Jump to content











Photo

Reset a Windows 8 Password without using any third party software

do it in 10 minutes - how to

  • Please log in to reply
100 replies to this topic

#26 Nuno Brito

Nuno Brito

    Platinum Member

  • Team Reboot
  • 10452 posts
  • Location:boot.wim
  • Interests:I'm just a quiet simple person with a very quiet simple life living one day at a time..
  •  
    European Union

Posted 15 December 2012 - 01:26 PM

I didn't tested the account behavior on my own, but from what I read on the article mentioned from Wailer there seems to be no issue at all. Accounts are still created locally. Just use an email address as identifier and it doesn't even require online authentication for some services.

 

I actually use this since a long time with the Windows passport feature. My live ID is logged using my gmail account since the past 6 years.

 

Look here:

Of course, you can also continue to use local Windows accounts as you always have and obviously, domain-administered accounts work as they always have as well.

 

So, although many people assume they will need to sign up for a new email account to get a Windows Live ID, it’s actually not necessary. In fact, many online services use a "string" like someone@example.com to represent a user name, even though that string looks like an email address.

http://blogs.msdn.co...ws-live-id.aspx

 

:cheers:



#27 wailer

wailer
  • Members
  • 5 posts
  • Interests:I have no special talent, I am only passionately curious.
  •  
    Netherlands

Posted 15 December 2012 - 08:40 PM

After doing some reading,  you must have have logged in succesfully (online) at least one time to login offline.

So the liveid pass must be stored somewhere localy, it cannot be changed with the standard procedures (erd, net user, Dart etc) i tried that...

 

I will check if login in as admin creates the ability to change a liveid acount to local or even removing the pasword completely, i will get back on this.



#28 Nuno Brito

Nuno Brito

    Platinum Member

  • Team Reboot
  • 10452 posts
  • Location:boot.wim
  • Interests:I'm just a quiet simple person with a very quiet simple life living one day at a time..
  •  
    European Union

Posted 15 December 2012 - 08:45 PM

Ok, would be great to hear your experiments on this matter. I still don't have a Win8 machine to try out these things, for the moment I am still busy with Win7 before moving up.

 

:cheers:


  • Jamal H. Naji likes this

#29 wailer

wailer
  • Members
  • 5 posts
  • Interests:I have no special talent, I am only passionately curious.
  •  
    Netherlands

Posted 15 December 2012 - 08:56 PM

Ok, would be great to hear your experiments on this matter. I still don't have a Win8 machine to try out these things, for the moment I am still busy with Win7 before moving up.

 

:cheers:

I work for a large company who sells computers/laptops (and lots of other stuff) so i have easy acces to the newest machines.

Sometimes machines come back for "servicing" and passwords have to be removed for me to gain acces (for re-installs), so every time microsoft comes up with a new window's version, it's a new challenge. :suda:

Luckily I am getting quite handy in AutoIt scripting so a lot of the stuff i do gets's automated :idea: .

 

Keep you posted.


Edited by wailer, 15 December 2012 - 08:57 PM.

  • Nuno Brito likes this

#30 DarkPhoeniX

DarkPhoeniX

    Frequent Member

  • Team Reboot
  • 452 posts
  • Location:In the middle of nowhere
  • Interests:Interesting Things
  •  
    South Africa

Posted 15 December 2012 - 10:17 PM

After doing some reading,  you must have have logged in succesfully (online) at least one time to login offline.

So the liveid pass must be stored somewhere localy, it cannot be changed with the standard procedures (erd, net user, Dart etc) i tried that...

 

I will check if login in as admin creates the ability to change a liveid acount to local or even removing the pasword completely, i will get back on this.

See if you can brute Force the NTLM using CANE on the online password(should be kept in the local REG)

If it is stored locally you should be able to decode it ...

 

My Company Has Access to the enterprise Versions

We have not installed it on to any of our systems at Work

Well sept for some VMware systems, Oh and My Laptop for Testing

We have to start learning it to be able to fix our clients PC's

 

I think we are going to get The Windows 8 DART next year only...


