@@SpaceCadet4Jesus It works sincee WIn 98/95.... since 98 (maybe 95 too) this can also be done with error message (dont send), couple of clicks here and there and a fatal error appears but you are INSIDE....
There is an even easier way in which you don't have to use the cmd to rename and copy cmd, that is opening notepad.exe from the cmd, navigating from the open file menu, and changing whatever you want. Windows is really easy to hack at these levels, all you need to do is a little research. As always, great content!
And it doesn't even have to be a windows installation media.Any Linux installation media will be enough too and if it has Live USB, you can enjoy the comfort of editing files from a GUI file manager. Unless that Linux doesn't come prepackaged with secure boot nonsense of course.
this has been known for years, around since Windows 7, and you made it potentially more complex than is needed - you can also hit the reset key twice while Windows is booting. In startup recovery, you sometimes don't even need a password to open the CMD and change things from there
@@munch255 That's totally boarded up. You have to trace down and decrypt the key-data that was generated when the password was set. Windows uses some random construct and doesn't store anything about it. For security, also the location on disk varies. But why would you if you can just boot another system from USB-stick and acces the NTFS partitions? It must be hackable, though. Maybe boot the physical disk inside an emulator, so you can scan the whole virtual system's RAM for changes at adress-level.
The main obstacle to this is just disk encryption with bitlocker, but the amount of people who don't have it on (esp because not everyone buys win 10 pro and signs in with a ms account) is large enough I think. But this is def an accurate representation of what someone could do if they stole your computer. In fact if your password is weak enough they could even bruteforce the hash with special software.
I mean, if someone steals you computer that is unencrypted they can just take the hd and connect it to another computer, or run a live linux usb and access the data. But yes! Encryption is the absolute best protection, until you loose that darn key... xD
This is basically the sticky keys (bug /hack) from Windows 7, you'd hit a key 5 times and Cmd window would popup rather than the sticky key message. Most companies already have the Usb and Bios disabled. So this is only useful if you forget your microsoft password.
@@Luftbubblan Effectively.. you can't. You're better off having remote management tools that can scan and remove unwanted software, unknown logins, etc. It's is affectively patched by using a Microsoft account
Excellent video my friend. I haven't logged into my laptop for 2 years and I forgot my password, I tried for 2 weeks different passwords but couldn't remember. This video saved me over $100 at the computer shop to get them to do it. I fixed it myself at home in front of the TV :)
Not the commands and actions I do during this exploit, but very informative nonetheless without teaching people how to do damage. There are additional steps to make it untraceable, especially on enterprise computers (which you would also have to unplug ethernet before boot). Nice choice with the Windows Install IMG over Linux (simpler to use, and allows you to just use the computer on your own OS), as it is digitally signed by MS and less likely to trigger the unsigned drive error (which would require a bios password [not hard to bypass]. However, this will not work on an encrypted drive, which i encourage all IT managers to undergo. Bitlocker takes 5 min to set up domain-wide. To prevent this attack on your machine, set a bios password, set another password for boot loader/menu, encrypt your drives, and disable automatic startup repair.
@@IndrajitPoirahInsomniac oh easy. Boot menu / window install disc / Repair your computer/ cmd . Then, you play around and do some things with root access such as, renaming utilman.exe to HypoteticallySpeaking.exe and copying cmd and renaming the copy the former. After a restart, you will find rather funny how the lockscreen accessibility option will now return a root cmd window where you can just type explorer.exe and watch the pc boot w/o a password
I love stuff like this. Once you see the trick, it’s so simple, but I would _never_ have thought of using this as a route into the command prompt screen.
There are multiple ways of making this secure. 1. for business and home make sure that your case has a lock on it so someone can't remove the cmos battery and reset the bios. 2. Make sure the PC always boots from the hard drive first 3. Most importantly make sure your bios has a password set 4. Disable boot select menu Also Microsoft can prevent this from having the main login UI check to see if any programs that it launches during the login screen has been tampared or can even block programs while on the logon screen.
@@TheFurrry no but resetting the bios makes it where it will clear the bios password at which point the user doesn't even need access to the windows or to bypass security
Step 2 could cause you a dilemma in the future if you run into any drive problems and need to boot from a USB. Step 3 and 4 should be enough, right lol? xD
@@Da_Cap_i_Tanif that's the case then it would be the admin/owner that would need to boot from the cd drive at which case should know the password anyways
In some cases you can't change the password (policies etc). You can create a new user (net user add etc) and put em to administrators group, login with this new account and you can see all local users and change their passwords. In some older versions you can also change domain users passwords - before login disable network so the domain controller will not be found by the os 😊
There is no need to do the download and USB set-up, etc. When starting your computer, if you shut the power a couple of times in a row, then the next time that you start the computer, you will be offered a menu to repair your computer. I do not recall the exact menu. But if you click around, you will find the option for running the command prompt. From there, you can follow our host's instructions. Also note that many computers will not allow you to boot from a USB drive, which will prevent you from doing what our host described. For those computers, you will have to go into the BIOS, and set a password. After that, you will be able to change a BIOS setting to enable booting from a USB drive. After that, you can remove your BIOS password.
This is a pretty neat trick when helping people get into their PCs when they’ve forgotten their passwords; however, I don’t believe this is a common technique for actual hackers. In order for this process to work, the attacker would need to have physical access to the PC to mount the bootable USB installation drive. I’m not saying there aren’t other, more advanced ways to bypass the windows login screen by using CMD, but unless someone with malicious intent has physical access to your machine, this shouldn’t be a concern. But anyways, thanks for the great video and well-explained tutorial!
This isn't limited to physical access by any stretch. This works for Windows Server as well as Windows 10. You could do this remotely with access to a virtual console (say through a breached azure, aws or other cloud provider account), an out of band system management tool like Dell iDrac, or HP iLo, and the media could be attached with a virtual disk mount, PXE network booted etc. The reality is though, if a hacker already has this level of access, they aren't going to waste their time attaching a Windows installation ISO. If you wanted to protect against this: -Enable Bitlocker on Windows -Enable SecureBoot in the BIOS -Password protect the BIOS.
THANK YOU!!! THANK YOU!!! Some POS hacked my computer, created a user file for himself as administrator and it was password protected. He also installed something that froze my screen within 12 seconds. He wanted $400 to "fix" my computer. I told him to stick it (I wasn't so polite). Your video allowed me to hack the hacker, put myself as administrator, removed him and all his programs, and eventually fixed everything. I had your video playing on one computer while I fixed the hacked computer and your instructions were perfect. THANK YOU!
