nice tut , thanks

my time is coming when i shall rule

Thank you CygnusH33L for Kon Boot. A nice simple way.

pawca - Your link has been removed. Thanks CygnusH33L for the tut. You are right. Ive used Kon Boot V2
Trinity Rescue Kit my self. Handy little tool. Hi Osaka not heard from you in a while mate. Hope all is well?? :)

Thanks for the tut, very useful! ;)

This is certainly easier than other methods I have had to use in the past.
Thanx Cygnus!

I made a programme a few years ago that if you forget password or need to get access to computer when has win password it just boots from cd or pen drive and return the win passwords on the computer. :)

just use KONBOOT !!!!!

its easier !!!!
with no system harm !!!

Yes that is a nice little tool too IAmDevil :)

and very easy to use and free :)

Here is another windows 7 password reset utility from AppGeeker which may help. You will need another computer to create an password reset disk which you can then boot your computer to make the fix.

I have ever used it, works pretty good.

USB Grabber 3.0 set it to steal the SAM files and from there crack them on your own time.

Nice tutorial. Thanks @CygnusH33L! I really like the way Kon Boot does it. Do you know how it works? Does it simply replace the SAM file temporarily and put it back when you are done?

For people that can’t boot from a CD or USB key to restore their lost password… ;) Give a look at this tutorial :

Thanks to @guuf for pointing this in How secure is system32.

Happy hacking!
DaGr8

That is nice tool , thnx ;)

DaGr8Kornolio I’m not to sure how it does it, I don’t believe Kon Boot modifies any system files but more the system code (or the files as they are loaded into the RAM). I think Kon Boot works more like a Bootkit/Rootkit. Only thing I can find that makes sense is this, cert-ist.com. If anyone else knows how Kon Boot really works I’d be interested in knowing :D

nice tut !! kon boot is nice

More info…

[quote=http://piotrbania.com/all/kon-boot/index2.html#free]Kon-Boot is an application which will silently bypass the authentication process of Windows based operating systems (both 32-bit and 64-bit). Kon-Boot modifies the system kernel while it boots, changes are made temporary only. Rebooting the machine will restore the original contents of Windows kernel and its corresponding authentication procedures.[/quote]

[quote=http://www.cert-ist.com/eng/ressources/Publications_ArticlesBulletins/Veilletechnologique/bootkits/]In general, bootkits basically hook the 0x13 interruption routine that is usually provided by the BIOS of the computer. The role of this routine is to read sectors from the hard disk and to load them into a given location in RAM memory. By hooking this routine, bootkits such as Kon-boot or Vbootkit modify directly the code of the operating system when it is copied into main memory, just before its execution.
[…]
Considering the current design of the PC architecture, there is no miracle drug which would allow administrators to protect systems against these pre-boot attacks. In particular, when an operating system is at the early stage of its boot process, it has no technical way to check the integrity of the low-level routines it uses to access the hardware, since it directly depends on these low-level routines. In other words, it necessarily has to rely on the state in which the computer is.
[/quote]

Mitigating the risk (don’t forget we are white hat! ;) )

[quote=http://www.cert-ist.com/eng/ressources/Publications_ArticlesBulletins/Veilletechnologique/bootkits/]
[] Set a password at the hard disk level (ATA password): this may be done from the BIOS and will prevent malicious persons from booting the operating system that is installed on this hard disk. Most modern hard disks seem to provide this feature.
[] Disable USB/Firewire booting of the system: it will prevent the use of external disks.
[] Change the boot order to prevent (or disable) booting from CD/DVD ROM drives.
[] Disable network booting of the system (PXE boot).

A more robust solution might be to use a whole disk encryption application, particularly because these kinds of software provide a pre-boot authentication without which the disk contents can not be decrypted. [/quote]

By the way, did you use the free version of Kon Boot?