  • Jamal H. Naji likes this

#31 Jamal H. Naji

Jamal H. Naji

    Frequent Member

  • Tutorial Writer
  • 178 posts
  •  
    United States

Posted 16 December 2012 - 09:23 PM

Many thanks to all the beautiful members of Reboot.Pro for their comments and inputs and ifo that is enriching this subject, and thank you for all the nice words you said to me about this tutorial,

 

Thank you (Wonko the Sane),(Nuno Brito), (Max_Real Qnx ),(DarkPhoeniX),(georgeks),(Nori), (cyberagent), (MCR700), (Ferico Garcia), (Shashi007), (Kent0n), (wailer), (KaiserSoze), Thank you to all members and guests of Reboot.Pro , thank you for all the beautiful emails and messages and phone calls, appreciate that.


Special thanks to :

1- Melanie Pinola is a freelance writer covering all things tech-related. A former IT admin and occasional web developer, she is also a Lifehacker editor, PCWorld contributor, and the Guide to Mobile Office Tech at About.com. was one of the first to feature this tutorial she said: Jamal H. Naji has the full tutorial on Reboot. Basically, you boot into the locked PC with the recovery disk and open up the command prompt, then replace the Ease of Access Center application (utilman.exe) with another copy of the command prompt (cmd.exe) with administrative privileges. Then you use the "net user" command to type in a new password for the user whose password you want to reset. The instructions are very easy to follow.
 

Mrs. Melanie Pinola added that there's one thing you can do to prevent an attacker from gaining access to your personal files with this or another password reset hack: encrypt the whole diskwith BitLocker.Read more on (IT World.com) here:

http://www.itworld.c...m-recovery-disk

2- Mr. Bogdan Popa author at (Softpedia.com) also was one amongs the first to feature this tutorial in both Softpedia.com/usa and Softpedia.com/espania, Mr. Popa added, Paradoxically, a few days ago, Nick Psyhogeos, Microsoft vice president, said during a media briefing that Windows 8 is one of the most secure operating systems to date, so it’s harder than ever to break into such a software.

Bogdan Popa added that after this tutorial they’ve contacted the company for an official statement on this and we will update this story as soon as we get an answer.Read more on (Softpedia.com) here:

http://news.softpedi...es-314646.shtml

3- Mr. Lee Mathews Geek Author on (Geek.com) also was among the first to feature this tutorial extensively, he stated that Despite being Microsoft’s most secure operating system ever, it’s possible to clear or change a user’s Windows 8 password without using anything but the built-in troubleshooting tools. All it takes is ten minutes, a Windows 8 System Recovery disc or USB flash drive, and the patience to execute a few simple directives from the command prompt. The trick, as detailed by Jamal Naji, boils down to replacing the Ease of Access center application (utilman.exe) with another copy of the command prompt (cmd.exe).Read more on (Geek.com) here:

http://www.geek.com/...tware-20121213/

4- GeekySpecs of Greece also feautured this tutorial, read more here:

http://www.geekyspec...dows-8-password

5- Also Alltop from ewallstreeter.com has featured this tutorial here:

http://ewallstreeter...software-5532/#

6- Hackillusions.com also featured this tutorial by Shubham Yadav, B.Tech(I.T) Graduate from Behror, Rajasthan. read more here:

http://www.hackillus...ord-in-minutes/


7- Also Mr. Kaushik Patwary from Instantfundas.com featured this tutorial here:

http://www.instantfu...et-without.html


8- The Indonisian blog (themaniax) also featured this tutorial here:

http://themaniax.blo...u-Hardware.html

9- Mr. Bill Mullins also featured this tutorial on his blog on Dec 14 stating that Windows 8 password reset trick requires no third-party software – All it takes is ten minutes, a Windows 8 System Recovery disc or USB flash drive, and the patience to execute a few simple directives from the command prompt. The trick, as detailed by Jamal Naji, boils down to replacing the Ease of Access center application (utilman.exe) with another copy of the command prompt (cmd.exe).Read more here:

http://billmullins.wordpress.com/

10- Thaiware.com  also featured this tutorial here:

http://tips.thaiware...่_Password.html

11- Umago from the (ycombinator) featured this tutorial in the hackers news, read more here:

http://news.ycombina...item?id=4915024

12-Also special thanks to all whom I didn't mention here that had featured and mentioned this tutorial in their blogs, forums, websites, facebook and everywhere, thank you very much, appreciate all your efforts and support.

