Jump to content
AtomShards

Windows 10 password crack

Recommended Posts

Hi, i have been working in a computer store for a while and we get computers in with passwords that the user cant remember or they want us to remove the password. I just help out with the store and try my best to learn what i can but my knowledge is limited. We mainly use password cracking methods such as booting off a cd or usb with a cracking program such as offline PW, these work well but we havent been able to find any that are able to crack windows 10. If there is one out there that has been tested and does in fact work that would be awesome news :D But i would also like to learn how to crack these passwords myself, without using a program to do it for me, even just using a different shell such as kali and use the terminal in there or just the cmd on windows. All help is greatly appreciated, thank you.

Share this post


Link to post
Share on other sites

Hi, i have been working in a computer store for a while and we get computers in with passwords that the user cant remember or they want us to remove the password. I just help out with the store and try my best to learn what i can but my knowledge is limited. We mainly use password cracking methods such as booting off a cd or usb with a cracking program such as offline PW, these work well but we havent been able to find any that are able to crack windows 10. If there is one out there that has been tested and does in fact work that would be awesome news :D But i would also like to learn how to crack these passwords myself, without using a program to do it for me, even just using a different shell such as kali and use the terminal in there or just the cmd on windows. All help is greatly appreciated, thank you.

Share this post


Link to post
Share on other sites

Pretty sure this method will work with Windows 10 machines. Only problem you may run into is a disabled Sticky Keys in the registry or something like that (that would only happen with business PCs under Group Policy or Admins that know what they're doing, so general home-use PCs should be fine).

https://www.top-password.com/blog/reset-windows-10-password-with-sticky-keys/

It's a method I've tested on my own machine. Basically what happens is you rename 'cmd.exe' to be the sticky keys program, so whenever you press Shift 5(?) times it runs 'cmd.exe'. This works on the login screen.

Share this post


Link to post
Share on other sites

Windows 10, still uses a SAM file. It also uses a new cached password feature since windows 8 but can't remember how it works, and is more secure(supposedly) on storing of passwords. if you can live boot, you can either dump the hashes from the SAM file and crack offline, or, use tools like chntpw (although haven't tried it on windows 8 and 10, it probably still works). You might need to use a live disc that has UEFI/EFI booting to access the drive properly, but you can always disable in bios to boot legacy thumb drives. Cracking being the long route, changing or blanking it out is probably quicker.

Another thing to try, is boot into safe mode as administrator(if no password was set for the admin account) and change the password from there.

edit: i see you posted this twice now > 

 

You only need post it once, and wait for replies.

Edited by digip

Share this post


Link to post
Share on other sites

Merged topics. Also, you need the SAM and SYSTEM registry hives to crack local accounts. I still haven't figured out where Windows Live login saves the password for offline login checks.

Share this post


Link to post
Share on other sites
19 hours ago, Dave-ee Jones said:

Pretty sure this method will work with Windows 10 machines. Only problem you may run into is a disabled Sticky Keys in the registry or something like that (that would only happen with business PCs under Group Policy or Admins that know what they're doing, so general home-use PCs should be fine).

https://www.top-password.com/blog/reset-windows-10-password-with-sticky-keys/

It's a method I've tested on my own machine. Basically what happens is you rename 'cmd.exe' to be the sticky keys program, so whenever you press Shift 5(?) times it runs 'cmd.exe'. This works on the login screen.

You can get to cmd in many other ways that are extremely more practical, but this could come in use if the other methods are inaccessible.

Share this post


Link to post
Share on other sites

With Windows 8 & 10, are the login resets tied in with windows live now? I don't recall setting up a windows live account with my Windows 8 laptop(in fact I know I didn't), but reading up people saying if you signed up and registered the PC with a Live account, you can reset the PC password from Microsoft directly at https://account.live.com/password/reset which to me, sounds like the owner would have had to setup a live account prior to this to make it work. If that is the case, that is one of the smartest and dumbest things ever, because if anyone managed to dump an MS database that is tied to all windows 8 and later computer logins, that is some stupid shit right there. Who the hell wants their local PC login, tied to an internet account, anywhere?? Really? Anyone ever done this, setup Win 8 or 10 for this?

Share this post


Link to post
Share on other sites
On 9/16/2017 at 10:57 PM, digip said:

With Windows 8 & 10, are the login resets tied in with windows live now? I don't recall setting up a windows live account with my Windows 8 laptop(in fact I know I didn't), but reading up people saying if you signed up and registered the PC with a Live account, you can reset the PC password from Microsoft directly at https://account.live.com/password/reset which to me, sounds like the owner would have had to setup a live account prior to this to make it work. If that is the case, that is one of the smartest and dumbest things ever, because if anyone managed to dump an MS database that is tied to all windows 8 and later computer logins, that is some stupid shit right there. Who the hell wants their local PC login, tied to an internet account, anywhere?? Really? Anyone ever done this, setup Win 8 or 10 for this?