I have a boot cd that can “read” the passwords for all accounts. No idea how it works, but handy when someone lost their password. Works like a charm 😊
Known about this trick for years. Used to use it all the time back at my old job in a small computer shop when someone would come in with an old laptop they don't know the password for anymore. Crazy it still hasn't been patched to this day.
Most computers, especially company computers won’t allow you to boot the usb without entering bios first and it’s generally locked by a password, there’s still ways to get around that but this method requires a few more steps to work on most computers
I work in a repair shop and at least 90% of the computers I get in will boot from USB without making any changes to the BIOS, and less than 1% have the BIOS password protected. The biggest and most common obstacle these days is the increasing number of drives that are encrypted with bitlocker.
i’m not sure, but if you take out the bios battery for a few secs, the bios resets itself and the password is gone. is that true? i’ve done that with a old laptop years ago, does it work nowadays?
@@vapefybeatz3322 Not necessarily. For one thing, Not all laptops have bios batteries anymore, and the bios password isn't always stored in the same place and can only be change or cleared by dumping, editing, and reflashing the bios with a chip programmer.
Boot USB is not required. Just hold down shift and restart . Release shift after restart screen appears. Then -> troubleshoot -> Advanced options -> Command Prompt
Could of used this some weeks ago when I was accidently logged out of my own PC, and I had to re-install Windows and lose all my data. Very nice video - I'm saving it!
You could have also created a Linux ISO and booted it up. It would run as a live disk, and then copied your data out to an external drive using the file manager.
One of the most amazing videos I have ever seen brother!!! Direct, simple, non classical Many thanks for sharing 👍 Looking for watching your next tutorials!!
I first saw someone (a CEH) do this about 6 months ago and I was shocked and intrigued to study CEH as well. The difference was at the CMD he created a local admin account on the machine and logged in with that
You can do same without a usb windows bootable drive, only physical access is required. To void this: use drives auto bitlocker enabled, which unlock automatically after your login and auto lock after reboot or poweroff. Whenever someone try same they will face bitlocker encryption. Good guide, keep it up 👍
you don't even need any bootable drive just to fire up that X: terminal... > forcibly stop win with the stop button, then again start. wait 2 sec, when it's booting stop it to stop again. > repeat this 4-6 times... now win will not boot normally, instead, (Because Win will detect unstable booting issues ) it will show you the screen will a lot of things to repair win like restart, reset, etc.. from there you will have an option for "Command tool" inside of the advanced option. Booyah!!!!
I actually taught this years ago when I was teaching computers at a grade school. I learned it from another tutorial. Like you I was amazed that it worked the first time I tried it.
i'm really surprised that they still haven't done anything about this. i would suggest a hash verification function of the called program before letting any of these buttons continue the call. should add very little time.
used to do this on my school computers. except it was windows 7 and all i had to do was shut it off on reboot 3 times and then it would launch startup troubleshooter which allows u to access notepad ;)
If the user account you are targetting is a Microsoft Account it could be that you can't change the password. In that case you could just create a new user with admin rights.
@@BlacKi-nd4uy it is copying the cmd.exe and renaming it utilman.exe in one process so you don't have to manually rename the cmd.exe after copying it into the folder and allowing you to use the cmd.exe from in windows boot
When you press the little button in the bottom-right it brings up utility management. So he is changing the name of utility management to utility management 2, and then renaming the command line to utility manager so when that button is pressed it brings up the command line instead of the utility manager.
Also acts as a "debug" feature which is really useful when you break windows (you have to use sticky keys tho) since usually you’re locked out from getting to a cmd or gaining control, but with this...
you can also do this by booting into "repair" mode. I've accomplished this by power cycling the system several times, and then using the command screen to do basically the same thing. I've also used the hirens boot cd to reset the administrator account password (client as well as server). will need to try this method again someday on a winders 11 system. as always Loi, Gr8 tutorial.......
no, you can't in order to use recovery mode, you have to input user password and by the way, you don't really need to power cycling the system, just get in to windows user login, click the power button, hold shift button while clicking restart button it's easier and reduce the possibility of breaking your system or better yet, just use some kind of hiren boot / mini windows
a bit of research: this technique only ever worked with local windows accounts, not with microsoft accounts. Also it doesn't work anymore since "Windows 10 1809"
You can create a new admin account, go to explorer, navigate to the users folder, click on the user with the microsoft account and you can still see all the files of that user, edit them, copy them over, delete them, ...
I think it's funny how arm chair hacks reply with disgust, remembering some hack a computer guy or Google gave them - you bring a fresh breath to the younger crowd to get them involved. Props bro from an old hack 😂
This is one method but I just prefer a bootable USB and running tools such as hiren(there are many many, many others). Much easier. However and I must warn those tools are ONLY meant for technicians to tshoot a owner's machine or help an owner at retrieving old files they may need.
I already heard of it years ago, but thought to have read they fixed it at some time. With your upload being just 3 weeks ago, I would say it still works.
Also if this hack needs to be performed in a big organization then it'd better to have the network cable disconnected and Cary out the operation other wise CrowdStrike detects this one.( anyways when it's back online will will detect) 🙁
@@AK_Studioz here's one, a relative found lost laptop from many years ago, doesn't know the login, brings it to me because I'm known to be into cybersec, I can quickly fix it for them. Another more nefarious use, bypassing restrictions on domain computers
@@geroffmilan3328 the stars align? More like flipping a coin, many pcs just don't use bitlocker However yes, if bitlocker is set up, you're outta luck with that method
So this is why in my previous school we had to agree to not use usb's on the computers without permission. Also i hacked my self cuz i did a typo when changing password. So thanks for the very simple and useful tutorial 👍 now i have to finish organizing my files
FYI: This works on every single version of windows since XP (including windows 11). Microsoft knows about this backdoor and are intentionally keeping it available. I've tested this myself. It only works on nondomain PC's tho. But once you're in, you could simply copy the appdata from Chrome or other browsers. Just copy it to the USB. These files contain every password saved in that browser, and you can easily get to it by replacing the appdata folder on another computer. I hacked my own passwords in 7 minutes. Scary stuff. Also: Don't forget to erase your tracks in the event viewer.
I wanted to tell you a huge thank you for all your incredible showcases & work! You inspired me to get into all this cuber security stuff! You are amazing, Mr Loi!
