Hey! I just wanted to thank you for showing us this exploit. No harm intended, it's just super convenient to repair users pcs this way in case they forget passwords
been locked out of my macbook bc of a password error i feel like is the issue. the WORST part is apple isnt there to help w these things they just want defeat and new purchases, so was yours a mac or win?
Not only this, there is one more option to reset password known as SETHC. Simply you just need to replace your SETHC key with cmd just like this as Utilman.exe to cmd.exe, Then you only need to press SHIFT button 5 consecutive times and then boom You'll see a command prompt where you'll be able to reset the password by using the same commands.. Happy Learning- :) :)
@@rioarfaniharahap2551Exactly what I wanted to comment about bro mr.hackerloi Is using an old version of Windows 10 probably 2015 version and this Vulnerability haven't been patched during this period of time but for Win 10 2019 till date we can't access any recovery option without administrator password
Your English is so good I saw a video that you had posted about 7 years ago They just randomly come across and I've noticed the difference between how you speak now and then I just want to save me amazing progress! I honestly thought he lived neither Canada by the way you need to come to Vancouver since you were doing it doing survey or God forbid you lived in America. Lies speaking at a Native speakers level for English impressive
Now that is exactly the reason why most administrators block the use of external media on their network. So this only will work on privatly owned computers or computers is small organizations.
yea this is a super old method and hasn't worked in corporate network for years... well pending said network is following best practices. Many ways to prevent this from secure bios to disabling the use of flash drives but even utilizing Bitlocker, which everyone should be using in a corporate environment, is going to stop this in its tracks even without those other mitigations being in place
@@brittsrn Also take note of the version of Windows we see early in the video, this likely doesn't work anymore on newer version of Windows 10 and 11 like 22H2 and above.
@@bingusbongus1656This simple exploit still works on Windows 10 22H2 and Windows 11. Only the power button reset method has been fixed, now requiring local administrator password for all options. Ease of Access menu = utilman.exe Sticky Keys (5x Shift) = sethc.exe If the BIOS setup utility does not have set password, then Secure Boot can be disabled and booting from USB enabled there. Boot Menu may also have the option to Enter Setup Utility. Booting from external media always gives administrator access to the local disk, unless it is password-protected.
So many comments saying 'this is old news/technique'. So what. Ive never seen it, or thought of it. Thanks MASS for sharing this. Im not intending to use it maliciously, but as someone somewhat new to the cybersecurity field, it's certainly something im glad I'm now aware of and to consider. 👍💯
Works IF you can boot from the created media - if the BIOS has a password and boot from USB (or CD) is turned off, you can't boot the media. However, a really handy way to get into a system if the user has forgotten the admin password and they have not also set (and forgot) the BIOS password.
@Omena0MC, most business machines manufactured by OEMs like HP and dell don't have a bios reset option, you must solder on a new bios chip. Also, the method in this video won't work on an encrypted HD.
Very good because you left everything intact and only accessed what you needed. Normally others like spotmau would remove the pswd completely which raises eyebrows
Why you renaming twice? Just rename cmd.exe to cmd.exe.bck and rename sethc.exe to cmd.exe, then reboot and hit shift button several times until cmd.exe pops out 😊
he did that because the filename utilman.exe was already taken by the real utilman. swap the names 1st and then remove the 2 from the filename after and you don't end up overwriting the actual utilman program
@cherwilco you right, but also you could rename utilman.exe to utliman.exe.bck and then rename cmd.exe to utilman.exe And if you want to switch back, just rename it to the original filenames.
