HOW TO RESET Administrator PASSWORD and Unlock any PCs?!
Вставка
- Опубліковано 30 тра 2024
- // Membership //
Want to learn all about cyber-security and become an ethical hacker? Join this channel now to gain access into exclusive ethical hacking videos by clicking this link: / @loiliangyang
// Courses //
Full Ethical Hacking Course: www.udemy.com/course/full-web...
Full Web Ethical Hacking Course: www.udemy.com/course/full-web...
Full Mobile Hacking Course: www.udemy.com/course/full-mob...
// Books //
Kali Linux Hacking: amzn.to/3IUXaJv
Linux Basics for Hackers: amzn.to/3EzRPV6
The Ultimate Kali Linux Book: amzn.to/3m7cutD
// Social Links //
Website: www.loiliangyang.com
Facebook: / loiliangyang
Instagram: / loiliangyang
LinkedIn: / loiliangyang
// Disclaimer //
Hacking without permission is illegal. This channel is strictly educational for learning about cyber-security in the areas of ethical hacking and penetration testing so that we can protect ourselves against the real hackers. - Наука та технологія
Introduction 0:00
Explaination 0:57
Targets 1:48
Installing Win 3:08
Main Stuff 5:29
BOOM 9:05
(Thank me later, 😉)
there is a problem: bitlocker or any other way encrypted disk. BOOM :)
It’s already marked
@@yoprojulian it marked now, but it wasn't when the video was uploaded😑
@@epicaedit5987 oh ok 👍
This was actually useful and not a rigged scenario, good work on this one.
Hey! I just wanted to thank you for showing us this exploit. No harm intended, it's just super convenient to repair users pcs this way in case they forget passwords
message me i show you easy trick
Not only this, there is one more option to reset password known as SETHC. Simply you just need to replace your SETHC key with cmd just like this as Utilman.exe to cmd.exe,
Then you only need to press SHIFT button 5 consecutive times and then boom You'll see a command prompt where you'll be able to reset the password by using the same commands..
Happy Learning- :) :)
And that is done at what step?
@@dwightsmith5174- @6:35
No, you can not access the cmd.exe in the repair screen if you don't have administrator right
Hey, yes do video on that also please...
But if the bios is locked with password you cannot change the boot order to boot from usb
@@rioarfaniharahap2551Exactly what I wanted to comment about bro mr.hackerloi Is using an old version of Windows 10 probably 2015 version and this Vulnerability haven't been patched during this period of time but for Win 10 2019 till date we can't access any recovery option without administrator password
So many comments saying 'this is old news/technique'. So what. Ive never seen it, or thought of it. Thanks MASS for sharing this. Im not intending to use it maliciously, but as someone somewhat new to the cybersecurity field, it's certainly something im glad I'm now aware of and to consider. 👍💯
Your English is so good I saw a video that you had posted about 7 years ago They just randomly come across and I've noticed the difference between how you speak now and then I just want to save me amazing progress! I honestly thought he lived neither Canada by the way you need to come to Vancouver since you were doing it doing survey or God forbid you lived in America. Lies speaking at a Native speakers level for English impressive
You are right on point with this one...I have been locked out of my admin account for 3 months....not anymore.Ty for this video
been locked out of my macbook bc of a password error i feel like is the issue. the WORST part is apple isnt there to help w these things they just want defeat and new purchases, so was yours a mac or win?
You don't need an installation media at all but just upon botting windows force power off it then power it on and press F10 or F8 for repairing it then it boots from the recovery partition and you get CMD and you can do the same steps (sticky keys glich) to reset windows password.
* A smart guy can disable sticky key glitch but you still can do it through booting again from an installation media or as I said from repairing boot partition the load the hive of offline windows then reactivate the sticky keys again.
