Ethical hacking and penetration testing

InfoSec, IT, Kali Linux, BlackArch

How to reset a Windows password

Table of contents

What to do if forgot Windows password

In this article, you will learn how to reset a forgotten Windows password.

Forgotten Windows password brings a lot of trouble, first of all, you cannot log in Windows. In addition, if the files on the disks are encrypted with a Windows password, then it is impossible to access (extract or copy) them even if you boot from the LIVE system – in this case there is only one way out – to reset the Windows password.

In this tutorial you will learn:

• how to reset Windows user password
• how to unlock a locked (disabled) Windows user account
• how to escalate user privileges, how to make any Windows user an administrator
• how to add users to group
• how to remove users from group
• how to edit registry of switched off Windows

The algorithm of actions is as follows:

• burn LIVE distribution Kali Linux on a USB flash drive
• disable Secure boot and Fast boot in BIOS
• boot from LIVE system
• reset a forgotten Windows password. Alternative: Activate an Administrator Account
• (if the Administrator was activated) boot as Administrator and change the user password

Each step is described as detailed as possible – you will definitely succeed. We need a USB flash drive with 3 or more Gigabytes, or an external (USB) drive.

The instruction may seem quite voluminous, but it is a 100% working way to log into Windows if you forget the password.

How to burn LIVE Kali Linux image

Go to the official Kali Linux page: https://www.kali.org/downloads/

Find Kali Linux 64-Bit (Live) there and download the torrent.

Now go to the Etcher program website https://www.balena.io/etcher/ and download it:

Plug in your USB flash drive, launch Etcher, select the downloaded Kali Linux LIVE ISO image, then just click the Flash! button and wait for the completion.

How to boot from a flash drive

Now we need the following:

1) disable Secure boot and Fast boot in EFI (BIOS)

2) select a USB flash drive with Kali Linux as the boot disk

Secure boot and Fast boot are only present in EFI – this is such a new BIOS. If you have an ancient computer, then these settings may be missing and you do not need to disable them.

Go into the BIOS – on different laptops and motherboards this can be done in different ways, as a rule, for this at the very beginning of the boot process you need to press the ESC button, or the Delete button, or one of the F* function keys many times. If all else fails, then google to find out how to enter BIOS for your laptop/motherboard model.

Disabling Secure boot and Fast boot is only necessary to boot from a USB flash drive, that is, after resetting the Windows password, these settings can be returned to their original state.

Then, when loading, or in the same place, in BIOS, select the USB flash drive or external drive as the boot disk:

If you see the Kali Linux boot menu, then you have succeeded:

Password Reset Program for Windows

The program we need is called chntpw, it allows ones to change the Windows password, as well as unlock users. This is an open source program, that is, there is no need to fear that it will infect a computer with viruses or something like that. In addition, this Windows password reset program is free.

Modern Linux distributions automatically mount (that is, connect to the system) all disks. But in some cases, the drive is mounted read-only, and the mount points for different drives are different. Therefore, we will do the following:

• we will find a disk with Windows
• unmount (disconnect) it from the system
• run the command to fix possible file system problems
• re-mount it

The advantage of this approach is that:

• the drive will definitely be mounted with write permissions and there will be no other problems
• since we ourselves will choose the mount point, the commands for changing the Windows password can simply be copied – you do not need to change anything in them and substitute your path to the disk.

First run the command:

All disks that are plugged to the computer will be displayed:

Information about disks and their partitions is divided into blocks. Each block begins with the word “Disk:”, in each block the Disk model and the size of the disk are indicated – based on these data, find the disk on which the Windows operating system is installed.

Also, if it is Windows 10, then the “Windows recovery environment”, “EFI System”, “Microsoft reserved”, “Microsoft basic data ” partitions are present.

The arrow on the screenshot points to my Windows drive. We needed to find out the name of the drive and the name of the section “Microsoft basic data”, in my case it is /dev/sdb4. This is the largest partition. Older versions of Windows may have fewer partitions.

Now you need to run a command of the form in which PARTITION replace with your value:

My partition is /dev/sdb4 then the command is as follows:

Now you need to run a command of the form:

My partition is /dev/sdb4 then the command is as follows:

There is no need to change anything in this command:

In the following command, again use your PARTITION value:

Now the most important phase in this tutorial is to make a backup copy of the SAM file in case something goes wrong.

Two backup copies of this file will be located in C:/Windows/System32/config/SAM.bak and C:/SAM.bak.

Then run this command:

The command is long, so use auto-completion, press the TAB key.

This command displayed a list of users:

We will slightly correct the skewed table:

I want to recover the password of a Windows user named ShareOverlord. Also note that in the system there is an Administrator user, but he is disabled/locked (dis/lock).

The main thing we need to know about the Administrator user:

• he can reset the password of any user
• no password is set for it by default!
• we can activate this user.

So, we have two options: 1) reset the password for any user. Unfortunately, this option does not always work at present – sometimes it turns out to reset the password, and sometimes not. If you do as written here using ntfsfix to prepare the disk, you usually get to reset the password on Windows 10. From Windows to version 8.1 there should not be any problems at all. 2) Activate the Administrator and delete the password of any user through Administrator account.