You can also load other OSes by executing Loi's exploit as described above, enabling the Windows Bootmgr display menu using bcedit, and then restarting. Boot manager allows you to launch other OSes without requiring the BIOS boot order changed
@@Yashparwal1yeah I have been doing this for years, and I think I once did it without boot media, just insert the hard drive into another pc and then do the rename of cmd and ease of access
Just go to startup recovery menu, open cmd, then open notepad, see all files, rename sethc.exe to something.exe and cmd.exe to sethc.exe then restart computer and logon screen press shift button 5 times and then you will have command prompt with admin access..
just do copy /y C:\windows\System32\cmd.exe C:\windows\system32\sethc.exe lol and also it doesnt work for most school laptops they arent that dumb to not secure this
You don't need an installation media at all but just upon botting windows force power off it then power it on and press F10 or F8 for repairing it then it boots from the recovery partition and you get CMD and you can do the same steps (sticky keys glich) to reset windows password. * A smart guy can disable sticky key glitch but you still can do it through booting again from an installation media or as I said from repairing boot partition the load the hive of offline windows then reactivate the sticky keys again.
I remember doing this on my moms laptop on win 7 as a kid. Remember kids when you are taking your SOLs at the end of the year sign yourself out and tell the teacher you are signed out and there is a chance you can shoulder surf the password she/he enters. From there you can use that account to sell local administrative accounts created on a pc of a student choosing, for around 5-10$ Also while you are at it put some fun games on the student share drive.
actually it's called "supply chain" attack vector and widely used not only for fun hack windows. for example, if you replace DLL (win) or SO (lin) libraries with your own doing the same things as original but plus your stuff there (bind or reverse shell, etc.), then any SW which uses (depends on) that libraries will be under your control with the rights of person who run the SW. enjoy! ;-)
@@davidb7176 if the disk was encrypted with say bit locker you would need the recovery key to access the drive when booting from the usb stick. Because you boot from a different device the drive is not unlocked for you to access the util man file. Hope that makes sense.
@@davidb7176when he tried to boot into the cmd prompt or advanced options it asks you for a key that is basically impossible to get only the IT people can get it. Even for them it’s stupidly ridiculous to get
There is practically no difference regardless of if you use a bootable CD or a flash drive. If it's a CD, insert the CD and boot from it. If it's a flash drive, plug it in and boot from it. From that point on, it is exactly the same.
You left out some points. In cmd the external drive is not always D:. I had to run a list and find the correct disk. I think you forgot that not everyone is using the same external drive as you.
You are very right. In my case I experienced this with a Windows 11 PC twice, I had to run the DISKPART, LIST VOLUME and noticed that there was no letter assigned to my OS Partition. Then I typed the ASSIGN command which automatically assigned a volume letter "F" (volume letter may vary for others depending on the the next available letter, so you can rerun LIST VOLUME to know the exact letter assigned thereafter). It was the newly assigned letter I used to eventually access the partition where my WINDOWS folder is contained.
Rusty Gold 👍 Next Level is: Show how to reset / crack a Domain Admin Account (i know already a few tricks but..) then you have maybe my subscription. Good work 👍
Mr Yang, hope that i find you and the family all in good spirits 🙏🏾 this video was an absolute dream, really got me out of a sticky situation. Keep up the good work sir, stay blessed 🙏🏾😃
Doesn't work for any organization with proper IT. Regularily to boot from a media or to open the command prompt you'll have to enter the admin passworr aswell. Or they just shut off the USB ports entirely
That writing on the screen is a nice touch some new form of ethical video hacking I like it one time I popped in and out of my friends PC when he's watching one of my UA-cam videos when is Xbox and cell phone Etc
Good for private PCs and any other PC not secured. If this hack works for your corporate PC, report it and get your IT security officer replaced or on some training class. Generally, with an unsecured PC, anyone with physical access to the box has full data access.
@@dualia-s74m1. Physically block access to the PC 2. Encrypt C drive (bit locker), which doesn't allow users to get to the login screen in the first place without the key.
if step 3 disabled and cant change it, none this will work. step 3 is crucial and a must for this to work. most school computers n laptop loans have step 3 ability disabled..
sir, very thanks for teaching us soo many intresting ethical hacking topics to us . now we are able controll , acsess, pcs with soo much knowledge becauseof you sir so thank you sir, uday kumar
It is no need to have a bootable USB, you can force the PC to go for startup diangose due to few failed startups (PC turned off while booting) and then just go to troubleshooting and select CMD.
