how hackers bypass windows login screen!
ฝัง
- เผยแพร่เมื่อ 15 มิ.ย. 2024
- // Membership //
Want to learn all about cyber-security and become an ethical hacker? Join this channel now to gain access into exclusive ethical hacking videos by clicking this link: / @loiliangyang
// Courses //
Full Ethical Hacking Course: www.udemy.com/course/full-web...
Full Web Ethical Hacking Course: www.udemy.com/course/full-web...
Full Mobile Hacking Course: www.udemy.com/course/full-mob...
// Books //
Kali Linux Hacking: amzn.to/3IUXaJv
Linux Basics for Hackers: amzn.to/3EzRPV6
The Ultimate Kali Linux Book: amzn.to/3m7cutD
// Social Links //
Website: www.loiliangyang.com
Facebook: / loiliangyang
Instagram: / loiliangyang
LinkedIn: / loiliangyang
// Disclaimer //
Hacking without permission is illegal. This channel is strictly educational for learning about cyber-security in the areas of ethical hacking and penetration testing so that we can protect ourselves against the real hackers. - วิทยาศาสตร์และเทคโนโลยี
7:00 Brings a whole new meaning to the tooltip "Ease of Access"
@Third-Party Apple Support do you go around assisting people with apple products?
@@PartiallyCooked Why would he? When iCloud Photos scans images to find CSAM, and reports it to Apple directly. They've streamlined the whole process.
This is an old old tip. Been working since at least Windows 7. Unsure if it still works in Windows 11. I'll try it if I get around to it.
@@SpaceCadet4Jesus It works sincee WIn 98/95.... since 98 (maybe 95 too) this can also be done with error message (dont send), couple of clicks here and there and a fatal error appears but you are INSIDE....
@Third-Party Apple Support third party apple product 💀
There is an even easier way in which you don't have to use the cmd to rename and copy cmd, that is opening notepad.exe from the cmd, navigating from the open file menu, and changing whatever you want. Windows is really easy to hack at these levels, all you need to do is a little research.
As always, great content!
Yeah, wasn't it like CTRL+ALT+DEL and run the cmd task?
I try to follow you but you dont have content
And it doesn't even have to be a windows installation media.Any Linux installation media will be enough too and if it has Live USB, you can enjoy the comfort of editing files from a GUI file manager. Unless that Linux doesn't come prepackaged with secure boot nonsense of course.
Any tutorial u recommend?
@@miguelquintana7084 For what?
Been a SE since Windows NT and I'm left baffled lol. THIS is what I LOVE about I.T. You never stop learning. Well done.
I fondly remember doing this exercise during a pc repair class I attended, pretty useful for clients that are "forgetful".
Same
I wish I could send my pc to you I don’t know how to do any of this😭
This was actually really simple :p no clickbait. Appreciate it.
bros no clickbait.
@@rahuldev2205 a rare trait in this climate nowadays. Because of that I'm now subbed since and watched a ton more vids of his.
I love stuff like this. Once you see the trick, it’s so simple, but I would _never_ have thought of using this as a route into the command prompt screen.
this has been known for years, around since Windows 7, and you made it potentially more complex than is needed - you can also hit the reset key twice while Windows is booting. In startup recovery, you sometimes don't even need a password to open the CMD and change things from there
Fr, I honestly hate “hacker” content like this shit, it’s just cringy and kinda obvious
@@manuell3505 is there any way to see the password without changing it?
This is the only working method now, you will need a password @startup recovery when opening CMD (windows 10)
@@munch255 no password is hashed even if you see it
@@munch255 That's totally boarded up. You have to trace down and decrypt the key-data that was generated when the password was set. Windows uses some random construct and doesn't store anything about it. For security, also the location on disk varies.
But why would you if you can just boot another system from USB-stick and acces the NTFS partitions?
It must be hackable, though. Maybe boot the physical disk inside an emulator, so you can scan the whole virtual system's RAM for changes at adress-level.
In some cases you can't change the password (policies etc). You can create a new user (net user add etc) and put em to administrators group, login with this new account and you can see all local users and change their passwords. In some older versions you can also change domain users passwords - before login disable network so the domain controller will not be found by the os 😊
This is basically the sticky keys (bug /hack) from Windows 7, you'd hit a key 5 times and Cmd window would popup rather than the sticky key message. Most companies already have the Usb and Bios disabled. So this is only useful if you forget your microsoft password.