Now that is exactly the reason why most administrators block the use of external media on their network. So this only will work on privatly owned computers or computers is small organizations.
this hack has been defunct for years with the use secure bios. Use to be a cool hack back in 2016.
i was about to say it nowadays even private systems has secure boot this could work if the target system has secure boot off @@brittsrn
yea this is a super old method and hasn't worked in corporate network for years... well pending said network is following best practices. Many ways to prevent this from secure bios to disabling the use of flash drives but even utilizing Bitlocker, which everyone should be using in a corporate environment, is going to stop this in its tracks even without those other mitigations being in place
@@brittsrn Also take note of the version of Windows we see early in the video, this likely doesn't work anymore on newer version of Windows 10 and 11 like 22H2 and above.
@@bingusbongus1656This simple exploit still works on Windows 10 22H2 and Windows 11.
Only the power button reset method has been fixed, now requiring local administrator password for all options.
Ease of Access menu = utilman.exe
Sticky Keys (5x Shift) = sethc.exe
If the BIOS setup utility does not have set password, then Secure Boot can be disabled and booting from USB enabled there. Boot Menu may also have the option to Enter Setup Utility.
Booting from external media always gives administrator access to the local disk, unless it is password-protected.
Always thanks for your help mr. Loi❤
Just go to startup recovery menu, open cmd, then open notepad, see all files, rename sethc.exe to something.exe and cmd.exe to sethc.exe then restart computer and logon screen press shift button 5 times and then you will have command prompt with admin access..
wait what does this mean explain in details i beg u
I remember doing this on my moms laptop on win 7 as a kid.
Remember kids when you are taking your SOLs at the end of the year sign yourself out and tell the teacher you are signed out and there is a chance you can shoulder surf the password she/he enters.
From there you can use that account to sell local administrative accounts created on a pc of a student choosing, for around 5-10$
Also while you are at it put some fun games on the student share drive.
Works IF you can boot from the created media - if the BIOS has a password and boot from USB (or CD) is turned off, you can't boot the media. However, a really handy way to get into a system if the user has forgotten the admin password and they have not also set (and forgot) the BIOS password.
On most systems you can reset the bios password by connecting 2 pins on the motherboard
@@Omena0MCdesktops mostly. Laptops can be a bit more tedious on resetting bios.
@Omena0MC, most business machines manufactured by OEMs like HP and dell don't have a bios reset option, you must solder on a new bios chip. Also, the method in this video won't work on an encrypted HD.
@@Stephen-yd7ce Unless you have the key to unlock the drive, then you have all the power to do whatever you wish.
@@Omena0MC bonjour pouvez détaillée votre explication car j'arrive pas à accéder sur le bios car il me demande un mot de pas6
Very good because you left everything intact and only accessed what you needed. Normally others like spotmau would remove the pswd completely which raises eyebrows
Nice UI bro ! The most awesome thumbnail ever seen .
your the man! well done broseph
Thanks you so very much. I have been fighting to try and remember the password on my PC, but you made it easy to figure it out. Thanks again.
I bought your course on udemy but i learn a lot from your UA-cam channel 😅😂
Good for private PCs and any other PC not secured. If this hack works for your corporate PC, report it and get your IT security officer replaced or on some training class. Generally, with an unsecured PC, anyone with physical access to the box has full data access.
How exactly can you defend against that tho
@@stevenmendoza37321. Physically block access to the PC
2. Encrypt C drive (bit locker), which doesn't allow users to get to the login screen in the first place without the key.
I waited years 😯 but someone has actually made video on this topic ❤🎉thanks a lot brother😊
I mean, modded warfare did a video like this YEARS ago. Back when win7 was the hype. Yeah you have to change something else rather than taskmngr
feeling sry for you bro that you wasted years waiting.. the method is already available on internet.. you just had to search it😢
I've seen videos like this years ago where they did the same thing...
@@Yashparwal1yeah I have been doing this for years, and I think I once did it without boot media, just insert the hard drive into another pc and then do the rename of cmd and ease of access
You can also use .BATs to emulate this without getting caught (or an exe)
this method old about 100 years 😂
English is older, and yet here we are. 🤦♂️
Is there any other methods?