@@TheMessanger close? AD is Active Directory lol you need another acronym if you're talking about something else, or just say the name of it, the youtube police aren't coming to get you ya know, no need for encryption on a UA-cam comment 😅
While this did exist since the days of Windows 7, a lot of you are forgetting one thing. the ability to access your main drive from the built-in recovery mode has been revoked in Windows 10. Its true that you can access your main drive using some recovery mode loophole in windows 7, but in Windows 10 you would in fact need a installation drive so that you'd be able to access it. Spoken as a true IT guy who unfortunately had to deal with a lot of dumb people in the workplace who managed to forget their password to local accounts :D
It's always felt like a security risk to me to allow anything to be done without logging in. Turns out I was right. Seems to me that, especially after all these years, MS are completely negligent for not fixing this.
@@thesoulsender how does encryption prevent this exploit? I thought that once you're at login screen the encryption is already bypassed on a hardware level. I changed a motherboard recently and I couldn't boot until I dug out my Bitlocker key, but past that, harddrive is accessible with installation media. I even was able to use registry to enable a local offline login with a password because the network driver wasn't working so I couldn't log in with the PIN and it wanted to authenticate online only which obviously wasn't working without the network driver.
@@vedranb87 when you boot into a live environment like the installer, the drive the actual system is on isn’t mounted and decrypted yet, so you can’t access anything on it. If you don’t believe me, try it yourself with bitlocker on and a windows or even a linux live environment
@@vedranb87 a bit late, but un encrypted drive is essentially usable by other devices, try plugging ur boot drive to another machine as a non boot drive and the data will be read and writable.
Not sure that's accurate. MS utilizes UEFI and Bitlocker encryption. Technically if you have access to an unencrypted disk you could do anything and that's on whomever installed your OS without Bitlocker.
I actually learned this on my own when playing around trying to download games on our school computers. Eventually was able to play CSGO and some other stuff lol. Good times!
I will have to remember this the next time I accidentally lock myself out of my own box. For me, it's better to leave no trace... this will definitely alert the user they have been pwned. Super useful, though!
To stop this kind of attack in the first place, you can setup a bios password. Just make sure you can not boot from a other drive / usb stick, without typing the bios password before.
Sometimes people leave out the bootmenu/accedentally leave the cd, floppy disk or other as the priority and so you can boot from it. If all that doesnt work, you can only reset the bios or take out the hard drive so it boots from usb then reconnect the hard drive (if it even gets recognized)
It also works on windows 11 but if you take a little too long the system will realize what you’re trying to do and lock the computer again and when you click the link the original utilman will show up instead of the modified file
You did everything right although even a beginner's hacker would not do that. Everything you explained is a nice way for the users to get back to their system and its has nothing to do with hacking.
Ohhhh, 7 DAYS ago!! Wow! I thought it said 7 YEARS ago when this video was uploaded. Given the content, that made sense, because this hack is as old as Windows 7! :D 8/10 for production value though ;)
I believe you could have changed the password from the CMD prompt while you were booted on the usb key. So this way the Windows exe file stays unmodified... No?
These hijacks will be detected as Win32/AccessibilityEscalation and will cause Windows Defender to automatically remove the offending debugger from the Registry key.
Lol... This is NOT hacking... Its just using a feature. Using it often when a client forgets his password. This is also a reason why you encrypt your SSD/HDD... It will not work :)
Back in the day, probably early Windows XP, bypassing the windows login was super easy. I would press F8 into safe mode. Then from safe mode you could remove the password from all users. Then reboot. No no more password.
Many think this is a bug or security vulnerability but I don't think so, I think this is just a backdoor to help users reset their own passwords. Kali linux also has a similar backdoor like this, with that, you don't even need a usb. The only time this becomes a vulnerability is when you have important documents on your PC and someone needs those documents and steals the PC. Even these days ppl normally save their documents in the cloud
That is far more steps than necessary. Lol Personally, I would just boot in safe mode cmd prompt w/ networking. From there, use the netuser command and simply change the psw via dos commands
should work on machines with Bitlocker OFF.. and sadly most recent laptops have them enabled by default and users are encouraged to do so if not yet done.
I dont know what I would have done without almods geniues help in my divorce case. Your dedication, enthusiasm, and expertise were like a lifesaver. youre my hero!
Hiren's Boot CD is free software that has a utility to reset Windows 10 passwords. You just boot from CD / USB which uses a slimmed down version of Linux since Linux does not respect Microsoft file permissions it can access Windows user account files. Then run the password utility, choose the user account and change password. It seems simpler than the method in this video.
You told us the trick....but you should also tell how to prevent this. A. Bitlocker only available on windows pro (so the drive cannot be removed and read in another computer) B. A Bios password that prevents anyone from even getting into the windows login screen in the first place. Please upvote soo everyone knows how to defend against this. =D
I'm not familiar with bit-locker; I'd have to look that up. I don't use any kind of Windoze (currently all my computers are running Manjaro Plasma instead). But I wonder if a Linux-compatible technology exists to prevent drive transplant from working? (LUKS is nice, but only works on data drives and only works if you install it when formatting the drive before writing data.) BIOS passwords on most computers can be reset in 30 seconds by popping-off left-side cover, moving "clear CMOS" jumper to "clear" then back to "run", the putting left-side cover back on; voila, no more BIOS password. Windows passwords are a joke if an attacker is able to get their hands physically on your computer. They can just boot from a Nordahl USB, set all the passwords to empty, remove USB stick, press reset, and voila, all Windows passwords are blank.
FYI, BitLocker (or any) encryption with secure boot (secure boot optional) makes this hack entirely obsolete. Even if you only use the rather insecure TPM you'll need the full recovery key to access the files from the USB or any OS that is not the installed Windows OS itself (unless you have admin access before restarting, which means you can pause encryption, but at that point why go thru all these steps to log in again?). It could be possible with only the TPM to inject some code into the Windows boot process from a USB device which would override utilman, so I recommend also setting a Bitlocker PIN/password (also VeraCrypt support TPM+password please, TPM isn't always "redundant"). And make sure to have an admin password set in the bios to make sure the boot order can't be reordered (though the bios can sometimes be easily reset without the password, but then this would trigger secure boot failing, forcing a bitlocker recovery code)
I don't think boot USB is needed. Just hold down shift and restart . Release shift after restart screen appears. Then -> troubleshoot -> Advanced options -> Command Prompt -> net user
I've used UA-cam to bypass every Windows security screen since 2012. Back when I was younger I had all the OEM hotkeys and a plethora of software. Never needed any software to bypass the Windows screen except for maybe a recovery disk. I made this comment before I even watched your video but it's to highlight that yes it's always been very easy to get around if you are smart enough to find the research but I've never been that guy to figure it out myself😅
Won't work on a properly secured system with storage encryption like bitlocker. Also when rebooting there is no guarantee the bios is set to boot from removable media. However you can try to hold shift when clicking restart, modern windows systems will show a dialogue that could allow you to boot from removable media on next boot(but again, if properly secured by gpo's that should not be allowed). By the way hacking the local sam db is as old as windows xp, so instead of messing up your windows installation you could just take that time to create an ntpassword reset usb stick, still the same caveats apply. This isnt as exciting and revolutionary as you portray it to be imho.