With BYOD it is a lot harder for IT teams to lock down on everyone having a locked bios with boot to usb disabled.
Ye, been around for ages. Interesting that they never seem to shut it down.
@@Luftbubblan Effectively.. you can't. You're better off having remote management tools that can scan and remove unwanted software, unknown logins, etc.
It's is affectively patched by using a Microsoft account
BIOS locking is not enough. They shoud use disk encryption, and better thin clients with centralized server farm.
@@PanoptesDreams very old trick. This was done with windows 7
Not the commands and actions I do during this exploit, but very informative nonetheless without teaching people how to do damage. There are additional steps to make it untraceable, especially on enterprise computers (which you would also have to unplug ethernet before boot). Nice choice with the Windows Install IMG over Linux (simpler to use, and allows you to just use the computer on your own OS), as it is digitally signed by MS and less likely to trigger the unsigned drive error (which would require a bios password [not hard to bypass]. However, this will not work on an encrypted drive, which i encourage all IT managers to undergo. Bitlocker takes 5 min to set up domain-wide. To prevent this attack on your machine, set a bios password, set another password for boot loader/menu, encrypt your drives, and disable automatic startup repair.
Definitely Blocker and disable boot from USB.
how is it possible to open the computer without the user knowing? i.e. password cant be changed, or can the password be seen?
@@IndrajitPoirahInsomniac specify your question. I don't understand what you mean by user knowing?
@@boardingurban I mean how to know the password of windows without changing or disabling it
@@IndrajitPoirahInsomniac oh easy. Boot menu / window install disc / Repair your computer/ cmd . Then, you play around and do some things with root access such as, renaming utilman.exe to HypoteticallySpeaking.exe and copying cmd and renaming the copy the former. After a restart, you will find rather funny how the lockscreen accessibility option will now return a root cmd window where you can just type explorer.exe and watch the pc boot w/o a password
Excellent video my friend. I haven't logged into my laptop for 2 years and I forgot my password, I tried for 2 weeks different passwords but couldn't remember. This video saved me over $100 at the computer shop to get them to do it. I fixed it myself at home in front of the TV :)
This seems so much easier/more simple than using a Linux ISO boot to redo account passwords. Thanks for the info!
This vid is really helpful for tech support. So many occasions that we really need this. 😅
The main obstacle to this is just disk encryption with bitlocker, but the amount of people who don't have it on (esp because not everyone buys win 10 pro and signs in with a ms account) is large enough I think. But this is def an accurate representation of what someone could do if they stole your computer.
In fact if your password is weak enough they could even bruteforce the hash with special software.
I mean, if someone steals you computer that is unencrypted they can just take the hd and connect it to another computer, or run a live linux usb and access the data.
But yes! Encryption is the absolute best protection, until you loose that darn key... xD
you can decrypt a bitlocker file from cmd so yeah gl with that
Encryption is the best way to lose everything on your hard drive.
not if you have more than 2 braincells to save the recovery key(s)@@MAGAMAN
@@MAGAMANWell, for people with this opinion you Just have to Strike 'Enter' at the Password prompt and you are in without any File renaming.
I used this first one on my dads old laptop when he forgot the password. It actually startled me how easy it was!
I actually taught this years ago when I was teaching computers at a grade school. I learned it from another tutorial. Like you I was amazed that it worked the first time I tried it.
One of the most amazing videos I have ever seen brother!!!
Direct, simple, non classical
Many thanks for sharing 👍
Looking for watching your next tutorials!!
if bios is locked and usb boot is disabled this cant be possible!
@@UltraLimeLife420 It is still possible unless the hard disk is encrypted. You can trigger a troubleshooter and get access to the filesystem that way.
@@trondremix
so you're saying that i can bypass bios password?
can you clarify
Most computers, especially company computers won’t allow you to boot the usb without entering bios first and it’s generally locked by a password, there’s still ways to get around that but this method requires a few more steps to work on most computers
I work in a repair shop and at least 90% of the computers I get in will boot from USB without making any changes to the BIOS, and less than 1% have the BIOS password protected. The biggest and most common obstacle these days is the increasing number of drives that are encrypted with bitlocker.
i’m not sure, but if you take out the bios battery for a few secs, the bios resets itself and the password is gone. is that true?
i’ve done that with a old laptop years ago, does it work nowadays?
