Logon to any password protected Windows machine without knowing the password

Today we will show you proof of concept on how you can log on to any password protected Windows machine, without knowing the password at all. I am sure you have heard of utilities which will "reset" or "recover the Windows login password for you, but this is way cooler than that, this utility will not write or reset anything to the hard drive. After you are done, on the next reboot the machine will retain its original password. There is no "reset" or lengthy recovery involved. The 5 step process is so easy that after you have seen this, you will be shaking your head

 

We are going to demonstrate this process on a Windows XP service pack 3 machine, but the process is essentially exactly the same for other versions of Windows such as Windows 7, Vista, Windows Server 2003 or even Windows 2000 workstation and server.

Most of the magic will be done by a nifty utility from Kryptos logic called Kon-Boot, which you can download from its web page located at http://www.piotrbania.com/all/kon-boot/. This same utility can also be used to log on to Linux systems, but that is outside the scope of this article, we will concentrate only on Windows.

You will need to download the .iso file from the Kon-Boot website and burn it to a CD. If you need instructions on how to burn a CD from an iso image using a free tool, you can read up on it on our article here. Next, make sure that the BIOS is set to boot from the CD drive. With the CD in the drive, boot the machine

Step1:

- After the machine boots from the CD, you will see the splash screen as shown on the left hand side. Simply hit enter to continue

 

Step 2:

- After hitting enter in the previous step, you will find this second splash screen. This is important as as soon as you hit enter on this screen, you will be taken to the next step, which is booting Windows, there are no other steps to configure here. In a few minutes, the normal Windows boot menu will appear, just proceed as you normally do in your normal logon sequence to Windows

 

Step 3:

- On Windows Logon screen, fill in the name of the user whom you want to log on as, leave the password blank and hit enter

 

Step 4:

- Olla! you are logged in! and what's the coolest thing, you have not reset the password for the account at all. It simply let you in because it interacted with the kernel directly using Linux. No alteration was done to any hard drive content at all during the process of logging in.

 

Step 5:

- Remove the CD from the drive, and reboot. Your machine will now present you the normal ctrl+alt+del screen like it always use to, try logging on with the username we tried before with the blank password! The blank password will not work, you can only get in if you knew what the right password was..this demonstrates that the user password was never reset, it still is what it use to be.


As you can see that this nifty little cd can be of many uses, you do not need to reinstall or repair Windows if you have forgotten your password. If you are locked out, you can use this to log in as well. It also brings raises a question on Windows security. Once again, this method is exceptionally fast and does not actually reset the password. If you have for some reason the need to "recover" and "reveal" a user's password, you can use the tutorial I wrote earlier here and it will actually show you what the password is.

If the method I described above, is being used to gain unauthorized access to then there are really only two ways of protecting against such an intrusion:

1. Block Physical access to the machine or prevent users from hooking in USB devices or booting from CD ROMs and floppies

2. Encrypt your sensitive data. We will cover a step by step article on how to use encryption to protect your data in a forthcoming article

Hopefully this has been informative for you. If you have any further questions, please do leave us a comment or contact us through the Contact Us link on this web site.

The best way to reset windows password

There are a lot of tools and utilities that can be downloaded and used to recover, retrieve , reset windows password. However, I've tried a couple of these utilities through the years and my favorite is the windows password key 8.0. This utility is used to reset password of any windows versions. 1. Login to a computer that can link to Internet. Download windows Password key and install it on that PC. Note that: there is a .ISO file. Burn the .ISO file to a CD or a USB flash drive. 2. Insert the newly created CD/USB to the locked computer. 3. Reboot the locked computer and press'F2'or'Delete'to enter your BIOS setup and then you will see the instruction

Reply to comment | IndiaWebSearch.com

Its such as you read my mind! You appear to understand a lot approximately this, like you wrote the book in it or something. I feel that you just can do with a few p.c. to pressure the message house a little bit, however other than that, that is magnificent blog. An excellent read. I'll definitely be back.

windows password recovery 6.0 may help

According to my experience,I think the best way for you is to reset your windows password. Windows password Recovery 6.0 It can solve all your problem within a few minutes. Importantly,No need to call a technician, no need to re-install anything, and you certainly don't need to reformat. it also allows you to reset windows password with with USB Flash Drive or cd/dvd Disk now!!

I know a simple way to bypass

I know a simple way to bypass windows password when you forgot windows administrator password,it need not to reinstall windows OS,and wont loss any data,by using "Any Windows Password Recovery 3.0 ". Maybe this could help you. You could get the windows password recovery tool from: http://www.anypasswordrecovery.com/download.html

i appreciate the way you step

i appreciate the way you step by step described this post thumbs up & keep sharing this kinda information :) Wordpress themes

I know a simple way to bypass

I know a simple way to bypass windows password when you forgot windows administrator password http://www.anypasswordrecovery.com/ ,it need not to reinstall windows OS,and wont loss any data,by using "Any Windows Password Recovery 3.0 ". Maybe this could help you.

Windows Security

Hi. I have a question regarding the 2 ways to try to protect a workstation against this kind of intrusion.

Step 2 in particular. If an individual (by burning the Kon-Boot iso to cdrom) has the ability to log in as a specific user then how does encrypting your files help? By encrypting, I'm pretty sure you block file/folder access to users other than yourself. So, if the PC "thinks" you are logged in as yourself, then by default it would allow access to the encrypted files and folders, yes?

Step 1 can be virtually meaningless (restrict physical access) in a work environment unless you have an office with a door and you lock said door.