I had my own way of doing this with windows 10 and 7, but I just would had tripped windows diagnostic tools and get access to the cmd and replace the toolbox with windows with the Account manager. That was just my way of doing it.
Similar approaches exist for Linux (pick your flavor), OSX, CAN-BUS, etc. If you want to make it hard, encrypt your volumes...the reason for the big TPM push. But if I have physical access to the device, that is already half the battle.
Canbus, osx don't belong in the same sentence lol. It's like comparing USB and ChromeOS... They don't use canbus on personal computers. But you can use a Bluetooth elm327 chip to interface over serial bus with your obd2 logger if it's the rightbkind
You just need to interrupt the boot process by powering down during boot a couple times. That will start automatic repair which gets you to the command prompt. I knew exactly what the process was going to be before the video started and was surprised Loi Liang Yang went with the USB boot drive. You literally need nothing but physical access to accomplish this. No flash drive, just time and access.
Thank you for providing this guideline. It worked. But there is one problem I am facing. After changing the Windows login password, auto fill option in Google Chrome is not working.
7:00 Brings a whole new meaning to the tooltip "Ease of Access"
@Third-Party Apple Support do you go around assisting people with apple products?
@@PartiallyCooked Why would he? When iCloud Photos scans images to find CSAM, and reports it to Apple directly. They've streamlined the whole process.
This is an old old tip. Been working since at least Windows 7. Unsure if it still works in Windows 11. I'll try it if I get around to it.
@@SpaceCadet4Jesus It works sincee WIn 98/95.... since 98 (maybe 95 too) this can also be done with error message (dont send), couple of clicks here and there and a fatal error appears but you are INSIDE....
@Third-Party Apple Support third party apple product 💀
Been a SE since Windows NT and I'm left baffled lol. THIS is what I LOVE about I.T. You never stop learning. Well done.
There is an even easier way in which you don't have to use the cmd to rename and copy cmd, that is opening notepad.exe from the cmd, navigating from the open file menu, and changing whatever you want. Windows is really easy to hack at these levels, all you need to do is a little research.
As always, great content!
Yeah, wasn't it like CTRL+ALT+DEL and run the cmd task?
I try to follow you but you dont have content
And it doesn't even have to be a windows installation media.Any Linux installation media will be enough too and if it has Live USB, you can enjoy the comfort of editing files from a GUI file manager. Unless that Linux doesn't come prepackaged with secure boot nonsense of course.
@@miguelquintana7084 For what?
And how, pray tell, do you gain access to the computer to even open notepad in the first place?
I fondly remember doing this exercise during a pc repair class I attended, pretty useful for clients that are "forgetful".
Same
I wish I could send my pc to you I don’t know how to do any of this😭
@@T0psyDurpy i can just look at a video one time and do it lol
this has been known for years, around since Windows 7, and you made it potentially more complex than is needed - you can also hit the reset key twice while Windows is booting. In startup recovery, you sometimes don't even need a password to open the CMD and change things from there
Fr, I honestly hate “hacker” content like this shit, it’s just cringy and kinda obvious
@@manuell3505 is there any way to see the password without changing it?
This is the only working method now, you will need a password @startup recovery when opening CMD (windows 10)
@@munch255 no password is hashed even if you see it
@@munch255 That's totally boarded up. You have to trace down and decrypt the key-data that was generated when the password was set. Windows uses some random construct and doesn't store anything about it. For security, also the location on disk varies.
But why would you if you can just boot another system from USB-stick and acces the NTFS partitions?
It must be hackable, though. Maybe boot the physical disk inside an emulator, so you can scan the whole virtual system's RAM for changes at adress-level.
The main obstacle to this is just disk encryption with bitlocker, but the amount of people who don't have it on (esp because not everyone buys win 10 pro and signs in with a ms account) is large enough I think. But this is def an accurate representation of what someone could do if they stole your computer.
In fact if your password is weak enough they could even bruteforce the hash with special software.
I mean, if someone steals you computer that is unencrypted they can just take the hd and connect it to another computer, or run a live linux usb and access the data.
But yes! Encryption is the absolute best protection, until you loose that darn key... xD
you can decrypt a bitlocker file from cmd so yeah gl with that
Encryption is the best way to lose everything on your hard drive.
not if you have more than 2 braincells to save the recovery key(s)@@MAGAMAN
@@MAGAMANWell, for people with this opinion you Just have to Strike 'Enter' at the Password prompt and you are in without any File renaming.
This is basically the sticky keys (bug /hack) from Windows 7, you'd hit a key 5 times and Cmd window would popup rather than the sticky key message. Most companies already have the Usb and Bios disabled. So this is only useful if you forget your microsoft password.
With BYOD it is a lot harder for IT teams to lock down on everyone having a locked bios with boot to usb disabled.
Ye, been around for ages. Interesting that they never seem to shut it down.
@@Luftbubblan Effectively.. you can't. You're better off having remote management tools that can scan and remove unwanted software, unknown logins, etc.
It's is affectively patched by using a Microsoft account
BIOS locking is not enough. They shoud use disk encryption, and better thin clients with centralized server farm.
@@PanoptesDreams very old trick. This was done with windows 7
Excellent video my friend. I haven't logged into my laptop for 2 years and I forgot my password, I tried for 2 weeks different passwords but couldn't remember. This video saved me over $100 at the computer shop to get them to do it. I fixed it myself at home in front of the TV :)
This was actually really simple :p no clickbait. Appreciate it.
bros no clickbait.
@@rahuldev2205 a rare trait in this climate nowadays. Because of that I'm now subbed since and watched a ton more vids of his.
Not the commands and actions I do during this exploit, but very informative nonetheless without teaching people how to do damage. There are additional steps to make it untraceable, especially on enterprise computers (which you would also have to unplug ethernet before boot). Nice choice with the Windows Install IMG over Linux (simpler to use, and allows you to just use the computer on your own OS), as it is digitally signed by MS and less likely to trigger the unsigned drive error (which would require a bios password [not hard to bypass]. However, this will not work on an encrypted drive, which i encourage all IT managers to undergo. Bitlocker takes 5 min to set up domain-wide. To prevent this attack on your machine, set a bios password, set another password for boot loader/menu, encrypt your drives, and disable automatic startup repair.
Definitely Blocker and disable boot from USB.
how is it possible to open the computer without the user knowing? i.e. password cant be changed, or can the password be seen?