I flashed my mobo BIOS and it locked me out of Windows. Bummer! If you can get to the Repair menu just by repeatedly hitting the PC's reset button, you can use the command prompt to use this procedure to delete [or change, I guess] the Admin password and get back into Windows or do whatever. The process was a lifesaver for me.
After closing the Command Prompt, I have no option to Continue. Only Troubleshoot and Turn off your PC. What do I do to continue the boot with the changes I have made?
I’m trying to do this with a USB there is no Windows folder to access . I get a command saying “ Windows” is not recognized. When i try to use iso file on an ssd the computer automatically boots and I can not access the command prompt.
Be good to show a video of a work around for an old work laptop that needs to be factory reset that has bitlocker installed and the admin password not known!
Are you the brother of this (fun) guy from "very bad trip" ? Nice video anyway :) I already knew this old trick (since windows 7) but i wonder if this work with bitlocker (windows) locked computers with CTRL+ALT+SUPPR before login ? .... See you.
To save a lot of time, just hold shift and click reboot, and you get into same recover mode as with the windows cd. Also the method does not work on bitlocker encrypted harddrive.
Couldn't you just shift +f10 when in windows setup for cmd page? so you don't go to next, repair etc. also when in sys32 you could do this as well : ren utilman.exe utilman.exe.bak copy cmd.exe utilman.exe done
I use this trick for fixing some user accounts for PC's in our organization for password continuity. Otherwise I'd have to reimage the computers with the specific software and reconfigure a whole lot of stuff again.
and this worked on your corporate network whiteout you having to create some holes first? that is pretty scary my guy there is no way in a modern business network that this should ever work or be a viable option for you or a threat actor to exploit
@@Doogle7821 nope, for everything else we use azure, these computers are not on azure and are segmented from the corporate network. Any computers that have access to the corporate network are on azure.
*Guidance needed.* I have a computer which has a bios password so loading Linux live is a no go (stuck on secure boot). When I turn it on, it shows the logon, then a loading wheel as if it logged in, then for a fraction of a second it pops up a power shell, then loads a “T” app (shows a “T” in a purple square and 2 silhouettes, for the App logo), then says “can’t logon with no internet connection” and prompts me for credentials. Any idea on how to bypass this? I’ve been trying to stop the startup programs via a windows setup cmd but it’s been to no avail. No, this isn’t stolen and yes, it is my property! I purchased an HP Slice G2 from an estate sale, it had a sticky note on it with the “credentials” but they are not valid. And when I contacted the people, they said “all sales are final and unfortunately the credentials written on the item are the only credentials that will be given”. Usually I just pop in a live kali and have my way with it but the secure boot is impeding this option.
*Update* : so the program that launches is called Microsoft Teams. There is a “send feedback” icon on the bottom right of the program. Is there a way to swap this icon action for cmd like with the utilman.exe?
Hi, thanks alot for the interesting video and for all the steps. Now I followed the steps and was able to create a new user. I unfortunately cannot use it as an Admin as it says, the domain is not available and i've to make sure that the device connected to the organisation's network . Any idea how to solve this? Thanks.
Adrian Ruthnik's services are a benchmark for the industry. They have set a new standard for secure hacking practices, consistently delivering effective solutions.
Any half decent institution is gonna have drive encryption turned on and/or the bios locked down to prevent bootable media. This would only work on your own home PC or a school that employed the cheapest IT admin they could find.
Hold command + S during startup That should launch you into a terminal and type the following /sbin/fsck -y /sbin/mount -uw / sh /etc/rc passwd [username of account you want to change here]
if you are using virtblock on vm drive that has your windows, make sure you de-attch it in the vm, then set it as SATA and then keep following the video or else when you open repair option the drive wont be read.
