hack windows 10

Forgot Windows Administrator Password? The first thing a normal user tries to do is take the PC to service center and do a  fresh re-installation of windows. In that case one may lose all the data,not to mention the service charges.  In another scenario,suppose if you want to hack into someone's PC there are a few methods to follow,like using Hiren CD,Trinity Rescue Kit,OphCrack etc. It takes considerable amount of time and computer skills and also these methods are not always successful. In such cases the below given method comes in handy.



Reset Windows 10 [Including Windows 8.1,8,7,Vista and XP] Password Without Knowing The Current Password. 


This is an old method,and it is based on a windows feature [Sticky Keys] found in all versions from the Old Windows XP to the latest Windows 10. Well it is a bit surprising to know that this classic windows backdoor works even in the latest Windows 10 !

Okey,So follow the below steps to Hack Windows 10.

Things you need-


1) Any Linux live CD(like Ubundu CD)/USB. If you don't have one download any Linux distribution ISO file and Make a bootable CD/USB. For simplicity sake I suggest Puppy Linux (lightest Linux distro,less than 200mb).

2)Basic knowledge in dealing with cmd,boot menu etc.

So let's get started.


1)Insert the live CD/Usb and boot from it. [You may need to Turn off Secure Boot feature for UEFI BIOS]

2)Locate the drive where Windows is installed.(C drive) Goto Windows/system32 folder.

3)Find out a file named 'cmd.exe' and rename it to 'cmd0.exe'

4)Next find another file by the name 'sethc.exe' [It is the program for windows sticky keys] Rename sethc.exe to cmd.exe.

5)Finally rename cmd0.exe to sethc.exe. [Swapping the sticky keys program with Command Promt (cmd). So whenever Sticky Keys program is called it runs cmd and vice versa. ]

5)Great! Now Shutdown and boot into Windows.

6)Press shift key five or six times at the login screen.

7)Now the command prompt will open up. Type this without quotes and hit enter.
"net user"

 8) Now you can see the list of active accounts [User Names] in the PC. Make a note of the Account Name you need to hack.

9) type the following command and hit enter.
"net user <space><Account Name><space> *"

 Note  <space>: leave space

          <Account Name> Replace it with the account you need to hack. In this example 'Mathews'

8)It will display 'enter new password'. Enter any new password and confirm. To remove password leave it blank.

Done! You can login with the new password now.

Note:Don't forget to Change back sethc.exe to cmd.exe afterwards. 

Also Read

Also Read:


Also read

Post a Comment

  1. Didn't work for me on Win7. :(

    ReplyDelete
    Replies
    1. It works for all versions. Where/What type of error you are getting?

      Delete
    2. i need help, I'm having trouble downloading the puppy file. Can you tell me step by step how I would go about this?

      Delete
    3. https://www.youtube.com/watch?v=Iqj6JJjC1yw

      Here. Follow this video tutorial.

      Delete
    4. Use a Windows install disc to reset the password:
      http://www.top-password.com/blog/reset-windows-10-password-with-sticky-keys/

      This should be easier if you're not a linux geek.

      Delete
  2. Have used this many times on my daughters laptop, it works 100%

    ReplyDelete
    Replies
    1. Yes,,this simple,old yet effective trick can turn out to be a life saver in many occasions. :)

      Delete
  3. Replies
    1. Of course. But kon-boot is an entirely different approach.

      Delete
  4. Replies
    1. Yes it works,provided that the sticky keys are turned on. I just confirmed it myself.

      Delete
  5. I tried this in Windows 10 and using the Puppy Linux it will not let me rename the cmd.exe file. States that it is a read only system file. I cannot seem to find a way to change the permissions on it. Not working for me at the moment.

    ReplyDelete
    Replies
    1. Are you sure you are following the instructions properly? Sort of weird because 'cmd.exe' is never a 'read only system file' in Linux. Never seen it before. It is not even a system file when you boot linux and access windows files. Try to do it from terminal as root.

      Delete
    2. I nave the dama problemi with windows10

      Delete
    3. Can you post the error screenshot so that I will be able to figure it out what actually is going wrong?

      Delete
    4. I've got the same problem.

      Delete
    5. Try again with Ubuntu/any other linux version instead of Puppy Linux.

      Delete
    6. Instructions on HOW TO GOTO the C drive would be nice, You essentially skipped that.

      Delete
    7. @Unknown

      Step 2: Is it that difficult to find? I thought someone good enough to use cmd and make a live boot disk should be able to figure it out easily.

      Delete
    8. OP, i bet you launch the puppy installation from inside Win10, instead of booting your computer with it.

      Delete
    9. how to go to c:windows from # (linux
      linux puppy already run

      Delete
  6. I keep getting an error that says it cant boot because the computer is unable. HOW DO I FIX

    ReplyDelete
    Replies
    1. You have to fix that error and boot from an external media to make this work. Kindly share a screenshot of the error. You can upload it somewhere(I suggest http://imgur.com/) and comment the link.

