Skip to content

A very simple Non destructive solution to reset Windows Password

Notifications You must be signed in to change notification settings

TinToSer/winbyepass

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

6 Commits
 
 

Repository files navigation

win-bye-pass

A very simple Non destructive solution to reset Windows Password

Download iso from below link

https://drive.google.com/drive/folders/1d8CPCuX50D9CB7QFc2BelniUAbwfTWFR?usp=sharing

Steps:-

[For Hardware]

  1. Burn the iso to a pendrive to make it bootable using rufus(https://rufus.ie/en/) or the most smartest way of Ventoy(https://www.ventoy.net/en/download.html)

  2. Boot from the pendrive/iso (just google for your harware device about shortcut, F12,F9 etc, in Virtual machine F12 works).

  3. After booting you will see windows is starting and then rebooting again, sometimes says fail to reboot Don't panic just restart. You will observe something like this

    image

  4. Now when you are at login screen then click on ease of access button shown below and then on On screen keyboard. image image

  5. You will see that a command window opens, remember it is with highest privilege level(nt authority\SYSTEM) so you can do anything:).

  6. To see usernames type

    net user

    image

  7. To remove/set password type

    net user joker 123

    here "joker" is my targetted username and 123 is the password I am setting, press enter and then you see "Completed successfully" message in the command window, Now close the command window and login with password 123 in joker account

    OR

    net user joker *

    here "joker" is my username I am targeting and 123 is the password I am setting When you enter above command it will ask to enter password, don't write anything, press enter and then you see "Completed successfully" message in the command window,Now close the command window and click to login :)

    image

  8. After your job is done then either Microsoft windows will automatically remove the backdooring by deleting the registry key we modified or you can also do it by running the below command in cmd as an Admin. But before that make sure if registry already removed by microsoft, to do that type below in windows search box and open "On screen keyboard", see whether "On screen keyboard" opens or command window. If command window opens then it means Microsoft has not removed the registry on its own :).

    reg delete "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution options\osk.exe" /f > nul

[For Virtual machine, ex Vmware]

image

And then boot from iso and follow above process for [Hardware] from Step 2.

[Whole Science behind]

It's just a simple registry technique, which makes cmd.exe as a debugger to "on screen keyboard", since you are at login screen so presented with highest privilege command window

******Sharing is caring, as usual "Tinkering Bytes To Disintegrate Burdens

Thanks to below which excited me for Fun:-

https://pentestlab.blog/2020/01/13/persistence-image-file-execution-options-injection/

https://learn.microsoft.com/en-us/windows-hardware/manufacture/desktop/winpe-create-usb-bootable-drive?view=windows-11