@@IndrajitPoirahInsomniac specify your question. I don't understand what you mean by user knowing?
@@boardingurban I mean how to know the password of windows without changing or disabling it
@@IndrajitPoirahInsomniac oh easy. Boot menu / window install disc / Repair your computer/ cmd . Then, you play around and do some things with root access such as, renaming utilman.exe to HypoteticallySpeaking.exe and copying cmd and renaming the copy the former. After a restart, you will find rather funny how the lockscreen accessibility option will now return a root cmd window where you can just type explorer.exe and watch the pc boot w/o a password
I love stuff like this. Once you see the trick, it’s so simple, but I would _never_ have thought of using this as a route into the command prompt screen.
There are multiple ways of making this secure.
1.
for business and home make sure that your case has a lock on it so someone can't remove the cmos battery and reset the bios.
2. Make sure the PC always boots from the hard drive first
3. Most importantly make sure your bios has a password set
4. Disable boot select menu
Also Microsoft can prevent this from having the main login UI check to see if any programs that it launches during the login screen has been tampared or can even block programs while on the logon screen.
Bitlocker also works
resetting the bios will not reset the windows log in password.
@@TheFurrry no but resetting the bios makes it where it will clear the bios password at which point the user doesn't even need access to the windows or to bypass security
Step 2 could cause you a dilemma in the future if you run into any drive problems and need to boot from a USB. Step 3 and 4 should be enough, right lol? xD
@@Da_Cap_i_Tanif that's the case then it would be the admin/owner that would need to boot from the cd drive at which case should know the password anyways
In some cases you can't change the password (policies etc). You can create a new user (net user add etc) and put em to administrators group, login with this new account and you can see all local users and change their passwords. In some older versions you can also change domain users passwords - before login disable network so the domain controller will not be found by the os 😊
I used this first one on my dads old laptop when he forgot the password. It actually startled me how easy it was!
There is no need to do the download and USB set-up, etc.
When starting your computer, if you shut the power a couple of times in a row, then the next time that you start the computer, you will be offered a menu to repair your computer.
I do not recall the exact menu. But if you click around, you will find the option for running the command prompt. From there, you can follow our host's instructions.
Also note that many computers will not allow you to boot from a USB drive, which will prevent you from doing what our host described.
For those computers, you will have to go into the BIOS, and set a password. After that, you will be able to change a BIOS setting to enable booting from a USB drive. After that, you can remove your BIOS password.
On win 10 (at least mine) you need the password to do anything in recovery. Sometimes you have to enter bios to add a boot option to use the usb. :)
This is a pretty neat trick when helping people get into their PCs when they’ve forgotten their passwords; however, I don’t believe this is a common technique for actual hackers. In order for this process to work, the attacker would need to have physical access to the PC to mount the bootable USB installation drive. I’m not saying there aren’t other, more advanced ways to bypass the windows login screen by using CMD, but unless someone with malicious intent has physical access to your machine, this shouldn’t be a concern. But anyways, thanks for the great video and well-explained tutorial!
This could work well for penetration testers
This isn't limited to physical access by any stretch.
This works for Windows Server as well as Windows 10. You could do this remotely with access to a virtual console (say through a breached azure, aws or other cloud provider account), an out of band system management tool like Dell iDrac, or HP iLo, and the media could be attached with a virtual disk mount, PXE network booted etc.
The reality is though, if a hacker already has this level of access, they aren't going to waste their time attaching a Windows installation ISO.
If you wanted to protect against this:
-Enable Bitlocker on Windows
-Enable SecureBoot in the BIOS
-Password protect the BIOS.
@@Emmanuel-is7gm i like to do penetration testing
@@Emmanuel-is7gm Exactly
You’re right. I’m pretty sure this is the first thing he pointed out as step one.
THANK YOU!!! THANK YOU!!! Some POS hacked my computer, created a user file for himself as administrator and it was password protected. He also installed something that froze my screen within 12 seconds. He wanted $400 to "fix" my computer. I told him to stick it (I wasn't so polite). Your video allowed me to hack the hacker, put myself as administrator, removed him and all his programs, and eventually fixed everything. I had your video playing on one computer while I fixed the hacked computer and your instructions were perfect. THANK YOU!
Doesn’t work if you have bios password or bitlocker enabled.
Easier to boot from any remote disk and replace admin password.
@@Boygadget what about bitlocker?
@@Boygadget nope... your password is not in your cmos
@@gtarules1 this is only for the bios password. it wont work for bitlocker
Again though, you need bitlocker pw
@@Boygadget lame, this method is not working for a long time ago
I have a boot cd that can “read” the passwords for all accounts.
No idea how it works, but handy when someone lost their password.
Works like a charm 😊
This vid is really helpful for tech support. So many occasions that we really need this. 😅
Known about this trick for years. Used to use it all the time back at my old job in a small computer shop when someone would come in with an old laptop they don't know the password for anymore. Crazy it still hasn't been patched to this day.
Most computers, especially company computers won’t allow you to boot the usb without entering bios first and it’s generally locked by a password, there’s still ways to get around that but this method requires a few more steps to work on most computers
I work in a repair shop and at least 90% of the computers I get in will boot from USB without making any changes to the BIOS, and less than 1% have the BIOS password protected. The biggest and most common obstacle these days is the increasing number of drives that are encrypted with bitlocker.
i’m not sure, but if you take out the bios battery for a few secs, the bios resets itself and the password is gone. is that true?
i’ve done that with a old laptop years ago, does it work nowadays?
@@vapefybeatz3322 Not necessarily. For one thing, Not all laptops have bios batteries anymore, and the bios password isn't always stored in the same place and can only be change or cleared by dumping, editing, and reflashing the bios with a chip programmer.
@@mrkmpn how do you do that 1% problems?
Boot USB is not required. Just hold down shift and restart . Release shift after restart screen appears. Then -> troubleshoot -> Advanced options -> Command Prompt
Could of used this some weeks ago when I was accidently logged out of my own PC, and I had to re-install Windows and lose all my data.
Very nice video - I'm saving it!
You could have also created a Linux ISO and booted it up. It would run as a live disk, and then copied your data out to an external drive using the file manager.
One of the most amazing videos I have ever seen brother!!!
Direct, simple, non classical
Many thanks for sharing 👍
Looking for watching your next tutorials!!
if bios is locked and usb boot is disabled this cant be possible!
@@UltraLimeLife420 It is still possible unless the hard disk is encrypted. You can trigger a troubleshooter and get access to the filesystem that way.