The DISCLAIMER that @LoiLiangYang has neglected to include in his "HOW TO RESET Administrator PASSWORD and Unlock any PCs?!" video, is that you still won't be able to do this on a PC (likely your school or work PC) when the Admin has taken care to disable booting to other devices in the BIOS. It's not rocket science kids. It's basic PC security, and these days people are taking a lot more care with it. And then there's Bitlocker - so you won't be able to access / alter any file on the drive even if you do get to boot to a USB.
also without creating any user insert explorer it will create full admin profile once you quit it will be deleted that's how you remain undetectable also work on any windows just rename osk.exe to cmd hit 5 times shift bouton
Hey! I just wanted to thank you for showing us this exploit. No harm intended, it's just super convenient to repair users pcs this way in case they forget passwords
message me i show you easy trick
😊
Introduction 0:00
Explaination 0:57
Targets 1:48
Installing Win 3:08
Main Stuff 5:29
BOOM 9:05
(Thank me later, 😉)
there is a problem: bitlocker or any other way encrypted disk. BOOM :)
It’s already marked
@@yoprojulian it marked now, but it wasn't when the video was uploaded😑
@@epicaedit5987 oh ok 👍
Thank you!
But where is Adrian Ruthink in these?!?
This was actually useful and not a rigged scenario, good work on this one.
You are right on point with this one...I have been locked out of my admin account for 3 months....not anymore.Ty for this video
been locked out of my macbook bc of a password error i feel like is the issue. the WORST part is apple isnt there to help w these things they just want defeat and new purchases, so was yours a mac or win?
@@Idolikethis
None of this would work with Mac. This is exclusively for windows.
Not only this, there is one more option to reset password known as SETHC. Simply you just need to replace your SETHC key with cmd just like this as Utilman.exe to cmd.exe,
Then you only need to press SHIFT button 5 consecutive times and then boom You'll see a command prompt where you'll be able to reset the password by using the same commands..
Happy Learning- :) :)
And that is done at what step?
@@dwightsmith5174- @6:35
No, you can not access the cmd.exe in the repair screen if you don't have administrator right
Hey, yes do video on that also please...
But if the bios is locked with password you cannot change the boot order to boot from usb
@@rioarfaniharahap2551Exactly what I wanted to comment about bro mr.hackerloi Is using an old version of Windows 10 probably 2015 version and this Vulnerability haven't been patched during this period of time but for Win 10 2019 till date we can't access any recovery option without administrator password
Your English is so good I saw a video that you had posted about 7 years ago They just randomly come across and I've noticed the difference between how you speak now and then I just want to save me amazing progress! I honestly thought he lived neither Canada by the way you need to come to Vancouver since you were doing it doing survey or God forbid you lived in America. Lies speaking at a Native speakers level for English impressive
Now that is exactly the reason why most administrators block the use of external media on their network. So this only will work on privatly owned computers or computers is small organizations.
this hack has been defunct for years with the use secure bios. Use to be a cool hack back in 2016.
i was about to say it nowadays even private systems has secure boot this could work if the target system has secure boot off @@brittsrn
yea this is a super old method and hasn't worked in corporate network for years... well pending said network is following best practices. Many ways to prevent this from secure bios to disabling the use of flash drives but even utilizing Bitlocker, which everyone should be using in a corporate environment, is going to stop this in its tracks even without those other mitigations being in place
@@brittsrn Also take note of the version of Windows we see early in the video, this likely doesn't work anymore on newer version of Windows 10 and 11 like 22H2 and above.
@@bingusbongus1656This simple exploit still works on Windows 10 22H2 and Windows 11.
Only the power button reset method has been fixed, now requiring local administrator password for all options.
Ease of Access menu = utilman.exe
Sticky Keys (5x Shift) = sethc.exe
If the BIOS setup utility does not have set password, then Secure Boot can be disabled and booting from USB enabled there. Boot Menu may also have the option to Enter Setup Utility.
Booting from external media always gives administrator access to the local disk, unless it is password-protected.
So many comments saying 'this is old news/technique'. So what. Ive never seen it, or thought of it. Thanks MASS for sharing this. Im not intending to use it maliciously, but as someone somewhat new to the cybersecurity field, it's certainly something im glad I'm now aware of and to consider. 👍💯
I bought your course on udemy but i learn a lot from your UA-cam channel 😅😂
Works IF you can boot from the created media - if the BIOS has a password and boot from USB (or CD) is turned off, you can't boot the media. However, a really handy way to get into a system if the user has forgotten the admin password and they have not also set (and forgot) the BIOS password.