      Delete
    2. I had to shutdown windows holding shift and remounted after puppy loaded up.... http://superuser.com/questions/880867/cannot-mount-ntfs-partitions-because-of-windows-10

      Delete
    3. It is because of fast boot/hibernate features of Windows. You may need to remount the partitions in rw mode.

      Delete
    4. I need help login my windows 10 computer it's saying I have a yahoo but I don't know the password

      Delete
    5. You have a yahoo? Are you trying to login using a microsoft account? That probably won't work. Switch to local account and try again.

      Delete
    6. I am booted directly into puppy. restarted win 10 before this so win drive mounted correctly in puppy. First time i accessed system32 folder saw all files. The next time i boot into puppy, system32 folder comes up blank.

      Dont know how to show the system 32 files. Checked show all hidden files nothing comes up. In win 10 the files show up???

      Delete
  7. Hi,
    Great written article dude!
    I've got 2 Qs though:
    1.is there any risk of having laptop's data locked/deleted/damaged in this process (assuming I follow instructions properly)?
    2.i notice the concept of switching file names, hence it's purposes by launching it) - why couldn't we just access the cmd from Windows without this whole 'switch process', why the need to launch it in a sneaky way?
    Just trying to understand & learn.
    Bumped into a need to retrieve password of a laptop belonging to friend who passed away, in order to help the family access some vital account info :/

    Thanks again!

    ReplyDelete
    Replies
    1. Thanks.

      1) No risk of data loses if you follow the instructions and leave other files untouched.
      2)If you are logged in you can directly open cmd and change the password without typing the old password,but you need to run cmd with admin privileges. This tutorial is pointless if you already have privileged access to the machine. It is solely for one scenario-PC is locked out/forgot password/needs to break in etc.

      Note:I have suggested using linux CD to keep it simple. You can also use a windows repair disk to rename the files through command prompt and get the same result. That method is bit more complicated and has more chances to get screwed up.

      Delete
    2. if my windows 10 need outlook login what i do???

      Delete
    3. if use ori password still can not in windows..
      if wan login outlook need internet for ling that ...

      Delete
  8. nvm
    i finally got it
    not sure why it kept failing on me, maybe blank passw' but nvm , cheeres [btw, didnt go through linux]

    ReplyDelete
  9. I was able to get through step 2 fine, but then I click rename and change cmd.exe file to cmd0.exe and press enter. After hitting enter, I get an error that says:
    The Item could not be renamed.
    Sorry, could not rename "cmd.exe" to "cmd0.exe": Error renaming file: Operation not supported.
    I am running Windows 10 and Ubuntu 14.04 LST
    Any help would be great. Thanks

    ReplyDelete
    Replies
    1. Have you been able to work it out? I'm stuck at exactly same spot... I can rename files on other folders of Windows partition, but not in the System32 directory.
      I'd be grateful for any help. Cheers.

      Delete
    2. stuck with the same. Any help would be appreciated

      Delete
  10. how do you mount onto the c drive from linux when it has the fastboot and is not all the way "shut down"

    ReplyDelete
  11. can you help me im having trouble mounting my Linux onto the c drive because of fast boot on windows 10 and i have no other access into the Windows OS

    ReplyDelete
  12. You have to either turn off fastboot or mount the drives in read write mode.

    1)Open the Control Panel (icons view), and select Power Options or select Power Options from Power Menu (Windows + X)
    2)From the links on the left hand side, click on Choose what the power buttons does.
    3)Click on the Change settings that are currently unavailable link at the top.
    tutorial66-2
    4)To enable Fast startup, under Shutdown settings, check the Turn on fast startup box, click on the Save changes button.
    5)To disable Fast startup, under Shutdown settings, uncheck the Turn on fast startup box, click on the Save changes button.

    Now shut down the system and live boot.

    ReplyDelete
  13. Nice work!!!
    By the way for window 7/8/10 which version of puppy linux should i download?
    Does any version do the trick or is there any particular one?

    And after seeing this heck now i'm really scare to leave my laptop with window 8.1 at home.
    Is there anyway to counter this exploit at all?

    ReplyDelete
  14. Great article!!!
    By the way which puppy linux version do i have to download in order to make this work?
    I'm planning to use it on window 7/8/10

    Also is there anyway to counter this exploit because now i'm really scare to leave my laptop at my apartment.

    ReplyDelete
    Replies
    1. Any version of puppy linux(Or any linux) will do.

      To prevent this exploit from working you can- 1)Turn off sticky keys 2)enable drive encryption like bitlocker/truecrypt 3)put a bios password(so no possibility of booting from any other medium than the main harddisk).