@@trondremix
so you're saying that i can bypass bios password?
can you clarify
I first saw someone (a CEH) do this about 6 months ago and I was shocked and intrigued to study CEH as well. The difference was at the CMD he created a local admin account on the machine and logged in with that
You can do same without a usb windows bootable drive, only physical access is required.
To void this: use drives auto bitlocker enabled, which unlock automatically after your login and auto lock after reboot or poweroff.
Whenever someone try same they will face bitlocker encryption.
Good guide, keep it up 👍
"You can do same without a usb windows bootable drive, only physical access is required " => Do you mean , force turn off the computer 3-4 times ?
well to open the CMD you'll still need a password on recovery mode I've just tried it, unless you are talking about another method.
In windows home edition bitlocker encryption is not available. Do you know any other way to avoid this?
you don't even need any bootable drive just to fire up that X: terminal...
> forcibly stop win with the stop button, then again start. wait 2 sec, when it's booting stop it to stop again.
> repeat this 4-6 times... now win will not boot normally, instead, (Because Win will detect unstable booting issues ) it will show you the screen will a lot of things to repair win like restart, reset, etc.. from there you will have an option for "Command tool" inside of the advanced option.
Booyah!!!!
I knew about this over a decade ago. But thanks for sharing it anyway.
Funny no one has seen your video about it.
@@john_doe1st I've seen it, at least a decade ago
@@john_doe1st It sure is an old thing, almost to the point it should be common knowledge! stickey keys :D
@@hk0444 This channel doesn't have any content
yup, I used that many years ago.
I actually taught this years ago when I was teaching computers at a grade school. I learned it from another tutorial. Like you I was amazed that it worked the first time I tried it.
7:03 That laugh was pure evil. Better like this video for not being hacked.
i use BlackArch-Linux btw
That was done with ease of access on Win7 years ago. A little different but same concept
i'm really surprised that they still haven't done anything about this. i would suggest a hash verification function of the called program before letting any of these buttons continue the call. should add very little time.
@@dillonbabb7156 that would mean microsoft would never be able to reliably patch utilman.exe in case there's any vulnerability.
Can I ask one question?
What if we directly write the password changing command on cmd on that reboot step only??
Its exactly the same...... sama as in this video or another method with: "startup repair"..... and its working since win 95/98.
used to do this on my school computers. except it was windows 7 and all i had to do was shut it off on reboot 3 times and then it would launch startup troubleshooter which allows u to access notepad ;)
If the user account you are targetting is a Microsoft Account it could be that you can't change the password. In that case you could just create a new user with admin rights.
This seems so much easier/more simple than using a Linux ISO boot to redo account passwords. Thanks for the info!
Fantastic tutorial Loi! Fairly straight-forward too!
what is "copy cmd.exe utilman.exe" doing?
@@BlacKi-nd4uy it is copying the cmd.exe and renaming it utilman.exe in one process so you don't have to manually rename the cmd.exe after copying it into the folder and allowing you to use the cmd.exe from in windows boot
@@BlacKi-nd4uy copying the content pf cmd.
exe and save it as untilman.exe
When you press the little button in the bottom-right it brings up utility management. So he is changing the name of utility management to utility management 2, and then renaming the command line to utility manager so when that button is pressed it brings up the command line instead of the utility manager.
This is how you hack into your boss's computer, how you get back at a bad boss.
Thanks.. this is helpful in case we forget password of a local account.. simple and straight to the point!
Also acts as a "debug" feature which is really useful when you break windows (you have to use sticky keys tho) since usually you’re locked out from getting to a cmd or gaining control, but with this...
you can also do this by booting into "repair" mode. I've accomplished this by power cycling the system several times, and then using the command screen to do basically the same thing. I've also used the hirens boot cd to reset the administrator account password (client as well as server). will need to try this method again someday on a winders 11 system. as always Loi, Gr8 tutorial.......
Same here, no USB needed. Hold shift and click on reboot.
@@ShinyTechThings just about to say this. Had to the other day and wasn't aware safe mode boot process had changed
To get to Command Screen in recovery mode, you also need the profile password.
no, you can't
in order to use recovery mode, you have to input user password
and by the way, you don't really need to power cycling the system, just get in to windows user login, click the power button, hold shift button while clicking restart button
it's easier and reduce the possibility of breaking your system
or better yet, just use some kind of hiren boot / mini windows
I don't think this would work on a BL machine or woe that has an admin password for BIOS.
Thank you my Father in Law passed away and my Mother In Law needed access to his PC.
a bit of research: this technique only ever worked with local windows accounts, not with microsoft accounts. Also it doesn't work anymore since "Windows 10 1809"
It works on the latest Windows 11. I use it as a backup, it is useful to have CMD with SYSTEM rights before logon.
@@tairikuokami dear, u did try the pin+tpm(ofcause in win11)+bitlocker ? / or u just tried the winAccPW+tpm(ofcause in win11)+bitlocker
You can create a new admin account, go to explorer, navigate to the users folder, click on the user with the microsoft account and you can still see all the files of that user, edit them, copy them over, delete them, ...
I think it's funny how arm chair hacks reply with disgust, remembering some hack a computer guy or Google gave them - you bring a fresh breath to the younger crowd to get them involved. Props bro from an old hack 😂
This is one method but I just prefer a bootable USB and running tools such as hiren(there are many many, many others). Much easier. However and I must warn those tools are ONLY meant for technicians to tshoot a owner's machine or help an owner at retrieving old files they may need.
okay
I already heard of it years ago, but thought to have read they fixed it at some time. With your upload being just 3 weeks ago, I would say it still works.
6:48 BTW you can do all these stuff with the smallest Linux Distros, even you can get utilities to change password and modify Windows registry
I thought this was going to be how to get past it while the user is logged in / without having to reboot. :(
This password reset trick is oooooooold
Also if this hack needs to be performed in a big organization then it'd better to have the network cable disconnected and Cary out the operation other wise CrowdStrike detects this one.( anyways when it's back online will will detect) 🙁
I wrote the instructions down on a paper and memorised them after many tries. Thanks a lot for this video!
Known this for a very long time, quite useful sometimes!
im sure is still works as well in windows 11
which times😂?
@@AK_Studioz here's one, a relative found lost laptop from many years ago, doesn't know the login, brings it to me because I'm known to be into cybersec, I can quickly fix it for them.
Another more nefarious use, bypassing restrictions on domain computers
If the stars align, yeah it's useful.
But if Bitlocker is implemented properly, no dice - choose another vector.