On most systems you can reset the bios password by connecting 2 pins on the motherboard
@@Omena0MCdesktops mostly. Laptops can be a bit more tedious on resetting bios.
@Omena0MC, most business machines manufactured by OEMs like HP and dell don't have a bios reset option, you must solder on a new bios chip. Also, the method in this video won't work on an encrypted HD.
@@Omena0MC bonjour pouvez détaillée votre explication car j'arrive pas à accéder sur le bios car il me demande un mot de pas6
Very good because you left everything intact and only accessed what you needed. Normally others like spotmau would remove the pswd completely which raises eyebrows
Spotmau wouldn't work for Windows 11 when I tried it.
Did you try yours on Windows 11?
Would like to know how you went about it if 'YES'.
Why you renaming twice? Just rename cmd.exe to cmd.exe.bck and rename sethc.exe to cmd.exe, then reboot and hit shift button several times until cmd.exe pops out 😊
he did that because the filename utilman.exe was already taken by the real utilman. swap the names 1st and then remove the 2 from the filename after and you don't end up overwriting the actual utilman program
@cherwilco you right, but also you could rename utilman.exe to utliman.exe.bck and then rename cmd.exe to utilman.exe
And if you want to switch back, just rename it to the original filenames.
Cool tutorial but if the PC is more secure, it will likely have password required to access bios or boot.
still we can reset it by removing the cmos battery.
@@OPGAMER. That is somewhat dated. BIOS NOR FLASH and TPM NVRAM aren't susceptible to this and are becoming the norm.
You can also load other OSes by executing Loi's exploit as described above, enabling the Windows Bootmgr display menu using bcedit, and then restarting. Boot manager allows you to launch other OSes without requiring the BIOS boot order changed
@@HelloworldXY32irrelevant if bitlocker is enabled
@@OPGAMER.doesnt really work that way anymore my guy but even if it did enable bitlocker boom problem solved
I waited years 😯 but someone has actually made video on this topic ❤🎉thanks a lot brother😊
I mean, modded warfare did a video like this YEARS ago. Back when win7 was the hype. Yeah you have to change something else rather than taskmngr
feeling sry for you bro that you wasted years waiting.. the method is already available on internet.. you just had to search it😢
I've seen videos like this years ago where they did the same thing...
@@Yashparwal1yeah I have been doing this for years, and I think I once did it without boot media, just insert the hard drive into another pc and then do the rename of cmd and ease of access
You can also use .BATs to emulate this without getting caught (or an exe)
Just go to startup recovery menu, open cmd, then open notepad, see all files, rename sethc.exe to something.exe and cmd.exe to sethc.exe then restart computer and logon screen press shift button 5 times and then you will have command prompt with admin access..
wait what does this mean explain in details i beg u
@@unknown_girIlreal
just do copy /y C:\windows\System32\cmd.exe C:\windows\system32\sethc.exe lol and also it doesnt work for most school laptops they arent that dumb to not secure this
You don't need an installation media at all but just upon botting windows force power off it then power it on and press F10 or F8 for repairing it then it boots from the recovery partition and you get CMD and you can do the same steps (sticky keys glich) to reset windows password.
* A smart guy can disable sticky key glitch but you still can do it through booting again from an installation media or as I said from repairing boot partition the load the hive of offline windows then reactivate the sticky keys again.
i dont undertsand anything when i want to download the insallation media its not letting me
Yhh it does work
Thanks you so very much. I have been fighting to try and remember the password on my PC, but you made it easy to figure it out. Thanks again.
I loved how he used steam as an example, for true gamers who just want to play game on their work computer 😇
I just wanted to add ad blocking on the browser.
fr lmao@@MrWirelesscaller
Imagine playing games on your work computer... HA! Not worth the suspension. Read your TOS first.
@@joester4life ok buddy we get it. 😂
I remember doing this on my moms laptop on win 7 as a kid.
Remember kids when you are taking your SOLs at the end of the year sign yourself out and tell the teacher you are signed out and there is a chance you can shoulder surf the password she/he enters.
