Concept
When we Press shift key 5 times a sticky key dialog box shows up.This works even at the logon screen. But If we replace the sethc file which is responsible for the sticky key dialog box ,with cmd. (command prompt ), and then press shift key 5 times at logon screen .we will get a command prompt with administrator privileges because no user has logged on. From there we can hack the administrator password or create a new user with admin privileges
Things we Need :-
Things we Need :-
1. Bootable Linux distro .In this tutorial i will be using backtrack If you don't know
how create a bootable Linux distro you can refer my previous
article How To Make a Bootable Backtrack CD / USB
how create a bootable Linux distro you can refer my previous
article How To Make a Bootable Backtrack CD / USB
Procedure to Hack windows Administrator passwords Using Stick keys
1. First plug in your Bootable Linux distro CD or USB then restart your computer and
go to boot menu by pressing ( f12 or del key ) now select your booting device as CD/USB accordingly
2. After booting with your Linux distro open a new terminal mount the hard disk and navigate to c:/windows/system32 and copy cmd (command prompt) and rename it as sethc
3. Now copy /past the new sethc to c:/windows/system32,when asks for overwriting the file click yes.
4. Now reboot and remove your usb/cd . Now when your in the logon screen press shift key 5 times Instead of Sticky Key confirmation dialog box ,command prompt with full administrator privileges will open.
5. Now you can change the password of the administrator account or add a new user using the following commands
Example :
"Net user administrator 123 " where 123 is the password or you can add a new user
"Net user hackaholic /add " where hackaholic is the name of the user
6. You can also hide the newly created account by going to registry editor by click run and entering regedit
Now navigate to [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\ WindowsNT\CurrentVersion\Winlogon\SpecialAccounts\UserList] Here create a new DWORD value, write its name as the “user name” that you created for your account
By this way we are able to hack windows admin accounts successfully .If you have any doubts please feel free to post a comment
what is a dword value? how do i add that or what kind of value is it? Please provide an example.
REPLY@Anonymous
after navigating to [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WindowsNT\CurrentVersion\Winlogon\SpecialAccounts\UserList]
simply right click in empty space now select new ---> dword value and enter the "user name" once this done the newly created user account will be hidden
i request you to use Ur name instead of anonymous
thnks for your methods ...
REPLYnice, ill test it @school
REPLY@hrushikesh ,Anonymous
Thanks for your comments keep visiting
Hi
REPLYI'm currently testing this tutorial;
Everything works as it should do.
To my question:
In the last paragraph of your tutorial you wrote sth. about hiding the new administrator account.
If I hide the account; it won't be displayed on the logon screen, right?
How can I get access to now?
@jan
press Ctrl + Alt + Del twice when u are in the login screen , Now u will be able to see all the Hidden accounts that u created
I will try it soon
REPLYi didn't get your 2,3 steps. can you explain one more step by step.
REPLYif it could be possible please upload the tutorial for this ......how to hack with stick key
REPLYGreat Method man... I used ophcrack instead of Backtrack to gain entry to the system files...
REPLYWill this work in XP? i mean everything except creating new user account and changng administrator password workd.. Can u create account and change password in XP ??
REPLYa video would be useful
REPLYcan u post a vid plz, and email me when u reply to this thanks
REPLY@Elijah Dsouza
I will try to post a video of this
It works on all editions of windows xp and above and is really simple to, as most admins don't block bios
REPLYHello!
REPLYThis is really helpful and easy !
Is there any way to make it 100% invisible , yet, still accessible .
So that the I.T dept doesnt see it through the normal way of viewing user accounts through permissions e.t.c
good tutorial..
REPLYi am not able to copy & Paste or rename any file name in the system 32, a error message saying admin password is needed to do that.
REPLY@allen lai
If this is not working for you, Then please try the other methods (on "how to hack Windows Password") explained in our blog
I'm able to rename sethc.exe by going to "my computer" then Local Disk/WINDOWS/System32 without any software, its just there. On Monday i'll try to log in as Admin
REPLYmy schools uses novel loging is there a way to bybase that tyo log on as admin
REPLYthanks for the help in advance
Use the form below to comment. No spam please!!!