How to Remove/Bypass Windows 7 Admin password

CygnusH33L
11 years ago

4

Tools needed;

Windows 7 with password protected admin account
Kon Boot V2
Trinity Rescue Kit

This Tutorial is aimed at people who have forgotten their password or have been locked out of their account by a family member or friend. (I do not condone illegal use :D)
The most common methods of accessing Windows 7 admin accounts are to remove the passwords or simply bypass them. There are many methods available to achieve this but each with varying degrees of difficulty. I will be showing you two methods which I use, I feel these methods are simple enough for novices, The simpler the better :)

Using Kon Boot to bypass the password

First I will be showing you how to bypass the password and use the admin account. I find this useful if your family members or friends have set passwords on the admin accounts and you dont want it to be too obvious you gained access. To do this I will be using Kon Boot V2 (The latest version of Kon Boot works with Windows 8 too).

The OS is Windows 7 Home Premium 64 bit, however this will work with any Windows 7 OS. I have two user accounts set up to test with, one called Admin which is a password protected admin account, the other is called Standard and is a standard user with no password.
Image

Once you have downloaded Kon Boot, create a Kon Boot CD or USB. Tutorials. Then insert the USB or CD to the PC/Laptop and reboot. If the USB/CD was set up correctly you should see Kon Boot after your BIOS splash screen. (If you don’t make sure you boot from the CD/USB, check your boot/BIOS options).
Image

Windows should then continue to boot normally, once booted click on the admin account and leave the password field blank. You should now be logged in as the admin user, from here you can install software or manage other accounts for example; changing your account to admin rather than a standard user. When you have finished whatever it was you wanted to achieve eject the CD or USB and reboot. The original password will be back on the admin account :D

[vimeo]58780764[/vimeo]

Using Trinity Rescue Kit to remove the Admin user password

Trinity Rescue Kit is a great tool. With this tool you can do many things (theres a sum up of what can be done on their homepage). For this tutorial we are only interested in the winpass tool, this used to be harder to use than it is now but the TRK developers have been working hard over the years to make it as simple as possible, I personally love it :D if you do to consider donating to let them know you appreciate their work.

This method is suited to users that have forgot their password or have had it changed by a family member or friend.

I will be using the same set up as in the Kon Boot section of this article. (Windows 7 Professional 64bit with two users, one Admin with a password and one standard user without a password).

There are two downloads that they offer, one is the self burning TRK (exe) and the other is the ISO image which can be burned to disk using MagicISO.

Once you have your TRK CD insert it into the PC/Laptop, take note of the Admin accounts username (in this tutorial it’s admin) and reboot. (Remember to check you are booting from CD)

At the TRK boot screen tap Enter to run TRK in the Default Mode
Image

At the next screen select windows password resetting
Image

Now select winpass with prompt for username first
Image

Now enter the Admins username (in this case Admin) and press enter
Image

TRK will now list the available Windows partitions, Select the current Windows partition (where windows is installed) and press enter
Image

You should now see all the users that are associated with the Windows 7 OS. Enter the number of your choice, for this tutorial we are removing the password so the option we want is 1.
Image

Now press any key then select go back to the main menu then choose reboot without ejecting CD/USB and eject the CD when the computer has shutdown, once it has rebooted you should be able to click on the admin user and log in without being prompted for a password.

[vimeo]58780766[/vimeo]

I hope this helps others who need to remove Windows passwords.

37replies
36voices
990views
11images

0

nice tut , thanks

Reply has been removed
Diaz
11 years ago

0

my time is coming when i shall rule

Pete Maynard [Osaka]
11 years ago

0

Thank you CygnusH33L for Kon Boot. A nice simple way.

[deleted user]
11 years ago

0

pawca - Your link has been removed. Thanks CygnusH33L for the tut. You are right. Ive used Kon Boot V2
Trinity Rescue Kit my self. Handy little tool. Hi Osaka not heard from you in a while mate. Hope all is well?? :)

Gremall
11 years ago

0

Thanks for the tut, very useful! ;)

menacek04
11 years ago

0

This is certainly easier than other methods I have had to use in the past.
Thanx Cygnus!

? [djsimon21]
11 years ago

0

I made a programme a few years ago that if you forget password or need to get access to computer when has win password it just boots from cd or pen drive and return the win passwords on the computer. :)

[IAmDevil]
11 years ago

0

just use KONBOOT !!!!!