Thanks,
DaGr8

I used Kon Boot 2.0 (commercial version). You can get it through torrents, but if I like/use something a lot then I’m happy to pay for it. I use torrents mainly as a try before you buy :P Thanks for the extra information on how it works, I was on the right track :)

The method i use is:
1- boot a linux live cd, browse to the windows directory on the hdd.
2- rename utilman.exe to any other name
3- copy cmd.exe and rename the copy utilman.exe
4- reboot

when presented with the login screen i click on the utilities icon, i get cmd as administrator

use cmd to change the password of what ever username :)

After booting my Windows 8 pc from Kon-Boot, the system still says “password is incorrect”. Eventually I removed my forgotten password using PCUnlocker. Thank you any way!

I have ever bypass forgotten Win 7 administrator password by following this video guide: ">How to Bypass Windows 7 Password?

Here is another helpful post guide on Windows 7 password reset: How to Break Windows 7 Password?

Simply use Hirens Boot CD and use the password reset option ;)
Hirens Boot CD also got Konboot and many other tools implemented on the disc.

http://www.hirensbootcd.org

But I would recommend trying to remotely get access to the password or remotely be able to get access :)
but that is not what this topic is about hehe.

Thanks for the awesome guide mate ;)
Many might find it useful!

thanks for shared

Kon-Boot is a good tool. It even has a version for OSX, which is awesome in my opinion. If you want to remove the password, an alternative the already mentioned ways is execute the “utilman hack” via a linux live cd. Works everytime..

Edit: I see ADIGA already mentioned the utilman hack.. My bad

Just use the command prompt for windows. Type in *net user administrator ** and for security reasons you can’t see the password you type in

If it is a regular account then it can be cracked easily just as Codner or it is a online admin account hen it takes herder to Bypass.

The local Administrator account exists in all Windows 7 (or later), but can be disabled.

I have used trinity a few times on a usb and Hirens boot cd. Ophcrack is good, I last used it on a clients laptop and it took 6 sec to recover the password

[quote=author]Now press any key then select go back to the main menu then choose reboot without ejecting CD/USB and eject the CD when the computer has shutdown, once it has rebooted you should be able to click on the admin user and log in without being prompted for a password.
[/quote]

You should be able to then make a local administrator account that you can use to access your computer when you restart back into normal boot mode. (remember the local administrator account is disabled in normal boot mode that is why I suggest making another account with admin privileges).

Use your new local account to migrate all your documents over, make a NEW Microsoft Account if you wish to do so, then convert your local profile to use a Microsoft Account.

If when you boot in to safe mode you cannot login to the Administrator account because it has a password or you’ve forgotten it, then you’ll want to use something like iseepassword windows password recovery to reset it. (don’t think this will work on your MSA account you’ve forgotten the password to though).
source: https://www.iseepassword.com/how-do-i-unlock-my-computer-password.html

Why not just reboot your computer and at the computer logo page just keep pressing F8 until the safe mode prompt shows up
/about/safe-mode-windows-7-2-58070bd23df78cbc28bd478f.jpg)
and choose “safe mode with command prompt”
then enter “net user (the account of your choice) * ” without the quotations

OR

im not sure about the “net user administrator /random” command

but is there anyway to get kom-boot free? thx :p

net user administrator * …. for the most random situation :) or… yes konboot nice and smooth but you need to have it and makeit bootable…this method 5 minutes

Breaking the Windows password is very easy, and Adana needs all this, but thanks for this information CygnusH33L

I use UBCD for a while now. It works like a charm and it’s free.

Sometimes there are special needs, and I hope to find the password. Retrieving your password is a lot more troublesome. Here I have to explain: there is a certain probability to retrieve the password. It cannot be retrieved in percent. Generally, simple passwords are easier, and complicated ones are hard to say.

First consider bypassing the password and entering the windows through the konboot software. After entering the system, use an tool called mimikatz. It only takes two simple lines of code to find out the current Windows password. I tested here xp 2003 win7 win8 win10 system can quickly get it.

source:
https://www.passcue.com/windows-10-password-reset.html
https://www.lifewire.com/offline-nt-password-and-registry-editor-review-2626147
https://www.bestwindowspasswordreset.com/