@@vapefybeatz3322 Not necessarily. For one thing, Not all laptops have bios batteries anymore, and the bios password isn't always stored in the same place and can only be change or cleared by dumping, editing, and reflashing the bios with a chip programmer.
@@mrkmpn how do you do that 1% problems?
Boot USB is not required. Just hold down shift and restart . Release shift after restart screen appears. Then -> troubleshoot -> Advanced options -> Command Prompt
Could of used this some weeks ago when I was accidently logged out of my own PC, and I had to re-install Windows and lose all my data.
Very nice video - I'm saving it!
You could have also created a Linux ISO and booted it up. It would run as a live disk, and then copied your data out to an external drive using the file manager.
THANK YOU!!! THANK YOU!!! Some POS hacked my computer, created a user file for himself as administrator and it was password protected. He also installed something that froze my screen within 12 seconds. He wanted $400 to "fix" my computer. I told him to stick it (I wasn't so polite). Your video allowed me to hack the hacker, put myself as administrator, removed him and all his programs, and eventually fixed everything. I had your video playing on one computer while I fixed the hacked computer and your instructions were perfect. THANK YOU!
Doesn’t work if you have bios password or bitlocker enabled.
Easier to boot from any remote disk and replace admin password.
@@Boygadget what about bitlocker?
@@Boygadget nope... your password is not in your cmos
@@gtarules1 this is only for the bios password. it wont work for bitlocker
Again though, you need bitlocker pw
@@Boygadget lame, this method is not working for a long time ago
Fantastic tutorial Loi! Fairly straight-forward too!
what is "copy cmd.exe utilman.exe" doing?
@@BlacKi-nd4uy it is copying the cmd.exe and renaming it utilman.exe in one process so you don't have to manually rename the cmd.exe after copying it into the folder and allowing you to use the cmd.exe from in windows boot
@@BlacKi-nd4uy copying the content pf cmd.
exe and save it as untilman.exe
When you press the little button in the bottom-right it brings up utility management. So he is changing the name of utility management to utility management 2, and then renaming the command line to utility manager so when that button is pressed it brings up the command line instead of the utility manager.
This is how you hack into your boss's computer, how you get back at a bad boss.
I wrote the instructions down on a paper and memorised them after many tries. Thanks a lot for this video!
Thanks.. this is helpful in case we forget password of a local account.. simple and straight to the point!
Also acts as a "debug" feature which is really useful when you break windows (you have to use sticky keys tho) since usually you’re locked out from getting to a cmd or gaining control, but with this...
There is no need to do the download and USB set-up, etc.
When starting your computer, if you shut the power a couple of times in a row, then the next time that you start the computer, you will be offered a menu to repair your computer.
I do not recall the exact menu. But if you click around, you will find the option for running the command prompt. From there, you can follow our host's instructions.
Also note that many computers will not allow you to boot from a USB drive, which will prevent you from doing what our host described.
For those computers, you will have to go into the BIOS, and set a password. After that, you will be able to change a BIOS setting to enable booting from a USB drive. After that, you can remove your BIOS password.
On win 10 (at least mine) you need the password to do anything in recovery. Sometimes you have to enter bios to add a boot option to use the usb. :)
There are multiple ways of making this secure.
1.
for business and home make sure that your case has a lock on it so someone can't remove the cmos battery and reset the bios.
2. Make sure the PC always boots from the hard drive first
3. Most importantly make sure your bios has a password set
4. Disable boot select menu
Also Microsoft can prevent this from having the main login UI check to see if any programs that it launches during the login screen has been tampared or can even block programs while on the logon screen.
Bitlocker also works
resetting the bios will not reset the windows log in password.
@@TheFurrry no but resetting the bios makes it where it will clear the bios password at which point the user doesn't even need access to the windows or to bypass security
Step 2 could cause you a dilemma in the future if you run into any drive problems and need to boot from a USB. Step 3 and 4 should be enough, right lol? xD
@@Da_Cap_i_Tanif that's the case then it would be the admin/owner that would need to boot from the cd drive at which case should know the password anyways
I first saw someone (a CEH) do this about 6 months ago and I was shocked and intrigued to study CEH as well. The difference was at the CMD he created a local admin account on the machine and logged in with that
Known about this trick for years. Used to use it all the time back at my old job in a small computer shop when someone would come in with an old laptop they don't know the password for anymore. Crazy it still hasn't been patched to this day.