[IAmDevil]
11 years ago

0

its easier !!!!
with no system harm !!!

? [djsimon21]
11 years ago

0

Yes that is a nice little tool too IAmDevil :)

? [djsimon21]
11 years ago

0

and very easy to use and free :)

rakester
11 years ago

0

Here is another windows 7 password reset utility from AppGeeker which may help. You will need another computer to create an password reset disk which you can then boot your computer to make the fix.

I have ever used it, works pretty good.

___
11 years ago

0

USB Grabber 3.0 set it to steal the SAM files and from there crack them on your own time.

DaGr8Kornolio
11 years ago | edited 11 years ago

0

Nice tutorial. Thanks @CygnusH33L! I really like the way Kon Boot does it. Do you know how it works? Does it simply replace the SAM file temporarily and put it back when you are done?

For people that can’t boot from a CD or USB key to restore their lost password… ;) Give a look at this tutorial :

Thanks to @guuf for pointing this in How secure is system32.

Happy hacking!
DaGr8

Alien [StRe1cHeR]
11 years ago

0

That is nice tool , thnx ;)

CygnusH33L
11 years ago

0

DaGr8Kornolio I’m not to sure how it does it, I don’t believe Kon Boot modifies any system files but more the system code (or the files as they are loaded into the RAM). I think Kon Boot works more like a Bootkit/Rootkit. Only thing I can find that makes sense is this, cert-ist.com. If anyone else knows how Kon Boot really works I’d be interested in knowing :D

jayssj11
11 years ago

0

nice tut !! kon boot is nice

DaGr8Kornolio
11 years ago

0

More info…

[quote=http://piotrbania.com/all/kon-boot/index2.html#free]Kon-Boot is an application which will silently bypass the authentication process of Windows based operating systems (both 32-bit and 64-bit). Kon-Boot modifies the system kernel while it boots, changes are made temporary only. Rebooting the machine will restore the original contents of Windows kernel and its corresponding authentication procedures.[/quote]

[quote=http://www.cert-ist.com/eng/ressources/Publications_ArticlesBulletins/Veilletechnologique/bootkits/]In general, bootkits basically hook the 0x13 interruption routine that is usually provided by the BIOS of the computer. The role of this routine is to read sectors from the hard disk and to load them into a given location in RAM memory. By hooking this routine, bootkits such as Kon-boot or Vbootkit modify directly the code of the operating system when it is copied into main memory, just before its execution.
[…]
Considering the current design of the PC architecture, there is no miracle drug which would allow administrators to protect systems against these pre-boot attacks. In particular, when an operating system is at the early stage of its boot process, it has no technical way to check the integrity of the low-level routines it uses to access the hardware, since it directly depends on these low-level routines. In other words, it necessarily has to rely on the state in which the computer is.
[/quote]

Mitigating the risk (don’t forget we are white hat! ;) )

[quote=http://www.cert-ist.com/eng/ressources/Publications_ArticlesBulletins/Veilletechnologique/bootkits/]
[] Set a password at the hard disk level (ATA password): this may be done from the BIOS and will prevent malicious persons from booting the operating system that is installed on this hard disk. Most modern hard disks seem to provide this feature.
[
] Disable USB/Firewire booting of the system: it will prevent the use of external disks.
[] Change the boot order to prevent (or disable) booting from CD/DVD ROM drives.
[
] Disable network booting of the system (PXE boot).

A more robust solution might be to use a whole disk encryption application, particularly because these kinds of software provide a pre-boot authentication without which the disk contents can not be decrypted. [/quote]

By the way, did you use the free version of Kon Boot?

Thanks,
DaGr8

CygnusH33L
11 years ago

0

I used Kon Boot 2.0 (commercial version). You can get it through torrents, but if I like/use something a lot then I’m happy to pay for it. I use torrents mainly as a try before you buy :P Thanks for the extra information on how it works, I was on the right track :)

*********** [ADIGA]
11 years ago

2

The method i use is:
1- boot a linux live cd, browse to the windows directory on the hdd.
2- rename utilman.exe to any other name
3- copy cmd.exe and rename the copy utilman.exe
4- reboot

when presented with the login screen i click on the utilities icon, i get cmd as administrator

use cmd to change the password of what ever username :)

helen_abdalla
11 years ago

0

After booting my Windows 8 pc from Kon-Boot, the system still says “password is incorrect”. Eventually I removed my forgotten password using PCUnlocker. Thank you any way!

bettylost
11 years ago | edited 11 years ago

0

I have ever bypass forgotten Win 7 administrator password by following this video guide: ">How to Bypass Windows 7 Password?

tangguo
11 years ago

0

Here is another helpful post guide on Windows 7 password reset: How to Break Windows 7 Password?