How to reset Windows 10 user password

To reset the user password, run a command of the form:

For example, I want to reset the password for the user ShareOverlord:

We received the following information about this user:

The following menu is available for selection:

1 — Clear (blank) user password

(2 — Unlock and enable user account) [seems unlocked already]

3 — Promote user (make user an administrator)

4 — Add user to a group

5 — Remove user from a group

q — Quit editing user, back to user select

Choose 1.

If everything went fine, then the inscription “Password cleared!” Should appear.

Now to save the changes, type

and then press to confirm:

Everything is ready – you can reboot into Windows and try to log in without a password.

If this method fails (Windows user password is still required), then activate the Administrator user account. This can be done immediately, before rebooting. If you do not need this account, you can turn it off again.

How to activate admin user in Windows 10

To unlock the Administrator, run the following command:

Please note that the username may not necessarily be “Administrator”, in different OS languages, the username is different.

Now we select menu item 2:

If everything went well, the message “Unlocked!” will appear.

In addition the second menu item is changed to:

To exit, do not forget to confirm the saving of the changes made:

Let’s check user information again:

Now the Administrator user is unlocked:

I managed to remove the user password:

Even if something went wrong, now the Administrator is in the list of users, we use this account to log in:

Since this account is logged in for the first time, we are waiting a bit:

This is normal for the first launch of any user:

After you have logged in as Administrator, use the next command to list all user accounts:

Enter the following command to change the user account password. Replace “MiAl” with the name of Windows account, and “123” with the new password:

Conclusion

The working methods of password reset for Windows 10 are considered. All programs are free.

In the next part, we will analyze the advanced abilities of chntpw and get acquainted with the SAM (Security Account Manager) file, which stores the registry branch of Windows with information about User accounts, Passwords, Groups, and so on.

Reset windows password with kali

Have you ever forgotten your Windows Vista administrator password? Well, there is nothing worse than forgetting your Windows password when you have a great deal of work to do in your computer. In order to log on your computer, you may try your guest account, but you could not download or install programs on your computer in this account. In this case, how to reset Windows Vista admin password. assword has been used everywhere and according to the safety experts, they are most important part of the online world.

Great article thanks for information Reset Windows XP Admin Password

thanks for the sharing spirit bro keep it up

Your web content and your website is awesome i will appreciate you if you look this website: itprohelps

Your web content and your website is awesome i will appreciate you if you look this website: IT PRO HELPS- itprohelps

Wow! One of the great blog post on internet you should write some more content like this i will read your all the future post you can read my blog here Fix Malwarebytes Unable to Connect the Service

If you are in need of financial Help, don’t hesitate to place order for deserve Programmed card that can withdraw any amount limit you want. Deserve Card are very transparent and easy to deal with. You can Purchase Deserve card that can withdraw up to $50,000 to $100,000 limit without being detected because of the programming of the card. I’m extremely grateful to them for being honest with their words and delivering the card to me. This is the third day of receiving the card and i have withdraw $9,500 from the Deserve Programmed Card. I tried purchasing the card previously from someone else, but it never arrived until i tried skylink technology for those in need of more money, you can also contact them. you can place order for the card Via whatsapp/telegram +1(213)785-1553 or their E-mail: skylinktechnes@yahoo.com

GET RICH WITH BLANK ATM CARD . Whatsapp: +18033921735

I want to testify about Dark Web blank atm cards which can withdraw money from any atm machines around the world. I was very poor before and have no job. I saw so many testimony about how Dark Web hackers send them the atm blank card and use it to collect money in any atm machine and become rich. ( darkwebblankatmcard@gmail.com ) I email them also and they sent me the blank atm card. I have use it to get 90,000 dollars. withdraw the maximum of 5,000 USD daily. Dark Web is giving out the card just to help the poor. Hack and take money directly from any atm machine vault with the use of atm programmed card which runs in automatic mode.

Email: darkwebblankatmcard@gmail.com
Text & Call or WhatsApp: +18033921735

i want to shear a life changing story with everyone who cares to read this testimony. Blank atm cards are real and are effective all over the world. i live in SPAIN . I got this card fromI [skylink technology] a month ago. this card has really help me pay my debts and now i am free from all financial problems. I no this is hard to believe , but i never knew there was this kind of card until i got one. This card withdraw more than €6000 daily and it is very easy to use. But you have to be very careful in other not to be caught by the police because it is illegal. If you want more information on this card and how to get one just contact the hackers by this address . skylinktechnes@yahoo.com or whatsapp/telegram +1(213)785-1553

Hello everyone, Are you looking for a professional trader, forex and binary manager who will help you trade and manager your account with good and massive amount of profit in return. you can contact MR. CARLOS ELLISON for your investment plan, for he helped me earned 12,000usd with little investment funds. Carlos Ellison you’re the best trader I can recommend for anyone who wants to invest and trade with a genuine trader, he also helps in recovery of loss funds..you can contact him on his Email: carlose78910@gmail.com
Via whatsapp: (+12166263236)

I advice you shouldn’t hesitate. He’s great.

Hello everyone I want to introduce you guys to a group a private investigators who can help you with information you need in any situation in life and they are ready to follow you step by step until your case is cleared just contact +17078685071 and you will happily ever after