Lastly, I don't see the point in Operating Systems that mandate a password if there is a "looseness" that allows a login without it by using a LIVE CD. OS vendors (as in all OSes) should think about this and close the vulnerability.

Encryption certificate needs a users password

That's an excellent point you raise Adam. Kon-Boot does make a mockery of the Windows security, I have used and tested Kon Boot several times and it works like a charm every time. A fix to this is not in place yet, it still works on a fully patched machine with latest service pack installed, running Windows XP.

The methods I mentioned are still a good deterent, although a hacker worth his salt would be able to penetrate any machine he has physical access to. When I mentioned encryption, I meant both, the encryption that comes with Windows (BitLocker etc) and the one that you can get from third party apps (such as TrueCrypt). Encryption using third party apps requires the cipher to be generated usually using a key that is not associated with just your logon credential and hence the key must be entered by the user to decrypt the files, hence even if you are able to look at the files because you have bypassed NTFS permissions, you will only be looking at gibberish and not real data.

Windows encryption works differently, especially in an Active Directory environment, where you have roles such Recovery Agent etc. The encryption is associated with the users log on credentials (including password) and the certificate that is generated, is dependent on that. That is why, if an administrator forcibly resets the password of a user who is using encryption, his certificate gets revoked and the adminitrstor can not look at the encrypted data. Hence it is safe deterent as, when you log on with KonBoot, you are not supplying users password.

Having physcial access to a machine is always the biggest security risk. While in a corporate enviornment users definitely need to have access to physical devices such as CDROMS and USB keys, there is a good expectation of trust and responsible use from them and perhaps a IT policy to enforce it. However, less trusted enviornments (for example one that involves contractors and Kiosks etc) should always be restricted access to these devices using Group Policies or other means, else it can be devestating.

Hope that answers your question a little bit, very good question though. Thanks

Thanks for reply

Yes, it does answer my question a bit. And I agree. Unauthorized Physical Access to a machines are a big problem. Thanks Koder for the quick reply. Adam

remove windows password

You can reset windows user account password in safe mode(F8 when booting up). But if you forgot administrator password, you must reinstall windows OS or use windows password recovery disk. http://www.windowsloginrecovery.com

windows password recovery

If you lost windows password, you can reset windows user account password in safe mode(F8 when booting up). But if you forgot administrator password, you must reinstall windows OS or use windows password recovery disk.

bypass or delete widnwos passwords, including windows 7 password

Compare to many password recovery solutions. Following solution is the best and the easiest one. 1.Download Windows Password Unlocker from Password Unlocker Official site http://www.passwordunlocker.com/products/wpu.html . 2.Decompress the Windows password unlocker and note that there is an .ISO image file. Burn the image file onto an blank CD with the burner freely supported by Password Unlocker. 3.Insert the newly created CD into the locked computer and re-boot it from the CD drive. 4.After launched the CD, a window pop up with all your account names(if you have several accounts); select one of the accounts that you have forgotten its password to reset it. Just one press, you have removed the password.

bypass windows password

http://wiki.e107.org/?title=Forgot_Head_Admin_Password#How_to_Reset.2FBy... there is an article about how to reset windows password. It must be helpful for those who have been locked out of computer

bypass windows password

http://wiki.e107.org/?title=Forgot_Head_Admin_Password#How_to_Reset.2FBypass.2FRemove_Windows_Admin_Password there is an article about how to reset windows password. It must be helpful for those who have been locked out of computer

hope it helps

There’s a way to reset the password and it doesn’t involve reformatting and reinstalling Windows. The solution is called Windows Password Reset 6.0. It can reset almost all Windows passwords in seconds. If you want to know how to use it, please visit it http://www.resetwindowspassword.com

Re: How To Recover/Reset Lost Windows Password?

I have downloaded Windows Password Reset 7.0 from http://www.lostwindowspassword.com. it not only supports XP, 2000, and NT, I have personally tested it with Vista Home Premium and Ultimate. It works perfectly to reset any local user account to a blank password. I Wrote it to an old 128mb USB flash drive do this.

Winlogon Password Reset

The best solution I found was to use the Winlogon Password Reset(link below), it got me in seamlessly and there were absolutely no problems. http://www.windows-logon-password.com/

reset windows password

I have downloaded Windows Password Recovery Tool 3.0 . it not only supports XP, 2000, and NT, I have personally tested it with Vista and Windows 7. It works perfectly to reset any local user account to a blank password. I Wrote it to an old 128mb USB flash drive do this. Booting up and clearing a password takes a minute or two works like a charm. It supports cd/dvd too.

great

You can create a Windows password reset disk to reset your password. Follow this 5 easy steps: 1. Enter a computer that can link to Internet. Download Windows Password Reset Tool from http://www.windowspasswordreset.net and install the software on that computer. 2. Run the software and create windows password reset disk by follow the instructions. 3. Eject the created CD/DVD and insert it into the locked computer. 4. Reboot the locked computer (it's necessary for you to change your locked computer's BIOS setting to make it boot from CD drive) and then follow the instructions to reset Account password. 5. Now login Windows and set a new password.

bypass or delete widnwos passwords, including windows 7 password

Compare to many password recovery solutions. Following solution is the best and the easiest one. 1.Download Windows Password Unlocker from Password Unlocker Official site 2.Decompress the Windows password unlocker and note that there is an .ISO image file. Burn the image file onto an blank CD with the burner freely supported by Password Unlocker. 3.Insert the newly created CD into the locked computer and re-boot it from the CD drive. 4.After launched the CD, a window pop up with all your account names(if you have several accounts); select one of the accounts that you have forgotten its password to reset it. Just one press, you have removed the password.