[deleted user]
11 years ago

0

Simply use Hirens Boot CD and use the password reset option ;)
Hirens Boot CD also got Konboot and many other tools implemented on the disc.

http://www.hirensbootcd.org

But I would recommend trying to remotely get access to the password or remotely be able to get access :)
but that is not what this topic is about hehe.

Thanks for the awesome guide mate ;)
Many might find it useful!

Reply has been removed
hungba193
10 years ago

0

thanks for shared

Markb2
9 years ago | edited 9 years ago

0

Kon-Boot is a good tool. It even has a version for OSX, which is awesome in my opinion. If you want to remove the password, an alternative the already mentioned ways is execute the “utilman hack” via a linux live cd. Works everytime..

Edit: I see ADIGA already mentioned the utilman hack.. My bad

Codner
7 years ago

0

Just use the command prompt for windows. Type in *net user administrator ** and for security reasons you can’t see the password you type in

LKRX
7 years ago

0

If it is a regular account then it can be cracked easily just as Codner or it is a online admin account hen it takes herder to Bypass.

Smyler [WHGhost]
7 years ago

0

The local Administrator account exists in all Windows 7 (or later), but can be disabled.

Z3R074
7 years ago | edited 7 years ago

0

I have used trinity a few times on a usb and Hirens boot cd. Ophcrack is good, I last used it on a clients laptop and it took 6 sec to recover the password

Danish776
7 years ago | edited 7 years ago

0

[quote=author]Now press any key then select go back to the main menu then choose reboot without ejecting CD/USB and eject the CD when the computer has shutdown, once it has rebooted you should be able to click on the admin user and log in without being prompted for a password.
[/quote]

You should be able to then make a local administrator account that you can use to access your computer when you restart back into normal boot mode. (remember the local administrator account is disabled in normal boot mode that is why I suggest making another account with admin privileges).

Use your new local account to migrate all your documents over, make a NEW Microsoft Account if you wish to do so, then convert your local profile to use a Microsoft Account.

If when you boot in to safe mode you cannot login to the Administrator account because it has a password or you’ve forgotten it, then you’ll want to use something like iseepassword windows password recovery to reset it. (don’t think this will work on your MSA account you’ve forgotten the password to though).
source: https://www.iseepassword.com/how-do-i-unlock-my-computer-password.html

Codner
7 years ago

0

Why not just reboot your computer and at the computer logo page just keep pressing F8 until the safe mode prompt shows up
Image/about/safe-mode-windows-7-2-58070bd23df78cbc28bd478f.jpg)
and choose “safe mode with command prompt”
then enter “net user (the account of your choice) * ” without the quotations
Image
OR Image

im not sure about the “net user administrator /random” command

Codner
7 years ago

0

but is there anyway to get kom-boot free? thx :p

Reply has been removed
proxy_chainer
7 years ago

0

net user administrator * …. for the most random situation :) or… yes konboot nice and smooth but you need to have it and makeit bootable…this method 5 minutes

4 replies have been removed

0

Breaking the Windows password is very easy, and Adana needs all this, but thanks for this information CygnusH33L

dimooz
6 years ago

1

I use UBCD for a while now. It works like a charm and it’s free.

Jazillly
5 years ago

0

Sometimes there are special needs, and I hope to find the password. Retrieving your password is a lot more troublesome. Here I have to explain: there is a certain probability to retrieve the password. It cannot be retrieved in percent. Generally, simple passwords are easier, and complicated ones are hard to say.

First consider bypassing the password and entering the windows through the konboot software. After entering the system, use an tool called mimikatz. It only takes two simple lines of code to find out the current Windows password. I tested here xp 2003 win7 win8 win10 system can quickly get it.

source:
https://www.passcue.com/windows-10-password-reset.html
https://www.lifewire.com/offline-nt-password-and-registry-editor-review-2626147
https://www.bestwindowspasswordreset.com/

You must be logged in to reply to this discussion. Login
1 of 38

This site only uses cookies that are essential for the functionality of this website. Cookies are not used for tracking or marketing purposes.

By using our site, you acknowledge that you have read and understand our Privacy Policy, and Terms of Service.

Dismiss