Might be old news to you but some are Learning it for the first time 🤷
Then stfu and watch another video
English please?
Why you renaming twice? Just rename cmd.exe to cmd.exe.bck and rename sethc.exe to cmd.exe, then reboot and hit shift button several times until cmd.exe pops out 😊
he did that because the filename utilman.exe was already taken by the real utilman. swap the names 1st and then remove the 2 from the filename after and you don't end up overwriting the actual utilman program
@cherwilco you right, but also you could rename utilman.exe to utliman.exe.bck and then rename cmd.exe to utilman.exe
And if you want to switch back, just rename it to the original filenames.
OLD BUT INTERESTINGG
SPECIALLY I LOVE YOUR EXPLAININGG WAY
MR. LOI 👍👍👍👌👌👌
it wont even let me open that downloaded thing its asking for admin pass..
actually it's called "supply chain" attack vector and widely used not only for fun hack windows. for example, if you replace DLL (win) or SO (lin) libraries with your own doing the same things as original but plus your stuff there (bind or reverse shell, etc.), then any SW which uses (depends on) that libraries will be under your control with the rights of person who run the SW.
enjoy! ;-)
You are simply Great. Microsoft must hire you.
Very great video ! U can also in command prompt use Notpad and navigate in the directory with windows interface :D
yes you're right ;)
Rusty Gold 👍 Next Level is: Show how to reset / crack a Domain Admin Account (i know already a few tricks but..) then you have maybe my subscription. Good work 👍
Cool tutorial but if the PC is more secure, it will likely have password required to access bios or boot.
still we can reset it by removing the cmos battery.
@@OPGAMER. That is somewhat dated. BIOS NOR FLASH and TPM NVRAM aren't susceptible to this and are becoming the norm.
You can also load other OSes by executing Loi's exploit as described above, enabling the Windows Bootmgr display menu using bcedit, and then restarting. Boot manager allows you to launch other OSes without requiring the BIOS boot order changed
@@Ghx0st-irrelevant if bitlocker is enabled
@@OPGAMER.doesnt really work that way anymore my guy but even if it did enable bitlocker boom problem solved
Doesn't work for any organization with proper IT. Regularily to boot from a media or to open the command prompt you'll have to enter the admin passworr aswell. Or they just shut off the USB ports entirely
I loved how he used steam as an example, for true gamers who just want to play game on their work computer 😇
I just wanted to add ad blocking on the browser.
fr lmao@@MrWirelesscaller
Imagine playing games on your work computer... HA! Not worth the suspension. Read your TOS first.
@@joester4life ok buddy we get it. 😂
CONGRATS Mr.Loi Liang Yang on 1M subs🎉, such great content deserves a lot more.
HUGE THANKS. LIKE A HUGE ONE. It really works and helped a lot.
sir,
very thanks for teaching us soo many intresting ethical hacking topics to us .
now we are able controll , acsess, pcs with soo much knowledge becauseof you sir
so thank you sir,
uday kumar
Can you do the same video with a usb? I’m pretty confused and unsure what to do. Please and thank you
CONGRATS LOI YOU GOT 1 MILLION BROOOOOO 🎉🎉🎉🎉🎉
CONGRATS FOR GETTING 1M SUBS!!
subscribed and liked i just done this with my own pc and now i have admin
Loi again with a masterpiece
Would this (using a Win USB boot stick as you described) work if my office machine is locked down with bitlocker? Wouldn't I need to be logged in with that before I could could mess with the registry/disk contents? Which would be 'hard' to do on a USB reboot, no?
You helped me a lot thanks bro
also without creating any user insert explorer it will create full admin profile once you quit it will be deleted that's how you remain undetectable also work on any windows just rename osk.exe to cmd hit 5 times shift bouton
I got myself a cheap little dell optiplex 3000 and its im guessing an old work computer with some decent specs but im unable to reset the computer and remove all data should this work on a domain admin work pc???