@@geroffmilan3328 the stars align? More like flipping a coin, many pcs just don't use bitlocker
However yes, if bitlocker is set up, you're outta luck with that method
So this is why in my previous school we had to agree to not use usb's on the computers without permission. Also i hacked my self cuz i did a typo when changing password. So thanks for the very simple and useful tutorial 👍 now i have to finish organizing my files
If only I knew this 3 months ago when drunk me changed the password then forgot it next morning.
FYI: This works on every single version of windows since XP (including windows 11). Microsoft knows about this backdoor and are intentionally keeping it available. I've tested this myself. It only works on nondomain PC's tho. But once you're in, you could simply copy the appdata from Chrome or other browsers. Just copy it to the USB. These files contain every password saved in that browser, and you can easily get to it by replacing the appdata folder on another computer. I hacked my own passwords in 7 minutes. Scary stuff.
Also: Don't forget to erase your tracks in the event viewer.
I wanted to tell you a huge thank you for all your incredible showcases & work! You inspired me to get into all this cuber security stuff! You are amazing, Mr Loi!
just use AD and your in
@@TheMessanger AD?
@@TheMessanger Active Directory? 🤣
@Jamie Clarke close but not what would u use
@@TheMessanger close? AD is Active Directory lol you need another acronym if you're talking about something else, or just say the name of it, the youtube police aren't coming to get you ya know, no need for encryption on a UA-cam comment 😅
While this did exist since the days of Windows 7, a lot of you are forgetting one thing.
the ability to access your main drive from the built-in recovery mode has been revoked in Windows 10. Its true that you can access your main drive using some recovery mode loophole in windows 7, but in Windows 10 you would in fact need a installation drive so that you'd be able to access it.
Spoken as a true IT guy who unfortunately had to deal with a lot of dumb people in the workplace who managed to forget their password to local accounts :D
It's always felt like a security risk to me to allow anything to be done without logging in. Turns out I was right. Seems to me that, especially after all these years, MS are completely negligent for not fixing this.
definitely a reason to encrypt your drive
@@thesoulsender how does encryption prevent this exploit? I thought that once you're at login screen the encryption is already bypassed on a hardware level. I changed a motherboard recently and I couldn't boot until I dug out my Bitlocker key, but past that, harddrive is accessible with installation media.
I even was able to use registry to enable a local offline login with a password because the network driver wasn't working so I couldn't log in with the PIN and it wanted to authenticate online only which obviously wasn't working without the network driver.
@@vedranb87 when you boot into a live environment like the installer, the drive the actual system is on isn’t mounted and decrypted yet, so you can’t access anything on it. If you don’t believe me, try it yourself with bitlocker on and a windows or even a linux live environment
@@vedranb87 a bit late, but un encrypted drive is essentially usable by other devices, try plugging ur boot drive to another machine as a non boot drive and the data will be read and writable.
Not sure that's accurate. MS utilizes UEFI and Bitlocker encryption. Technically if you have access to an unencrypted disk you could do anything and that's on whomever installed your OS without Bitlocker.
I actually learned this on my own when playing around trying to download games on our school computers. Eventually was able to play CSGO and some other stuff lol.
Good times!
You are awesome 🤠. Sir make video on Android termux.
I will have to remember this the next time I accidentally lock myself out of my own box. For me, it's better to leave no trace... this will definitely alert the user they have been pwned. Super useful, though!
To stop this kind of attack in the first place, you can setup a bios password. Just make sure you can not boot from a other drive / usb stick, without typing the bios password before.
U should bypass even that by resetting youf bios on hardware lvl
Sometimes people leave out the bootmenu/accedentally leave the cd, floppy disk or other as the priority and so you can boot from it. If all that doesnt work, you can only reset the bios or take out the hard drive so it boots from usb then reconnect the hard drive (if it even gets recognized)
Did this today on new install with all updates on win 10. Worked perfectly
This is a very old/basic method of bypassing the login screen. Most admins will disable the ease of access option from the beginning.
Lol
Then can we program it on any other option?
@@Jee2024IIT yes, even the login screen itself which of course wont be disabled (else it bricks the system)
I actually never saw anyone disable it. Even if they do, theres tons of programs you can use to do the same.
Known this for many years. Nice to know I knew something the great hacker Loi didnt!
Are you doing the same on windows 11?. With all the latest updates + defender?
I doubt it, I dont think this works anymore
@@MacGuffin1 nah it doesnt see c: anymore only the ISO
It also works on windows 11 but if you take a little too long the system will realize what you’re trying to do and lock the computer again and when you click the link the original utilman will show up instead of the modified file
You did everything right although even a beginner's hacker would not do that. Everything you explained is a nice way for the users to get back to their system and its has nothing to do with hacking.
Oh yeah, real easy. I just went to get a coffee and I almost fell over from dizziness and mental confusion. I DID NOT understand a word you said.
Only works on local accounts not on connected microsoft accounts sadly
Yeah, then you can use the local admin to change permissions of other user folders.
@@RassieKariuki IF there is any local account. When you connect to ms account, isn't local account are removed or deleted?
@@rebel__rana correct.
And by default in Win10 onwards the process defaults to asking you for a Microsoft/AzureAD account.
For some reasons I am happy that I have Linux at home and Windows in office :D. Of course not all is safer in Linux but quite a few things really are.
This is like 20 years old. But you don't need any Windows installation as long as you can access the NTFS filesystem.
Thanks for that, I'll switch to FAT32 right away
@@HyperVectra Fine, *any* unencrypted filesystem. Does Win10/11 even work with FAT32?
Ohhhh, 7 DAYS ago!! Wow! I thought it said 7 YEARS ago when this video was uploaded. Given the content, that made sense, because this hack is as old as Windows 7! :D 8/10 for production value though ;)
I believe you could have changed the password from the CMD prompt while you were booted on the usb key. So this way the Windows exe file stays unmodified... No?
No then it would have changed on the windows installation media not the actual OS
No. Fail bro fail
“V” for Vendetta is one of my favorite movies. Thanks
These hijacks will be detected as Win32/AccessibilityEscalation and will cause Windows Defender to automatically remove the offending debugger from the Registry key.
Is there a way to make this not happen?
@@Exprotionen yea i would think you could disable windows defender
@@Exprotionen yes, change the security on the file to block everyone, including System and TrustedInstaller.
In.cmd is it possible?
@@Compute_and_Hack nope windows defender will detect the Blackfoot in your regestry
I've done this once when I accidentally locked my father's laptop. I was so thrilled when it worked and it saved my life as well😅.
Lol... This is NOT hacking... Its just using a feature. Using it often when a client forgets his password. This is also a reason why you encrypt your SSD/HDD... It will not work :)
This is the first video I've seen and it got me subscribed.