You are awesome 🤠. Sir make video on Android termux.
Also if this hack needs to be performed in a big organization then it'd better to have the network cable disconnected and Cary out the operation other wise CrowdStrike detects this one.( anyways when it's back online will will detect) 🙁
I have a boot cd that can “read” the passwords for all accounts.
No idea how it works, but handy when someone lost their password.
Works like a charm 😊
Nice tutorial. It's amazing how many PCs this will work on if you don't secure your boot options and USB ports.
This is a pretty neat trick when helping people get into their PCs when they’ve forgotten their passwords; however, I don’t believe this is a common technique for actual hackers. In order for this process to work, the attacker would need to have physical access to the PC to mount the bootable USB installation drive. I’m not saying there aren’t other, more advanced ways to bypass the windows login screen by using CMD, but unless someone with malicious intent has physical access to your machine, this shouldn’t be a concern. But anyways, thanks for the great video and well-explained tutorial!
This could work well for penetration testers
This isn't limited to physical access by any stretch.
This works for Windows Server as well as Windows 10. You could do this remotely with access to a virtual console (say through a breached azure, aws or other cloud provider account), an out of band system management tool like Dell iDrac, or HP iLo, and the media could be attached with a virtual disk mount, PXE network booted etc.
The reality is though, if a hacker already has this level of access, they aren't going to waste their time attaching a Windows installation ISO.
If you wanted to protect against this:
-Enable Bitlocker on Windows
-Enable SecureBoot in the BIOS
-Password protect the BIOS.
@@Emmanuel-is7gm i like to do penetration testing
@@Emmanuel-is7gm Exactly
You’re right. I’m pretty sure this is the first thing he pointed out as step one.
Nice thought, but does it work on encrypted drives, too?
And does STRG F10 also work in a later point of the installation process (i.e. if you have to load controller driver first as you have to on modern computers with NVME-Drives)?
I already heard of it years ago, but thought to have read they fixed it at some time. With your upload being just 3 weeks ago, I would say it still works.
Are you doing the same on windows 11?. With all the latest updates + defender?
I doubt it, I dont think this works anymore
@@MacGuffin1 nah it doesnt see c: anymore only the ISO
Known this for a very long time, quite useful sometimes!
im sure is still works as well in windows 11
which times😂?
@@AK_Studioz here's one, a relative found lost laptop from many years ago, doesn't know the login, brings it to me because I'm known to be into cybersec, I can quickly fix it for them.
Another more nefarious use, bypassing restrictions on domain computers
If the stars align, yeah it's useful.
But if Bitlocker is implemented properly, no dice - choose another vector.
@@geroffmilan3328 the stars align? More like flipping a coin, many pcs just don't use bitlocker
However yes, if bitlocker is set up, you're outta luck with that method
BEAUTIFULLY done and explained 🌹
This is the first video I've seen and it got me subscribed.
This is one method but I just prefer a bootable USB and running tools such as hiren(there are many many, many others). Much easier. However and I must warn those tools are ONLY meant for technicians to tshoot a owner's machine or help an owner at retrieving old files they may need.
okay
I knew about this over a decade ago. But thanks for sharing it anyway.
Funny no one has seen your video about it.
@@john_doe1st I've seen it, at least a decade ago
@@john_doe1st It sure is an old thing, almost to the point it should be common knowledge! stickey keys :D
@@hk0444 This channel doesn't have any content
yup, I used that many years ago.
I actually learned this on my own when playing around trying to download games on our school computers. Eventually was able to play CSGO and some other stuff lol.
Good times!
Known this for many years. Nice to know I knew something the great hacker Loi didnt!
You can do same without a usb windows bootable drive, only physical access is required.
To void this: use drives auto bitlocker enabled, which unlock automatically after your login and auto lock after reboot or poweroff.
Whenever someone try same they will face bitlocker encryption.
Good guide, keep it up 👍
"You can do same without a usb windows bootable drive, only physical access is required " => Do you mean , force turn off the computer 3-4 times ?
well to open the CMD you'll still need a password on recovery mode I've just tried it, unless you are talking about another method.
If the user account you are targetting is a Microsoft Account it could be that you can't change the password. In that case you could just create a new user with admin rights.