From there you can use that account to sell local administrative accounts created on a pc of a student choosing, for around 5-10$
Also while you are at it put some fun games on the student share drive.
You are simply Great. Microsoft must hire you.
CONGRATS Mr.Loi Liang Yang on 1M subs🎉, such great content deserves a lot more.
it wont even let me open that downloaded thing its asking for admin pass..
actually it's called "supply chain" attack vector and widely used not only for fun hack windows. for example, if you replace DLL (win) or SO (lin) libraries with your own doing the same things as original but plus your stuff there (bind or reverse shell, etc.), then any SW which uses (depends on) that libraries will be under your control with the rights of person who run the SW.
enjoy! ;-)
OLD BUT INTERESTINGG
SPECIALLY I LOVE YOUR EXPLAININGG WAY
MR. LOI 👍👍👍👌👌👌
Always thanks for your help mr. Loi❤
The only other gate to get through is the pc could be using bit locker so you’d need the recovery key. I Used this method twice this week already. 😀
What do you mean exactly?
@@davidb7176 if the disk was encrypted with say bit locker you would need the recovery key to access the drive when booting from the usb stick. Because you boot from a different device the drive is not unlocked for you to access the util man file. Hope that makes sense.
@@davidb7176when he tried to boot into the cmd prompt or advanced options it asks you for a key that is basically impossible to get only the IT people can get it. Even for them it’s stupidly ridiculous to get
@@davidb7176 Bitlocker encrypts the drives so they can't be accessed.
instead of needing that usb go to restart while holding shift restart (in login place restart there) and find cmd in advanced place there
Can you do the same video with a usb? I’m pretty confused and unsure what to do. Please and thank you
Same,struggling with the commands after thetroubleshouting
There is practically no difference regardless of if you use a bootable CD or a flash drive.
If it's a CD, insert the CD and boot from it.
If it's a flash drive, plug it in and boot from it.
From that point on, it is exactly the same.
Cant believe this stills works, it goes back to previous versions of windows, just a slightly different way into the cmd prompt
this method old about 100 years 😂
Is there any other methods?
Might be old news to you but some are Learning it for the first time 🤷
English please?
@@1k1i2isksklpno it’s not
Yes 😂
You left out some points. In cmd the external drive is not always D:. I had to run a list and find the correct disk. I think you forgot that not everyone is using the same external drive as you.
You are very right.
In my case I experienced this with a Windows 11 PC twice, I had to run the DISKPART, LIST VOLUME and noticed that there was no letter assigned to my OS Partition.
Then I typed the ASSIGN command which automatically assigned a volume letter "F" (volume letter may vary for others depending on the the next available letter, so you can rerun LIST VOLUME to know the exact letter assigned thereafter). It was the newly assigned letter I used to eventually access the partition where my WINDOWS folder is contained.
Nice UI bro ! The most awesome thumbnail ever seen .
Rusty Gold 👍 Next Level is: Show how to reset / crack a Domain Admin Account (i know already a few tricks but..) then you have maybe my subscription. Good work 👍
Mr Yang, hope that i find you and the family all in good spirits 🙏🏾 this video was an absolute dream, really got me out of a sticky situation. Keep up the good work sir, stay blessed 🙏🏾😃
Doesn't work for any organization with proper IT. Regularily to boot from a media or to open the command prompt you'll have to enter the admin passworr aswell. Or they just shut off the USB ports entirely
That writing on the screen is a nice touch some new form of ethical video hacking I like it one time I popped in and out of my friends PC when he's watching one of my UA-cam videos when is Xbox and cell phone Etc
Good for private PCs and any other PC not secured. If this hack works for your corporate PC, report it and get your IT security officer replaced or on some training class. Generally, with an unsecured PC, anyone with physical access to the box has full data access.