Nope, I would imagine the only people to do that are people who buy a laptop to surf the internet and go "Oh? I need to create an account? Okay then." and just do it. They're usually just end-users who don't know much about computers at all. If they get told it's more secure, it's more secure.

I just click on "Skip section" or whatever that button is on the bottom left (it's more like linked-text that you can barely see, made like that on purpose). But yeah, would be interesting to make a webserver that has a DNS entry pointing to it so it catches all the login requests and sends "YES!" to like all of them, haha.

  • Like 2

Share this post


Link to post
Share on other sites
On 9/17/2017 at 3:54 PM, Dave-ee Jones said:

Nope, I would imagine the only people to do that are people who buy a laptop to surf the internet and go "Oh? I need to create an account? Okay then." and just do it. They're usually just end-users who don't know much about computers at all. If they get told it's more secure, it's more secure.

first timers usually. i get that a lot.

 

Share this post


Link to post
Share on other sites

NT Password and Ophcrack used to be great program to crack Windows login password. However, they fail on the latest Win 10. You can use now create a password reset with other tools (mostly commercial), then use it to crack the password.

The other option is via command prompt or enable the default admin account.

Resources: https://www.tunesbro.com/reset-windows-10-password.html

Share this post


Link to post
Share on other sites

Someone comes in with a Windows 10 PC that they can't remember the password for?

  1. Use the Utilman.exe > cmd.exe trick to get root CMD prompt.
  2. Reset the password for the user you need to log in to.
  3. Create new user.
  4. Log in with new user.
  5. Grab all data the owner of the PC wants to keep.
  6. Wipe machine and reinstall Windows 10 from scratch.
  7. Replace saved data.
  8. Profit.

No need to over-complicate things. The majority of users that forget their Windows password are going to be the kinds of people who only have family photos and save game files (etc.) that they want to keep, which you can pull using the above. Anyone who wants deeply-embedded, admin-only-accessed data will probably not be forgetting their password in the first place.

If you really do need admin login, you can grab the SAM files using the above method and then crack using HashCat/John etc.

Edited by haze1434

Share this post


Link to post
Share on other sites
11 hours ago, haze1434 said:

Someone comes in with a Windows 10 PC that they can't remember the password for?

  1. Use the Utilman.exe > cmd.exe trick to get root CMD prompt.
  2. Create new user.
  3. Log in with new user.
  4. Grab all data the owner of the PC wants to keep.
  5. Wipe machine and reinstall Windows 10 from scratch.
  6. Replace saved data.
  7. Profit.

No need to over-complicate things. The majority of users that forget their Windows password are going to be the kinds of people who only have family photos and save game files (etc.) that they want to keep, which you can pull using the above. Anyone who wants deeply-embedded, admin-only-accessed data will probably not be forgetting their password in the first place.

If you really do need admin login, you can grab the SAM files using the above method and then crack using HashCat/John etc.

Why wipe the machine? If you created a new user, take ownership of the old account/files, and move their files over to the new profile, then nuke the old user profile. I actually do this for people when I fix their machines and they've broken their profile somehow. No need to reinstall everything unless you believe there is malware on it.

  • Upvote 2

Share this post


Link to post
Share on other sites
27 minutes ago, digip said:

Why wipe the machine? If you created a new user, take ownership of the old account/files, and move their files over to the new profile, then nuke the old user profile. I actually do this for people when I fix their machines and they've broken their profile somehow. No need to reinstall everything unless you believe there is malware on it.

Exactly.

Share this post


Link to post
Share on other sites
11 hours ago, digip said:

Why wipe the machine? If you created a new user, take ownership of the old account/files, and move their files over to the new profile, then nuke the old user profile. I actually do this for people when I fix their machines and they've broken their profile somehow. No need to reinstall everything unless you believe there is malware on it.

I'm one of these nutters that wipes their PC more often than they need to :lol:

But yes, good point!

Share this post


Link to post
Share on other sites
15 hours ago, haze1434 said:

I'm one of these nutters that wipes their PC more often than they need to :lol:

But yes, good point!

Mm, you're like scrolling through your installed programs like "what is half of this stuff..what is ALL of this stuff..I really need to clean this.." then proceeds to wipe his PC and start a fresh, then looks at his installed programs - "Ahhhhh." and lays back comfortably, hands behind head. "My work here is done."