It also works on windows 11 but if you take a little too long the system will realize what you’re trying to do and lock the computer again and when you click the link the original utilman will show up instead of the modified file
I think it's funny how arm chair hacks reply with disgust, remembering some hack a computer guy or Google gave them - you bring a fresh breath to the younger crowd to get them involved. Props bro from an old hack 😂
you can also do this by booting into "repair" mode. I've accomplished this by power cycling the system several times, and then using the command screen to do basically the same thing. I've also used the hirens boot cd to reset the administrator account password (client as well as server). will need to try this method again someday on a winders 11 system. as always Loi, Gr8 tutorial.......
Same here, no USB needed. Hold shift and click on reboot.
@@ShinyTechThings just about to say this. Had to the other day and wasn't aware safe mode boot process had changed
To get to Command Screen in recovery mode, you also need the profile password.
no, you can't
in order to use recovery mode, you have to input user password
and by the way, you don't really need to power cycling the system, just get in to windows user login, click the power button, hold shift button while clicking restart button
it's easier and reduce the possibility of breaking your system
or better yet, just use some kind of hiren boot / mini windows
I don't think this would work on a BL machine or woe that has an admin password for BIOS.
I wanted to tell you a huge thank you for all your incredible showcases & work! You inspired me to get into all this cuber security stuff! You are amazing, Mr Loi!
just use AD and your in
@@TheMessanger AD?
@@TheMessanger Active Directory? 🤣
@Jamie Clarke close but not what would u use
@@TheMessanger close? AD is Active Directory lol you need another acronym if you're talking about something else, or just say the name of it, the youtube police aren't coming to get you ya know, no need for encryption on a TH-cam comment 😅
So this is why in my previous school we had to agree to not use usb's on the computers without permission. Also i hacked my self cuz i did a typo when changing password. So thanks for the very simple and useful tutorial 👍 now i have to finish organizing my files
Can you also use the command prompt from advanced troubleshooting options? I work remotely and sometimes clients don’t have access to removable media.
Excellent😍
If only I knew this 3 months ago when drunk me changed the password then forgot it next morning.
This can also be done by using the safemode startup and going into the command prompt
thanks liang this is an old way to access windows but still good even on windows 11. thanks for all the content, videos , etc always super interesting. By the way if you dont have a bootable windows installation winpe will work too. anything that allow you to access cmd is ok.
6:48 BTW you can do all these stuff with the smallest Linux Distros, even you can get utilities to change password and modify Windows registry
That was done with ease of access on Win7 years ago. A little different but same concept
i'm really surprised that they still haven't done anything about this. i would suggest a hash verification function of the called program before letting any of these buttons continue the call. should add very little time.
@@dillonbabb7156 that would mean microsoft would never be able to reliably patch utilman.exe in case there's any vulnerability.
Can I ask one question?
What if we directly write the password changing command on cmd on that reboot step only??
Its exactly the same...... sama as in this video or another method with: "startup repair"..... and its working since win 95/98.
Do you need the flashdrive though?
Won't recovery mode have a command prompt?
(Hold shift while selecting power > restart)
Does this work if your computer is running off the company's network?
Back in the good old days, about 20 years ago, this was usually how i would help a client recover their lost windows password with a few other similar methods. You don't even have to boot the system to change the password. Offline SAM database methods exist as well.
don't work with bitlock
@@christophegrutz6862 yes of course it doesn't
That's What We Need
wow! thanks man. i am going to try this with some off the laptops i am currently cleaning up monday
Thank you my Father in Law passed away and my Mother In Law needed access to his PC.
I believe you could have changed the password from the CMD prompt while you were booted on the usb key. So this way the Windows exe file stays unmodified... No?
No then it would have changed on the windows installation media not the actual OS
No. Fail bro fail
You did everything right although even a beginner's hacker would not do that. Everything you explained is a nice way for the users to get back to their system and its has nothing to do with hacking.
7:03 That laugh was pure evil. Better like this video for not being hacked.
i use BlackArch-Linux btw
I thought this was going to be how to get past it while the user is logged in / without having to reboot. :(
This password reset trick is oooooooold
“V” for Vendetta is one of my favorite movies. Thanks
a bit of research: this technique only ever worked with local windows accounts, not with microsoft accounts. Also it doesn't work anymore since "Windows 10 1809"
It works on the latest Windows 11. I use it as a backup, it is useful to have CMD with SYSTEM rights before logon.