That writing on the screen is a nice touch some new form of ethical video hacking I like it one time I popped in and out of my friends PC when he's watching one of my UA-cam videos when is Xbox and cell phone Etc
wow this is really handy thanks!
Awesome Mate, thanks!
Lots of Love From Nepal
Happy to see this trick still works
Hey Loi,
I cannot access my admin user account and now every time I click on sign in button it keeps looping back to the login screen yet I can access my 'Other' user account which I created for guests but now I am the guest and don't have admin privileges. And I have tried net user administrator /active:yes it doesnt work and on Computer manager tool Local users group tab is not available. Please help
thank you for your teaching🙏
I was literally doing this backdoor back in 2010 when my dad wouldnt let me jump on the computer lol
*Guidance needed.* I have a computer which has a bios password so loading Linux live is a no go (stuck on secure boot).
When I turn it on, it shows the logon, then a loading wheel as if it logged in, then for a fraction of a second it pops up a power shell, then loads a “T” app (shows a “T” in a purple square and 2 silhouettes, for the App logo), then says “can’t logon with no internet connection” and prompts me for credentials.
Any idea on how to bypass this? I’ve been trying to stop the startup programs via a windows setup cmd but it’s been to no avail.
No, this isn’t stolen and yes, it is my property! I purchased an HP Slice G2 from an estate sale, it had a sticky note on it with the “credentials” but they are not valid. And when I contacted the people, they said “all sales are final and unfortunately the credentials written on the item are the only credentials that will be given”.
Usually I just pop in a live kali and have my way with it but the secure boot is impeding this option.
*Update* : so the program that launches is called Microsoft Teams.
There is a “send feedback” icon on the bottom right of the program. Is there a way to swap this icon action for cmd like with the utilman.exe?
U REACHED 1m SUBSCRIBER !!! 🎉🥳
"Now who are you?" - That got me 🤣🤣🤣
Loi Liang Yang happy newyear!
Cool 🎉
❤ your videos
Cant believe this stills works, it goes back to previous versions of windows, just a slightly different way into the cmd prompt
The only other gate to get through is the pc could be using bit locker so you’d need the recovery key. I Used this method twice this week already. 😀
What do you mean exactly?
@@davidb7176 if the disk was encrypted with say bit locker you would need the recovery key to access the drive when booting from the usb stick. Because you boot from a different device the drive is not unlocked for you to access the util man file. Hope that makes sense.
I’m trying to do this with a USB there is no Windows folder to access . I get a command saying “ Windows” is not recognized. When i try to use iso file on an ssd the computer automatically boots and I can not access the command prompt.
It is no need to have a bootable USB, you can force the PC to go for startup diangose due to few failed startups (PC turned off while booting) and then just go to troubleshooting and select CMD.
Can you do this on a remote computer or do it have to be accessed physically?
Excellent !!
I do not have admin rights and bit locker is stopping me from changing those rights I cant get the system to allow me to change the drive to C on my surface pro 7 when i boot from the usb windows media disk. HELP
Any system admin has this method locked down so hard… Fun to find out the security of public machines..
😂You saved me the second time thank you😅❤
Do you have a method of forcing a reset on display settings? I upgraded from a 2060 to a 7900 XT. And I'm locked to 75Hz, in game. Regardless of what settings I use.
Couldn't you just shift +f10 when in windows setup for cmd page? so you don't go to next, repair etc.
also when in sys32 you could do this as well :
ren utilman.exe utilman.exe.bak
copy cmd.exe utilman.exe
done
Physical access to a computer is to own it - Linux, Mac, or Windows. You are using another operating system (you boot from) to overwrite/modify parts of the base OS for access, try this on an encrypted drive using hardware tpm/secure enclave without the restore key/pw.... then I'll be impressed ;)
You can even fo it without he usb drive but the thing is when it doesnt let you execute cmd because of another program blocking it
Skipping this months vulnerability I would say this is one of the reasons Microsoft wants everyone to enable Bitlocker.