      Delete
  15. Dude, you are the best, you made my day! Thanks a lot!

    ReplyDelete
  16. Hey guys, im having a problem unlike the others in the comments, I did all of the above and managed to get into the cmd but with no progress from then on. It wont let me change the password, it says that "The system is not authoritative for the specified account and therefore cannot complete the operation. Please retry using the provider associated with the account. If this is an online provider please use the provider's online site." Can someone help?

    ReplyDelete
    Replies
    1. This whole method is for local accounts only. It won't work if you try in Microsoft account and you'll see error like that.

      Delete
  17. Does this work on microsoft accounts as well? Or only local?

    ReplyDelete
  18. Even with sticky keys on, nothing happens at all, with the files renamed properly and everything. I might have a 10 repair disk lying around and I'll give that a shot.

    ReplyDelete
  19. Doesnt work for me when I try to rename there is the error "Sorry, could not rename “sethc.exe” to “miau.exe”: Error renaming file: Operation not supported"
    What should I do now?

    ReplyDelete
  20. I tried this however it mounted all the windows files as read only, so i couldn't rename any files, any help would be great!

    ReplyDelete
    Replies
    1. Please check the above comments. I have already mentioned a solution.

      Delete
  21. if this trick just by renaming cmd.exe and setch.exe, so it possible to do with any live-cd os like Hiren, and any version of linux?

    ReplyDelete
    Replies
    1. @Rozie

      Yes,any live-cd will do. Puppy linux is just an example.

      Delete
  22. Didn't work on win 10 for me. Looks like the admin account is an online account so it wouldn't let me change the password. :(

    ReplyDelete
  23. Can someone help me, please? I managed to rename cmd.exe and sethc.exe, and afterward I pressed shift 5 times at the Windows login screen. The command prompt popped up, but when I typed "net user Administrator ", the option to change the password for my Administrator account did not appear. Instead it just lists some data. What am I doing wrong?

    ReplyDelete
    Replies
    1. Kindly specify what data you are getting. A screen-shot would be better.

      Delete
    2. In order to change the password you would say NET USER Administrator *

      Note the * at the end of the statement. Not sure if this was your problem but hope it helped.

      Delete
  24. How do you access the c drive from linux? Im running Ubuntu 16 LTS.
    Thanks in advance.

    ReplyDelete
    Replies
    1. Once you live boot Ubuntu, goto the file manager or home folder. From there you can access all drives including C drive. let me know if you face any difficulty.

      Delete
  25. A. How do you find the c drive in windows from linux

    B. I tried renaming the cmd file, but it gave me an error saying "Cannot rename file. Operation not supported"

    I'm currently using Ubuntu 16.04 LTS

    ReplyDelete
  26. From B. I guess you already figured out how to get to C drive and rename cmd file. If it doesn't allow you to rename C drive must be mounted in read only mode.

    It is because of Windows features like hybrid boot,fast boot,hibernate etc.

    You have to either turn off those features or mount the drives in 'read write' mode.

    1)Open the Control Panel (icons view), and select Power Options or select Power Options from Power Menu (Windows + X)
    2)From the links on the left hand side, click on Choose what the power buttons does.
    3)Click on the Change settings that are currently unavailable link at the top.
    4)To enable Fast startup, under Shutdown settings, check the Turn on fast startup box, click on the Save changes button.
    5)To disable Fast startup, under Shutdown settings, uncheck the Turn on fast startup box, click on the Save changes button.

    Now shut down the system and live boot. This Should solve the issue.

    ReplyDelete
  27. I'm in Matt. Thanks. Found the solution. Reset password for administrator instead of the windows User account, then enabled administrator with this line:net user administrator /active:yes

    ReplyDelete
    Replies
    1. I am glad to hear that. That's one way to get it done.

      Delete
    2. I did the same, you are a true genius.

      Delete
  28. hello
    how can i download the puppy linux or

    ReplyDelete
  29. Some of these questions are so funny. No good deed, Mathews... :) Great article tho, good trick to know as an admin.

    ReplyDelete
  30. I can't rename my cmd.exe. I've tried everything but it won't give me permission. I can't access windows at all either.

    ReplyDelete
  31. Hi Matthew I'm getting a syntax error message when I enter net user full name * The suggested options do not include changing the password (unless, of course, I'm misinterpreting them). If I enter net user administrator * instead, I'm given the option to change the password as you describe. However, when I attempt to enter the new password, a password error is reported on the Win 10 login screen. Please advise. Thank you.

    ReplyDelete
  32. Perry (previously posted as Anonymous)July 11, 2016 at 9:03 AM

    Hi Matthew Further to my previous post (as Anonymous), I should have mentioned that my friends computer was hacked and a login password was added where one never existed.