How exactly can you defend against that tho
@@dualia-s74m1. Physically block access to the PC
2. Encrypt C drive (bit locker), which doesn't allow users to get to the login screen in the first place without the key.
if step 3 disabled and cant change it, none this will work. step 3 is crucial and a must for this to work. most school computers n laptop loans have step 3 ability disabled..
subscribed and liked i just done this with my own pc and now i have admin
Can you help me please
Thanks. Just now use it to reset my nephew's forgotten password.
sir,
very thanks for teaching us soo many intresting ethical hacking topics to us .
now we are able controll , acsess, pcs with soo much knowledge becauseof you sir
so thank you sir,
uday kumar
One Can Also Do The Same With Live ISO Of Linux. Plus Point :- You Get GUI For Renaming Files.
U REACHED 1m SUBSCRIBER !!! 🎉🥳
Happy to see this trick still works
Useful for recovery of lost admin password
Very great video ! U can also in command prompt use Notpad and navigate in the directory with windows interface :D
yes you're right ;)
CONGRATS LOI YOU GOT 1 MILLION BROOOOOO 🎉🎉🎉🎉🎉
your the man! well done broseph
Loi again with a masterpiece
It is no need to have a bootable USB, you can force the PC to go for startup diangose due to few failed startups (PC turned off while booting) and then just go to troubleshooting and select CMD.
I had already thought about that! So that's why I activated the password to enter the BIOS and BOMM
Any system admin has this method locked down so hard… Fun to find out the security of public machines..
CONGRATS FOR GETTING 1M SUBS!!
HUGE THANKS. LIKE A HUGE ONE. It really works and helped a lot.
I flashed my mobo BIOS and it locked me out of Windows. Bummer! If you can get to the Repair menu just by repeatedly hitting the PC's reset button, you can use the command prompt to use this procedure to delete [or change, I guess] the Admin password and get back into Windows or do whatever. The process was a lifesaver for me.
After closing the Command Prompt, I have no option to Continue. Only Troubleshoot and Turn off your PC.
What do I do to continue the boot with the changes I have made?
The changes should be made and kept as you make them, so you can just reboot and start up normal.
How are u so smart bro ??
Your script is so perfect so was your humour and your teaching and practical too
Love u bro
Skipping this months vulnerability I would say this is one of the reasons Microsoft wants everyone to enable Bitlocker.
That's a lot of work. Why not just boot into a Linux rescue image and use "chntpw" ?
🥶😱😱😱hoh thank you thank you so much 🤣I have this problem today 😅🎉❤
Thanks man, it really worked....
I’m trying to do this with a USB there is no Windows folder to access . I get a command saying “ Windows” is not recognized. When i try to use iso file on an ssd the computer automatically boots and I can not access the command prompt.
I get stuck at the cmd prompt where i put in ‘cd windows’. Its states the system cannot the path specificed
Me too
i just fund the sollution. u have to D: not C:. for hi, the main storage is C:!!!
Loi Liang Yang happy newyear!
I was literally doing this backdoor back in 2010 when my dad wouldnt let me jump on the computer lol
Be good to show a video of a work around for an old work laptop that needs to be factory reset that has bitlocker installed and the admin password not known!
wow this is really handy thanks!
Are you the brother of this (fun) guy from "very bad trip" ? Nice video anyway :) I already knew this old trick (since windows 7) but i wonder if this work with bitlocker (windows) locked computers with CTRL+ALT+SUPPR before login ? .... See you.
😂You saved me the second time thank you😅❤
You helped me a lot thanks bro
Thank you so much this worked for me
Lots of Love From Nepal
999K Subscribers, 1M soon 🎉
Bootable flash with a toolset waay easier and less invasive.
The best mitigation from someone that has physical access is full disk encryption
To save a lot of time, just hold shift and click reboot, and you get into same recover mode as with the windows cd. Also the method does not work on bitlocker encrypted harddrive.
Awesome Mate, thanks!
thank you for your teaching🙏
2:25 There is not Windows 10 21H2(November 2021 Update). You should know that anniversary update is old.
This works 100% but I dont understand changing the name of CMD...its still CMD even if you do rename it...anyway...it worked...