The DISCLAIMER that @LoiLiangYang has neglected to include in his "HOW TO RESET Administrator PASSWORD and Unlock any PCs?!" video, is that you still won't be able to do this on a PC (likely your school or work PC) when the Admin has taken care to disable booting to other devices in the BIOS. It's not rocket science kids. It's basic PC security, and these days people are taking a lot more care with it. And then there's Bitlocker - so you won't be able to access / alter any file on the drive even if you do get to boot to a USB.
Ant this method only works with local accounts. Since windows 10 and 11 MS has been pushing for using online accounts.
Hi, thanks alot for the interesting video and for all the steps.
Now I followed the steps and was able to create a new user. I unfortunately cannot use it as an Admin as it says, the domain is not available and i've to make sure that the device connected to the organisation's network . Any idea how to solve this? Thanks.
Damn that was actually pretty slick.
🥶😱😱😱hoh thank you thank you so much 🤣I have this problem today 😅🎉❤
instead of needing that usb go to restart while holding shift restart (in login place restart there) and find cmd in advanced place there
Congratulation 1m subscribers
Love it!
Useful for recovery of lost admin password
Are you the brother of this (fun) guy from "very bad trip" ? Nice video anyway :) I already knew this old trick (since windows 7) but i wonder if this work with bitlocker (windows) locked computers with CTRL+ALT+SUPPR before login ? .... See you.
I bought a surface laptop 3 on eBay and tried to access it and has bitlocker and tried to reinstall the OS with a recovery image and the options for windows OS image are pro and enterprise… I am curious, I guess it’s stolen so, may I get in trouble if I keep it? Is there a way to downgrade it to windows home ? Is the company/school able to locate me? What should I do???
It could be refurbished a lot of schools and workplaces sell older pcs to refurbishers and then they fix them and sell them to the consumer (you)
Doesn’t work with secure boot bios’ or locked bios with bootable media disabled.
Please!! I need help for the part with command prompt, how do we do it with USB?😢
Hi, Great video, can i use this technique for a windows 11 laptop?
Mr game over you're best
How are u so smart bro ??
Your script is so perfect so was your humour and your teaching and practical too
Love u bro
To save a lot of time, just hold shift and click reboot, and you get into same recover mode as with the windows cd. Also the method does not work on bitlocker encrypted harddrive.
999K Subscribers, 1M soon 🎉
That's a lot of work. Why not just boot into a Linux rescue image and use "chntpw" ?
i get asked for administration when i try to open the windows download ://
If your boot is locked in bios just unplug the battery from bios in your laptop or pc and it will remove the lock on bios
The first step of the "create installation media for Windows" still needs me to add the administrator password, I've been locked out of the administrator account for 3 years now, Is there any way I can bypass this?
Thanks! 🙌
Okay, the problem I have is that you have to obtain a window's installation media. I don't have any other computers that I can use to download it, and thus I'm completely stranded with no way to use this method. PLEASE HELP!!!!!
if step 3 disabled and cant change it, none this will work. step 3 is crucial and a must for this to work. most school computers n laptop loans have step 3 ability disabled..
The best mitigation from someone that has physical access is full disk encryption
One Can Also Do The Same With Live ISO Of Linux. Plus Point :- You Get GUI For Renaming Files.
Sir, whenever i use cmd or system image recovery it always want me to choose a user and ofcourse it's admin but after i click on it.... It requires pwd😢 what to do???!
What if it is a microsoft account with the pin? Does that make a difference or will it work the same?
utilman is not present its been replaced with util.dll........... i see a SYSTEM regedit for the Cmdline and StartupTYPE but that seems off as Folk UNLOAD the Mods to the REG.....