    ReplyDelete
  33. Perry (previously posted as Anonymous)July 11, 2016 at 9:05 AM

    Hi Matthew Assuming there's a fix for my previously posted problem, can I rename the cmd and sethc files once I'm in Windows 10? Thanks again.

    ReplyDelete
    Replies
    1. Yes you can rename the files once you reset the password. It is necessary for the smooth operation of windows. Otherwise you may face issues while installing/running some software.

      Delete
  34. Does this method risk losing access to Windows encrypted data or are only third party encryptions secure?

    ReplyDelete
    Replies
    1. Bit locker is pretty much secure. However,having the drives encrypted leaves this method useless to reset the password.

      Delete
  35. Huge thanks to these tips. One thing to remember is if you get errors when renaming the Windows files in Linux about the drive being Read Only (hibernate/fast boot). Doing a Shut down in the Windows partition when it is in Windows did not allow the drive to be written to for me. What worked for me was to do a RESTART and after it restarted I was able to boot into Puppy and rename the files.

    ReplyDelete
    Replies
    1. You are welcome and yes,it is good point to keep in mind while getting read only error.

      Delete
  36. What a big trick! I solved my problem (I had forgotten the admin password of my Windows 10) in five minutes, after losing two days in other tries and researches.
    Many many thanks!

    ReplyDelete
  37. Hey Guys,
    Did all the swapping , but after startng windows10,and hitting the shift key X-times , nothing happens.. Any tips ?

    ReplyDelete
  38. There is no CMD screen after hitting shift 5-6 times. Any Ideas ?

    ReplyDelete
  39. Hey, I am trying to change the password from a guest account can anyone help me pls, i have no permission for writing on system32. Thanks a lot!

    Sorry for my bad english (I'm dutch)

    ReplyDelete
  40. I need to write on system 32 via a backdoor can you pls help me out?
    I saw video's for windows 7 and they restarted their pc and changed file names in the boot menu there. I need something similar for windows 10
    THANKS A LOT!!

    ReplyDelete
  41. I suppose this won't work if my only account requires the microsoft live password?
    Or can I just somehow activate admin account and enter my files from there?

    ReplyDelete
  42. I turned off fast boot and was able I was able to boot Puppy Linux and mount the windows HDD but when i browse the files a majority of them have cation symbols and give this message when i hover over them. "symbolic link to unsupported reparse point". cmd and sethc are both symbolic links and i can not edit them.

    ReplyDelete
    Replies
    1. Looks like your files are corrupted. Can you login to windows again and check them once?

      Delete
    2. Yeah I can login to Windows and it works fine. I feel like it has something to do with what the admin did to my computer. Is there anyway to change the files from symbolic links?

      Delete
    3. I have even tried with other versions of Linux like Ubuntu and the symbolic links r still there

      Delete
  43. I was able to boot to my puppy linux disc but it looks super artifacted and is replicated 8 times across my screen. How can I fix this?

    Image: http://imgur.com/mODZnoo

    ReplyDelete
  44. Worked great. Swapping the cmd.exe and sethc.exe temporarily and then swapping them back that is. Used the mv command in Linux. Used the window net user commands for password changing. Had to shutdown windows 10 while pressing the shift key to force full boot?.

    ReplyDelete
  45. Worked great. Booted up Linux from dvd. In Linux used the shell to go to the mounted drive /sda1/Windows/System32. Used mv to swap the cmd.exe and sethc.exe files. Had to power down the pc while holding the SHIFT? key to force a proper reboot. Changed the passwords as recommended. Shut down windows again while holding the SHIFT key. Rebooted in Linux again, swapped the files back to original and VIOLA !
    Thanks for the help.

    ReplyDelete
  46. you can use "slitaz" small live cd with graphic desktop and 40 mb size only...

    ReplyDelete
  47. I've used the similar Magnify.exe approach in the past, but that wouldn't work for me in Win10
    This works though, so thanks Mathews :)

    This is how I deal with renaming procedure
    Once in the system32 directory rename the sticky keys exe then copy cmd, you can type a few characters and hit tab to autocomplete, several times even, and shift-tab if you go too far

    ren sethc.exe sethc.exe.old
    copy cmd.exe sethc.exe

    And once you've booted and are in the cmd prompt, you can just activate the Administrator account (net user administrator /active) and reboot
    This is useful when the only user account has an issue, like corrupt registry files that prevent it logging in
    You can create new users via cmd, but to keep it simple, enabling the administrator account then rebooting gets you into Windows quickly and you can create new users or fix corrupt registry files from there
    The administrator password is blank by default

    I just use a Windows (7-10) install CD or USB drive to boot off
    Once the 1st screen comes up, press shift-F10 to get a cmd prompt
    The C: drive can often end up being D:, E:, F: so you may need to go hunting to find the right windows drive/partition


    Cheers :)

    ReplyDelete

 
Top