Ever wanted to hack your college pc with guest account/student account so that you can download with full speed there ? or just wanted to hack your friends pc to make him gawk when you tell your success story of hacking ? well,there is a great way of hacking an administrator account from a guest account by which you can reset the administrator password and getting all the privilages an administrator enjoys on windows..Interested ? read on
Concept
Press shift key 5 times and the sticky key dialog shows up.This works even at the logon screen. But If we replace the sethc.exe which is responsible for the sticky key dialog,with cmd.exe, and then call sethc.exe by pressing shift key 5 times at logon screen,we will get a command prompt with administrator privilages because no user has logged on. From there we can hack the administrator password,even from a guest account.
Prerequisites
Guest account with write access to system 32.
Here is how to do that -
- Go to C:/windows/system32
- Copy cmd.exe and paste it on desktop
- rename cmd.exe to sethc.exe
- Copy the new sethc.exe to system 32,when windows asks for overwriting the file,then click yes.
- Now Log out from your guest account and at the user select window,press shift key 5 times.
- Instead of Sticky Key confirmation dialog,command prompt with full administrator privileges will open.
- Now type NET USER ADMINISTRATOR aaa where aaa can be any password you like and press enter.
- You will see The Command completed successfully and then exit the command prompt and login into administrator with your new password.
- Congrats You have hacked admin from guest account.
Further..
Also, you can further create a new user at the command prompt by typing NET USER XERO /ADD where XERO is the username you would like to add with administrator privileges. Then hide your newly created admin account by -
Go to registry editor and navigate to this key
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\SpecialAccounts\UserList]
Here create a new DWORD value, write its name as the user name that u created for your admin account and live with your admin account forever :)
I hope that was informative..
Posted by XERO.ALL RIGHTS RESERVED.
11 Visitor Reactions & Comments:
gr8 one. u even dont need to change the admin password. type "explorer" at the command prompt and the windows will start with full administrator privileges.
Hi Punit Thanks for your feedback and for a noteworthy tip worth including in the bag of tricks. I hope your stay at Prohack will be as enjoyable as it can get. Thanks and keep learning X.E.R.O
Hey, that doesnt work on my computer. when i tried to copy the new sythe.exe to system32, window required me to enter the administrator accounts password. how can i get around that?
Hi Genesis Thanks for giving my blog a read.As I already stated that for this you will need a Guest account with write access to system 32.Or You can try the Boot cds wbout whom I will be posting an article soon. Cheers X.E.R.O
dosent work..the same old sticky key dialog comes up..even after Overwriting the sethc.exe
I LOVE YOU!!!!! <3
Hey Albino Thanks a lot for the terrific response bro :) CIAO :P
I dont think that is a WOW Hack, cause if your user was from USERs Group, Your wont replace that executable..... Then, in your example, the user that replace the executable is a administrator user too... :S so bad
@Jose Lemme correct you at 2 places- 1> This hack was done using a user account.This hack works on 30% on windows installations which are unconfigured using cacls commands,which i found at the time of writing were quite dominant in my college campus. 2> u are right,most of xp systems today donot allow to replace the system32 files,but then all the hacks which work on active windows like the screensaver hack and startup one, will fail to work,it will only work when the condition 1 becomes true.Then the only way to bypass a windows password will be to use a bootable disc solution to my knowledge. In that case i keep my usb drive ready. Cheers XERO
Dude ! I was looking for this hack !! thanks a lot buddy :)
i did it in my college, it worked and i thank you for it. what an idea sir jee!
Post a Comment