Thank you, Jamal
 


  • Nuno Brito likes this

#32 DarkPhoeniX

DarkPhoeniX

    Frequent Member

  • Team Reboot
  • 452 posts
  • Location:In the middle of nowhere
  • Interests:Interesting Things
  •  
    South Africa

Posted 17 December 2012 - 09:43 PM

*
POPULAR

I just made A Vidio for this:

http://reboot.pro/tu...party-software/


  • Nuno Brito, Jamal H. Naji and Master of Disaster like this

#33 wailer

wailer
  • Members
  • 5 posts
  • Interests:I have no special talent, I am only passionately curious.
  •  
    Netherlands

Posted 17 December 2012 - 10:23 PM

Hallo again, changing a system from liveid to local pass seems to be pretty easy folowing the instructions given on http://forums.mydigi...word-hack/page2 .

 

I tested it on at least one laptop and it seems to be working, an to stay on topic i think this can still be done with no extra software than provided by microsoft. :dubbio:

 

btw nice clear vid DarkPhoenix


Edited by wailer, 17 December 2012 - 10:28 PM.


#34 Nuno Brito

Nuno Brito

    Platinum Member

  • Team Reboot
  • 10452 posts
  • Location:boot.wim
  • Interests:I'm just a quiet simple person with a very quiet simple life living one day at a time..
  •  
    European Union

Posted 18 December 2012 - 12:30 PM

I just made A Vidio for this:

http://reboot.pro/tu...party-software/

 

Nice video. :cheers:


  • Jamal H. Naji likes this

#35 Uvais

Uvais

    Frequent Member

  • Advanced user
  • 180 posts

Posted 18 December 2012 - 02:36 PM

Wow..same like 7 :D ...Thanks  :clap:


  • Jamal H. Naji likes this

#36 Jamal H. Naji

Jamal H. Naji

    Frequent Member

  • Tutorial Writer
  • 178 posts
  •  
    United States

Posted 18 December 2012 - 08:30 PM

Very nice video and work, thank you DarkPhoeniX


  • Master of Disaster likes this

#37 Master of Disaster

Master of Disaster

    Member

  • Members
  • 62 posts
  •  
    Monaco

Posted 21 December 2012 - 01:56 AM

SUPER !! :clap:


  • Jamal H. Naji and Hshfmdesigner like this

#38 Password

Password
  • Members
  • 1 posts
  •  
    Netherlands

Posted 22 January 2013 - 10:24 AM

I just made A Vidio for this:

http://reboot.pro/tu...party-software/

How do you change it back?

When I use 'sfc /scannow' it gives an error at 50% saying some files are corrupted and cannot be fixed.

(using win8ML64)



#39 DarkPhoeniX

DarkPhoeniX

    Frequent Member

  • Team Reboot
  • 452 posts
  • Location:In the middle of nowhere
  • Interests:Interesting Things
  •  
    South Africa

Posted 22 January 2013 - 03:46 PM

If Sfc /scannow dose not work for you

And you followed the video exactly ,you must then get Rename the Backup files to the original files:

boot into the Recovery disk

Go to the CMD (comand prompt)

Locate the system Drive as explained in the video

got to the windows directory using:

cd windows

go to the system32 directory using:

cd system32

the command prompt should show something like:

D:\windows\system32

(note: that the "D:" drive is where the windows was located in the video,it may differ in your PC)

Copy the files back to the original file names with the following commands:

del utilman.exe 

copy utelman.exe.old utilman.exe

del cmd.exe

copy cmd.exe.old cmd.exe

Reboot then you are set!

 

if you did not backup the "cmd.exe" & "utilman.exe"

You must copy these files back from a other computer with the same version of windows 8 than yours

alternately you can just delete the  hacked "utilman.exe", but the button on the login screen will not work

 

Please note that if your sfc scanner dose not work than your computer may have bigger problems....