Couldn't you just shift +f10 when in windows setup for cmd page? so you don't go to next, repair etc.
also when in sys32 you could do this as well :
ren utilman.exe utilman.exe.bak
copy cmd.exe utilman.exe
done
Damn that was actually pretty slick.
I use this trick for fixing some user accounts for PC's in our organization for password continuity. Otherwise I'd have to reimage the computers with the specific software and reconfigure a whole lot of stuff again.
and this worked on your corporate network whiteout you having to create some holes first? that is pretty scary my guy there is no way in a modern business network that this should ever work or be a viable option for you or a threat actor to exploit
@@Doogle7821 nope, for everything else we use azure, these computers are not on azure and are segmented from the corporate network. Any computers that have access to the corporate network are on azure.
*Guidance needed.* I have a computer which has a bios password so loading Linux live is a no go (stuck on secure boot).
When I turn it on, it shows the logon, then a loading wheel as if it logged in, then for a fraction of a second it pops up a power shell, then loads a “T” app (shows a “T” in a purple square and 2 silhouettes, for the App logo), then says “can’t logon with no internet connection” and prompts me for credentials.
Any idea on how to bypass this? I’ve been trying to stop the startup programs via a windows setup cmd but it’s been to no avail.
No, this isn’t stolen and yes, it is my property! I purchased an HP Slice G2 from an estate sale, it had a sticky note on it with the “credentials” but they are not valid. And when I contacted the people, they said “all sales are final and unfortunately the credentials written on the item are the only credentials that will be given”.
Usually I just pop in a live kali and have my way with it but the secure boot is impeding this option.
*Update* : so the program that launches is called Microsoft Teams.
There is a “send feedback” icon on the bottom right of the program. Is there a way to swap this icon action for cmd like with the utilman.exe?
Hi, thanks alot for the interesting video and for all the steps.
Now I followed the steps and was able to create a new user. I unfortunately cannot use it as an Admin as it says, the domain is not available and i've to make sure that the device connected to the organisation's network . Any idea how to solve this? Thanks.
Mr game over you're best
Congratulation 1m subscribers
DANG going to give this a shot
Did it work?pls reply
@@200iqKin it worked but it only worked for 2 days then it got deleted :(
@@monkemonke6969 so dose the softwear u downloaded still work since its its installed or do u still need admin rights to run it even tho its installed
Adrian Ruthnik's services are a benchmark for the industry. They have set a new standard for secure hacking practices, consistently delivering effective solutions.
Hi, Great video, can i use this technique for a windows 11 laptop?
Yow I gained full access on my school laptop 💻 ……finally
Could your laptop opem settings ?before
it really worked big thx
teacher please make a tutorial KRACK Attack- Bypassing WPA2 thank you very much for your attention
Cool! I assume you can't do this if the disk is encrypted... bitlockered...
Any half decent institution is gonna have drive encryption turned on and/or the bios locked down to prevent bootable media.
This would only work on your own home PC or a school that employed the cheapest IT admin they could find.
Thank you for the education! Can you show us how to do it on the Mac as well!
I did it once on a Mac it’s called single user mode
Hold command + S during startup
That should launch you into a terminal and type the following
/sbin/fsck -y
/sbin/mount -uw /
sh /etc/rc
passwd [username of account you want to change here]
if you are using virtblock on vm drive that has your windows, make sure you de-attch it in the vm, then set it as SATA and then keep following the video or else when you open repair option the drive wont be read.
The DISCLAIMER that @LoiLiangYang has neglected to include in his "HOW TO RESET Administrator PASSWORD and Unlock any PCs?!" video, is that you still won't be able to do this on a PC (likely your school or work PC) when the Admin has taken care to disable booting to other devices in the BIOS. It's not rocket science kids. It's basic PC security, and these days people are taking a lot more care with it. And then there's Bitlocker - so you won't be able to access / alter any file on the drive even if you do get to boot to a USB.
also without creating any user insert explorer it will create full admin profile once you quit it will be deleted that's how you remain undetectable also work on any windows just rename osk.exe to cmd hit 5 times shift bouton
How
Any decent administrator knows that setting a bios password and disabling other boot media is critical.