@@tairikuokami dear, u did try the pin+tpm(ofcause in win11)+bitlocker ? / or u just tried the winAccPW+tpm(ofcause in win11)+bitlocker
You can create a new admin account, go to explorer, navigate to the users folder, click on the user with the microsoft account and you can still see all the files of that user, edit them, copy them over, delete them, ...
I dont know what I would have done without almods geniues help in my divorce case. Your dedication, enthusiasm, and expertise were like a lifesaver. youre my hero!
how did they do it, did you see live locations too
yes they gave me full phone datas
can i see the harka emall pls, i'll like to see my partner phones aswell
all genues
@ G m a l l.
This is nice and useful..i’ve been using this trick since 2013 as far as i remember…
when i worked at 24 hour fitness, we had a windows machine for logging in guests, otherwise locked down, i remember right clicking on the printer in the tray to do something that would eventually allow me to open internet explorer and surf the web, my coworkers were big fans of me 😂
Only works on local accounts not on connected microsoft accounts sadly
Yeah, then you can use the local admin to change permissions of other user folders.
@@RassieKariuki IF there is any local account. When you connect to ms account, isn't local account are removed or deleted?
@@rebel__rana correct.
And by default in Win10 onwards the process defaults to asking you for a Microsoft/AzureAD account.
These hijacks will be detected as Win32/AccessibilityEscalation and will cause Windows Defender to automatically remove the offending debugger from the Registry key.
Is there a way to make this not happen?
@@user-db2bw3hm8m yea i would think you could disable windows defender
@@user-db2bw3hm8m yes, change the security on the file to block everyone, including System and TrustedInstaller.
i love this channel lol, shows all underrated cool things
FYI, BitLocker (or any) encryption with secure boot (secure boot optional) makes this hack entirely obsolete. Even if you only use the rather insecure TPM you'll need the full recovery key to access the files from the USB or any OS that is not the installed Windows OS itself (unless you have admin access before restarting, which means you can pause encryption, but at that point why go thru all these steps to log in again?).
It could be possible with only the TPM to inject some code into the Windows boot process from a USB device which would override utilman, so I recommend also setting a Bitlocker PIN/password (also VeraCrypt support TPM+password please, TPM isn't always "redundant"). And make sure to have an admin password set in the bios to make sure the boot order can't be reordered (though the bios can sometimes be easily reset without the password, but then this would trigger secure boot failing, forcing a bitlocker recovery code)
To stop this kind of attack in the first place, you can setup a bios password. Just make sure you can not boot from a other drive / usb stick, without typing the bios password before.
U should bypass even that by resetting youf bios on hardware lvl
Sometimes people leave out the bootmenu/accedentally leave the cd, floppy disk or other as the priority and so you can boot from it. If all that doesnt work, you can only reset the bios or take out the hard drive so it boots from usb then reconnect the hard drive (if it even gets recognized)
This is a very old/basic method of bypassing the login screen. Most admins will disable the ease of access option from the beginning.
Lol
Then can we program it on any other option?
@@Jee2024IIT yes, even the login screen itself which of course wont be disabled (else it bricks the system)
I actually never saw anyone disable it. Even if they do, theres tons of programs you can use to do the same.
used that method for the past year works everytime
I will have to remember this the next time I accidentally lock myself out of my own box. For me, it's better to leave no trace... this will definitely alert the user they have been pwned. Super useful, though!
Nar.... most machines wont allow you to boot from the USB first unless you have a bios password to swap the boot seq
take the CMOS battery out of the motherboard leave it for 30 minutes and reset the BIOS
@@12345charliebrown Most modern computers/laptops store this password in a separate security chip / tpm.
In order to reset this password you'd have to short the data lines of the actual chip while booting into the bios. (Also with the cmos battery removed)
@@notafurrysogoaway 100%
Beginner's mentality... Never stumbled on that obstacle, even so it wouldn't be rocket science...
Just enable bitlocker
This is like 20 years old. But you don't need any Windows installation as long as you can access the NTFS filesystem.
Thanks for that, I'll switch to FAT32 right away
@@HyperVectra Fine, *any* unencrypted filesystem. Does Win10/11 even work with FAT32?
Been able to do this since before Hirens Boot CD was even thought of. but nice content
you don't even need any bootable drive just to fire up that X: terminal...
> forcibly stop win with the stop button, then again start. wait 2 sec, when it's booting stop it to stop again.
