system will boot with koonboot.

Great!!! Successfully you will get administration console; now hit the enter button on the key board. This will bypass the admin console without entering password.

Hack Locked Workstation Password in Clear Text

For this tutorial we will be using kali Linux iso which can be found on their official website and wce(windows credentials editor) which can be found at http://www.ampliasecurity.com/research/windows-credentials-editor/

Download the universal version if you don’t know the target system architecture (32 bit or 64 bit).

Windows Credentials Editor (WCE) is a security tool to list logon sessions and add, change, list and delete associated credentials (ex.: LM/NT hashes, plaintext passwords and Kerberos tickets).

First of all make your pen drive bootable with kali linux (you can choose any other linux distro) and then copy the wce.exe to the pen drive and then boot up the kali linux with the PD on target system  and from the boot menu choose Live boot option and hit enter.

Now after OS boots up go to File Manager and browse to other locations and choose the 16 GB volume (size of the windows installation which will be different in your case).

Now browse to the Windows/System32 folder.

Now rename the Utilman.exe file to any other name and then rename the cmd.exe to Utilman.exe.

Now restart the system but this time doesn’t boot the system to kali Linux, let it boot to the installed windows and you will be presented with password screen after choosing the user.

At the password screen to lower left side a blue icon named ease of access will be present, click on it and a command windows will be opened

Now you have to execute the wce.exe file in the pd so type the following command to know the external devices connected:

diskpart  (a windows command line utility which enables us to manage disk and partitions)

and then on diskpart prompt type command:

list volume (show all the connected drives)

Now choose the FAT32 Fs type drive (to be sure also confirm the drive name with the size of your pen drive)

In my case it is F. Now exit the diskpart by pressing ctrl^c.

So now browse to the pd by typing the following command: f:  (Here f is the drive letter name In your case it could be different) and then execute the wce.exe file which you copied previously with command:

wce.exe –w (-w is used to dump all the passwords in clear text)

As you can see it has successfully dumped the password in clear text.