That's What We Need
Back in the day, probably early Windows XP, bypassing the windows login was super easy. I would press F8 into safe mode. Then from safe mode you could remove the password from all users. Then reboot. No no more password.
Just boot from a Ubuntu live on a thumb drive and clear the password.
How... I have Kali live.
. how would y clear the passwd🙍
@@Compute_and_Hack I had to walk though a tutorial every time I've done it.
Did it last time about a year ago still worked fine with Windows 10 64bit.
Many think this is a bug or security vulnerability but I don't think so, I think this is just a backdoor to help users reset their own passwords. Kali linux also has a similar backdoor like this, with that, you don't even need a usb.
The only time this becomes a vulnerability is when you have important documents on your PC and someone needs those documents and steals the PC. Even these days ppl normally save their documents in the cloud
That is far more steps than necessary. Lol Personally, I would just boot in safe mode cmd prompt w/ networking. From there, use the netuser command and simply change the psw via dos commands
should work on machines with Bitlocker OFF.. and sadly most recent laptops have them enabled by default and users are encouraged to do so if not yet done.
that doesnt allow u to acces admin account...
I did this on a Windows Server 2012 Enterprise back the day also to know that anybody with low-level access to help me file helps you find a lot
Excellent😍
for a moment i thought this was to give you the actual password, not change it, there are tons of tools for that for the SAM file. Still nice find
I dont know what I would have done without almods geniues help in my divorce case. Your dedication, enthusiasm, and expertise were like a lifesaver. youre my hero!
how did they do it, did you see live locations too
yes they gave me full phone datas
can i see the harka emall pls, i'll like to see my partner phones aswell
all genues
@ G m a l l.
Hiren's Boot CD is free software that has a utility to reset Windows 10 passwords. You just boot from CD / USB which uses a slimmed down version of Linux since Linux does not respect Microsoft file permissions it can access Windows user account files. Then run the password utility, choose the user account and change password. It seems simpler than the method in this video.
You told us the trick....but you should also tell how to prevent this.
A. Bitlocker only available on windows pro (so the drive cannot be removed and read in another computer)
B. A Bios password that prevents anyone from even getting into the windows login screen in the first place.
Please upvote soo everyone knows how to defend against this. =D
I'm not familiar with bit-locker; I'd have to look that up. I don't use any kind of Windoze (currently all my computers are running Manjaro Plasma instead). But I wonder if a Linux-compatible technology exists to prevent drive transplant from working? (LUKS is nice, but only works on data drives and only works if you install it when formatting the drive before writing data.)
BIOS passwords on most computers can be reset in 30 seconds by popping-off left-side cover, moving "clear CMOS" jumper to "clear" then back to "run", the putting left-side cover back on; voila, no more BIOS password.
Windows passwords are a joke if an attacker is able to get their hands physically on your computer. They can just boot from a Nordahl USB, set all the passwords to empty, remove USB stick, press reset, and voila, all Windows passwords are blank.
What makes you think Bitlocker can't be cracked? It can, and is done.
FYI, BitLocker (or any) encryption with secure boot (secure boot optional) makes this hack entirely obsolete. Even if you only use the rather insecure TPM you'll need the full recovery key to access the files from the USB or any OS that is not the installed Windows OS itself (unless you have admin access before restarting, which means you can pause encryption, but at that point why go thru all these steps to log in again?).
It could be possible with only the TPM to inject some code into the Windows boot process from a USB device which would override utilman, so I recommend also setting a Bitlocker PIN/password (also VeraCrypt support TPM+password please, TPM isn't always "redundant"). And make sure to have an admin password set in the bios to make sure the boot order can't be reordered (though the bios can sometimes be easily reset without the password, but then this would trigger secure boot failing, forcing a bitlocker recovery code)
Who uses a computer anymore?
Millions of people? If not billions?
People.
i remember doing this but with the sticky key function .... doesn't matter where you are just spam on shift and you have cmd
I don't think boot USB is needed. Just hold down shift and restart . Release shift after restart screen appears. Then -> troubleshoot -> Advanced options -> Command Prompt -> net user
I've used UA-cam to bypass every Windows security screen since 2012. Back when I was younger I had all the OEM hotkeys and a plethora of software. Never needed any software to bypass the Windows screen except for maybe a recovery disk. I made this comment before I even watched your video but it's to highlight that yes it's always been very easy to get around if you are smart enough to find the research but I've never been that guy to figure it out myself😅
This is the trick I learned! To this day I still haven't had a chance to attempt a Windows 11 machine but I've never been beaten by Windows yet 😂
PS the CMD feature can be your best friend if you learn how to use it properly
This can also be done by using the safemode startup and going into the command prompt
Won't work on a properly secured system with storage encryption like bitlocker. Also when rebooting there is no guarantee the bios is set to boot from removable media. However you can try to hold shift when clicking restart, modern windows systems will show a dialogue that could allow you to boot from removable media on next boot(but again, if properly secured by gpo's that should not be allowed). By the way hacking the local sam db is as old as windows xp, so instead of messing up your windows installation you could just take that time to create an ntpassword reset usb stick, still the same caveats apply. This isnt as exciting and revolutionary as you portray it to be imho.
I had my own way of doing this with windows 10 and 7, but I just would had tripped windows diagnostic tools and get access to the cmd and replace the toolbox with windows with the Account manager. That was just my way of doing it.
Similar approaches exist for Linux (pick your flavor), OSX, CAN-BUS, etc. If you want to make it hard, encrypt your volumes...the reason for the big TPM push. But if I have physical access to the device, that is already half the battle.
Canbus, osx don't belong in the same sentence lol. It's like comparing USB and ChromeOS... They don't use canbus on personal computers. But you can use a Bluetooth elm327 chip to interface over serial bus with your obd2 logger if it's the rightbkind
This is nice and useful..i’ve been using this trick since 2013 as far as i remember…
You just need to interrupt the boot process by powering down during boot a couple times. That will start automatic repair which gets you to the command prompt. I knew exactly what the process was going to be before the video started and was surprised Loi Liang Yang went with the USB boot drive. You literally need nothing but physical access to accomplish this. No flash drive, just time and access.
Sometimes that mode also prompts for a password too, so it's not failsafe
@@DMack6464so direct me from this point I'm trying to get past because this admin password comes up after recovery and attempt to open cmd
BEAUTIFULLY done and explained 🌹
Nice tutorial. It's amazing how many PCs this will work on if you don't secure your boot options and USB ports.
Thank you for providing this guideline. It worked. But there is one problem I am facing. After changing the Windows login password, auto fill option in Google Chrome is not working.
google's problem
omg, this is so scary. how the hell does this still exist in year 2023?! lol ty for an eye opener