> repeat this 4-6 times... now win will not boot normally, instead, (Because Win will detect unstable booting issues ) it will show you the screen will a lot of things to repair win like restart, reset, etc.. from there you will have an option for "Command tool" inside of the advanced option.
Booyah!!!!
It's always felt like a security risk to me to allow anything to be done without logging in. Turns out I was right. Seems to me that, especially after all these years, MS are completely negligent for not fixing this.
definitely a reason to encrypt your drive
@@thesoulsender how does encryption prevent this exploit? I thought that once you're at login screen the encryption is already bypassed on a hardware level. I changed a motherboard recently and I couldn't boot until I dug out my Bitlocker key, but past that, harddrive is accessible with installation media.
I even was able to use registry to enable a local offline login with a password because the network driver wasn't working so I couldn't log in with the PIN and it wanted to authenticate online only which obviously wasn't working without the network driver.
@@vedranb87 when you boot into a live environment like the installer, the drive the actual system is on isn’t mounted and decrypted yet, so you can’t access anything on it. If you don’t believe me, try it yourself with bitlocker on and a windows or even a linux live environment
@@vedranb87 a bit late, but un encrypted drive is essentially usable by other devices, try plugging ur boot drive to another machine as a non boot drive and the data will be read and writable.
Not sure that's accurate. MS utilizes UEFI and Bitlocker encryption. Technically if you have access to an unencrypted disk you could do anything and that's on whomever installed your OS without Bitlocker.
That is far more steps than necessary. Lol Personally, I would just boot in safe mode cmd prompt w/ networking. From there, use the netuser command and simply change the psw via dos commands
should work on machines with Bitlocker OFF.. and sadly most recent laptops have them enabled by default and users are encouraged to do so if not yet done.
that doesnt allow u to acces admin account...
Thank you. I’m able to save my data and laptop without formatting.
for a moment i thought this was to give you the actual password, not change it, there are tons of tools for that for the SAM file. Still nice find
That's why encrypting your HDD is a very good ideea.
Lol... This is NOT hacking... Its just using a feature. Using it often when a client forgets his password. This is also a reason why you encrypt your SSD/HDD... It will not work :)
Quick question! How would I undo the easee of acces cmd prmt window at the login screen? I used this to get into an old laptop my friend lost their password for and wanted to stop access to that now
i remember doing this but with the sticky key function .... doesn't matter where you are just spam on shift and you have cmd
You told us the trick....but you should also tell how to prevent this.
A. Bitlocker only available on windows pro (so the drive cannot be removed and read in another computer)
B. A Bios password that prevents anyone from even getting into the windows login screen in the first place.
Please upvote soo everyone knows how to defend against this. =D
I'm not familiar with bit-locker; I'd have to look that up. I don't use any kind of Windoze (currently all my computers are running Manjaro Plasma instead). But I wonder if a Linux-compatible technology exists to prevent drive transplant from working? (LUKS is nice, but only works on data drives and only works if you install it when formatting the drive before writing data.)
BIOS passwords on most computers can be reset in 30 seconds by popping-off left-side cover, moving "clear CMOS" jumper to "clear" then back to "run", the putting left-side cover back on; voila, no more BIOS password.
Windows passwords are a joke if an attacker is able to get their hands physically on your computer. They can just boot from a Nordahl USB, set all the passwords to empty, remove USB stick, press reset, and voila, all Windows passwords are blank.
What makes you think Bitlocker can't be cracked? It can, and is done.
Sir, I am from India 🇮🇳. And please
Sir make full course on Android hacking
Are you on D? If yes add me via my profile
I did this on a Windows Server 2012 Enterprise back the day also to know that anybody with low-level access to help me file helps you find a lot
great thanks soo mucchh. this technique so underrated
Protected with Microsoft account
Not possible
You have to take ownership away from owner to get around Trusted Installer by mounting the drive on another host. Make changes then give ownership back. Put drive back in original machine
With the command prompt open on the login screen you’re running the cmd with root access allowing you to make a local account with admin rights bypassing this
What if it boots without network access?
Who uses a computer anymore?
Ohhhh, 7 DAYS ago!! Wow! I thought it said 7 YEARS ago when this video was uploaded. Given the content, that made sense, because this hack is as old as Windows 7! :D 8/10 for production value though ;)
I just used this to get back into my old laptop thanks!