Jump to content
Sign in to follow this  

Windows account password hack/recovery [All versions]

Recommended Posts

You forgot the password or maybe you want to sniff where you shouldn't? No problem! Microsoft is here to help you.
An old school trick, old as oldest Windows, still remains unfixed even on most modern Windows available, Windows 10. No, it's not even fixed in anniversary update (10.0.14393).... 

It's major security flaw, very easy to exploit, and users can't do ANYTHING to prevent, except mechanically locking their computer. (Nor that is bulletproof)

To make things even worse, no versions of Windows are secure, not even Windows Server editions! What a shame, Windows Server edition should be hardest to exploit, yet an old school trick will break it just as easy. Of course, that trick will hardly work from remote, but if you have psychical access, you're already in. 
Imagine hacking corporate server... Or your school servers.... Yeah, yeah, I know, it's not always easy to approach those machines, but believe me, I seen them easy to access on so many places. 

Your account at work place is limited? Use this method to hack admin password.

There is just one problem with using this method: You will not get to know password, you will reset it to whatever you like, even a blank password, so this method is not stealth. If you hack admin account on corporate server, they will probably go alert as soon as admin fails to login... Good thing is that you can always cover your tracks. If someone seen you, then you're probably screwed, but don't kill the witnesses! It's not worth it. 


Before we proceed, disclaimer

Following this tutorial is fully on your own responsibility. So if you get in jail, kill your cat, crash your car or whatever, it's ONLY YOUR responsibility.

So how do we do it?

You will need:

  1. Linux live distribution (One you can boot and use right ahead)
    How to
  2. CD/DVD, USB or any other media where you can put your OS from step 1. 
    For security concerns, would be wise to use an untraceable media, like CD/DVD which you can easily discard. Any USB drive may leave trace of it's serial number on affected machine, and it may lead directly to you (not always the case, but at least hide well)! 
    How to
  3. Machine you're going to use this on must allow you to boot CD/DVD/USB.
    Locked BIOS may be a problem, but if you have privacy and time, you can open machine and remove CMOS battery so BIOS configuration as well as password gets wiped clean
  4. Brain and common sense


  1. Before we begin, turn off properly Windows PC. Properly means Shut down. No hibernation. Hard power off may be option also, if you don't care about possible consequences that may have on PC (data corruption, disk failure), although serious consequences are rather very rare.
  2. Once your booted Linux live, go to file manager, and mount/open disk drive where Windows is located. If Linux won't mount or complains that drive is in unsafe state, then open terminal and type:
    sudo fdsik -l
    sudo mount -o force /dev/sdX /mnt 

    Make sure to change sdX to whatever identifier Windows partition has. You'll get that info with first command.

  3. Locate file Utilman.exe
  4. Rename it to Utilman0.exe 
  5. Duplicate/copy cmd.exe and rename it's copy to Utilman.exe
  6. Shutdown linux
  7. Boot windows
  8. At the logon screen press Win + U
  9. Command prompt will appear. Type:
    net user YourOrVictimsPreciousUsername newpassword

    Instead on newpassword you can leave blank, then Windows will ask for new password and you don't have to type in anything which Windows will treat as no password.

  10. Now boot back to Linux, repeat all the steps until step 3.

  11. Locate and delete Utilman.exe

  12. Locate and rename Utilman0.exe to Utilman.exe 

  13. Done!

What we done? We swapped  accessibility menu which is available at logon with command prompt (cmd.exe). That way when we press Win + U, we trick windows into executing elevated permissions(administrator) command prompt.

Instead of linux, there are also other methods to boot and do steps we did, but this one is tested.

There is also tool called chntpw which is available as standalone bootable image or as a tool for Linux. It's much simpler, however I discourage use of it as it doesn't support all versions of Windows and also it may damage/affect other user accounts. 



  • If you know how to use Linux terminal, all above steps could be done in half of the time.
  • If Utilman.exe method doesn't work, eg. keyboard doesn't have Win button, you can do all the steps, but instead of hacking Utilman.exe use sethc.exe. Then on logon screen repeatedly press Shift until command prompt appears. sethc.exe is application executed upon annoying Sticky key(shift) function. If sticky key is disabled, this not gonna work, but you could theoretically swap command prompt with any other application which is bind to some key combo.


Happy hacking!



Share this post

Link to post
Share on other sites

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

Sign in to follow this  

Elite7Hackers Netwok

Hack the imagination!

Support and inquiries

Open support ticket here or email us at [email protected]


Highlighted/recommended lights

  • Create New...

Important Information

By using this site, you agree to our Privacy Policy and Terms of Use.