  • Like 1

Share this post


Link to post
Share on other sites
2 hours ago, Dave-ee Jones said:

Mm, you're like scrolling through your installed programs like "what is half of this stuff..what is ALL of this stuff..I really need to clean this.." then proceeds to wipe his PC and start a fresh, then looks at his installed programs - "Ahhhhh." and lays back comfortably, hands behind head. "My work here is done."

Except when your PC didn't ship with install media(which most don't these days) and you have to reinstall from the rescue partition, which, puts all the crapware back, to full install.

Share this post


Link to post
Share on other sites
10 minutes ago, digip said:

Except when your PC didn't ship with install media(which most don't these days) and you have to reinstall from the rescue partition, which, puts all the crapware back, to full install.

Yeah but that's when you spend an hour going through the programs list uninstalling all the bloatware and cleaning up the location and adware settings.

Or you just use a Windows install .ISO lying around and use your PC's product key. :)

Share this post


Link to post
Share on other sites
5 hours ago, Dave-ee Jones said:

Yeah but that's when you spend an hour going through the programs list uninstalling all the bloatware and cleaning up the location and adware settings.

Or you just use a Windows install .ISO lying around and use your PC's product key. :)

This.

Wiping my PC is almost an annual spring clean thing for me. I accumulate too much crud, plus it 99.9% guarantees to remove any dodgy stuff that AV didn't pick up.

I like to wear my tin foil hat whilst doing it, too.

Share this post


Link to post
Share on other sites
On 9/26/2017 at 8:04 PM, haze1434 said:

Someone comes in with a Windows 10 PC that they can't remember the password for?

  1. Use the Utilman.exe > cmd.exe trick to get root CMD prompt.
  2. Create new user.
  3. Log in with new user.
  4. Grab all data the owner of the PC wants to keep.
  5. Wipe machine and reinstall Windows 10 from scratch.
  6. Replace saved data.
  7. Profit.

No need to over-complicate things. The majority of users that forget their Windows password are going to be the kinds of people who only have family photos and save game files (etc.) that they want to keep, which you can pull using the above. Anyone who wants deeply-embedded, admin-only-accessed data will probably not be forgetting their password in the first place.

If you really do need admin login, you can grab the SAM files using the above method and then crack using HashCat/John etc.

Thank you i have read up on that but could i not just do a Shift restart and choose to use cmd from there?

Share this post


Link to post
Share on other sites
4 hours ago, AtomShards said:

Thank you i have read up on that but could i not just do a Shift restart and choose to use cmd from there?

What you would be doing, is renaming utilman.exe, to something like utilman.old.exe, and copy cmd.exe, to utilman.exe, after booting off a live boot disc.

Then on reboot, do the shift key to launch utilman, only instead,it will launch the copied cmd.exe in its place, as a system process, and allow you to add users from the command line, etc.

For me, if I am going to be in on a live boot, I'd just change the password, or get konboot, to login without a password and then reset while in.

  • Upvote 1

Share this post


Link to post
Share on other sites
Quote

 

Pretty sure this method will work with Windows 10 machines. Only problem you may run into is a disabled Sticky Keys in the registry or something like that (that would only happen with business PCs under Group Policy or Admins that know what they're doing, so general home-use PCs should be fine).

https://www.iseepassword.com/reset-windows-10-password.html

It's a method I've tested on my own machine. Basically what happens is you rename 'cmd.exe' to be the sticky keys program, so whenever you press Shift 5(?) times it runs 'cmd.exe'. This works on the login screen.

 

Just boot your PC from Windows 10 installation disc, open up the Command Prompt and replace sethc.exe with cmd. Reboot to the login screen and you can access an elevated Command Prompt, and reset your password using the net user command. Or try other free windows password reset tools like ntpassword, ophcrack, john ripper. and more..

 

 

 

Share this post


Link to post
Share on other sites
On 2018/3/12 at 4:29 PM, Jsilly said:

Just boot your PC from Windows 10 installation disc, open up the Command Prompt and replace sethc.exe with cmd. Reboot to the login screen and you can access an elevated Command Prompt, and reset your password using the net user command. Or try other free windows password reset tools like ntpassword, ophcrack, john ripper. and more..

 

 

 

Thanks for your suggestion , i never thought it would be hard to reset passwords , anyway , thanks 

Share this post


Link to post
Share on other sites
7 hours ago, Zamkill said:

Thanks for your suggestion , i never thought it would be hard to reset passwords , anyway , thanks 

That's kind of the point of a password.:rolleyes:

Share this post


Link to post
Share on other sites
On 3/22/2018 at 1:37 AM, barry99705 said:

That's kind of the point of a password.:rolleyes:

Wait.

I thought they were there to make it more interesting for us..?

:blink:

Share this post


Link to post
Share on other sites

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

Loading...

  • Recently Browsing   0 members

    No registered users viewing this page.

×
×
  • Create New...