#40 Jonathan William King

Jonathan William King
  • Members
  • 1 posts
  •  
    South Africa

Posted 21 February 2013 - 10:15 PM

Thank you so much Jamal for this guide, it's fanatastic! :)


  • Jamal H. Naji and Master of Disaster like this

#41 Agent47

Agent47

    Frequent Member

  • Advanced user
  • 164 posts
  •  
    India

Posted 09 April 2013 - 04:27 AM

Hi Jamal

 

Is this method is legal ?. I posted a link to this tut in "Bleeping computers forum" but they removed it calling it as illegal. Can somebody clarify the legality of this? 


  • Master of Disaster likes this

#42 Master of Disaster

Master of Disaster

    Member

  • Members
  • 62 posts
  •  
    Monaco

Posted 10 April 2013 - 11:52 PM

Hi Jamal

 

Is this method is legal ?. I posted a link to this tut in "Bleeping computers forum" but they removed it calling it as illegal. Can somebody clarify the legality of this? 

Obviously there is nothing illegal about this tutorial that is demonstrated by one of the top and very well known cyber security professionals in the world Mr. Jamal H. Naji, this tutorial has been featured in more than 30 respectful websites by well known authors that deal with technology and computers from all over the world, (use google to see that), for example / IT World.com / Geek.com / Hack illusion.com / Softpedia.com, etc...The later Bodgan Popa the author of Softpedia.com even contacted Microsoft Vice President - Nick Psyhogeos in a media breefing he asked him for an official statement about this major flow in Windows 8 OS  that Mr. Jamal H. Naji addressed in this tutorial.Check
post/Reply # 31 to see a list of the websites that featured this tutorial and show that to the admins of Bleeping Computers that obviously doesn't know much about what is legal and illegal.Welcome to Reboot.Pro (The castle of the Elite IT Pros of the World) my friend.Cheers !! :google_lt:



#43 Wonko the Sane

Wonko the Sane

    The Finder

  • Advanced user
  • 13745 posts
  • Location:The Outside of the Asylum (gate is closed)
  •  
    Italy

Posted 11 April 2013 - 09:19 AM

The word for today is "astroturfing":

http://en.wikipedia....ki/Astroturfing

 

:cheers:

Wonko



#44 coder

coder

    Member

  • Members
  • 63 posts
  •  
    United States

Posted 12 April 2013 - 12:28 PM

I hope you guys can read this with an open mind before deciding I have to be burned at the stake.

 

I think what Jamal did is a real challenge but I'm in doubt if it really helps the IT comunity or not.

Would you guys buy Windows without password protected accounts? probably not.

Then if you set a password is because you need a password...

 

In car forums when someone comes up with a trick to bypass some particular car alarm system it's immediatelly erased/banned always thinking of owner's protection. but here we celebrate the hacker !?!

 

I think it would've been much better for us (Windows users) if Jamal would've sent his findings quitely to Microsoft and MS releasing a security patch... Now (as I see) the author pleases his ego and we all have a new thing to worry about :-(

 

for those who loses passwords, well, there are always better alternatives than hacking systems in order to solve your problems.

 

 

Please this is just a personal comment inviting to reflection, it does not intend to start a war on the topic or thing like that.

 


 



#45 Wonko the Sane

Wonko the Sane

    The Finder

  • Advanced user
  • 13745 posts
  • Location:The Outside of the Asylum (gate is closed)
  •  
    Italy

Posted 12 April 2013 - 06:29 PM

coder,

the point that you are seemingly missing :dubbio: is that this exact same approach (or some slight variation of it) has worked for *any* previous MS NT based system, starting with XP.

 

 

It's not "news" in itself, the "news" are that it still works on 8 (or if you prefer that the good MS guys did not find the time to "fix" this since several years :whistling:).

 

XP:

http://blog.didierst...ith-utilmanexe/

http://blackunderton...ag/utilman-exe/

 

Vista (and 7):

http://www.askvg.com...ws-vista-and-7/

http://nookkin.com/a...s-password.ndoc

 

7:

http://www.technibbl...logons-utilman/

the other way using "sticky keys":

http://reboot.pro/to...ow-to-tutorial/

 

 

Server 2008 and 2008 R2:

http://labcontrol.bl...nformation.html

http://www.xpresslea...trator-password

 

As a matter of fact it represents not a security issue of any kind, unless you concurrently:

  1. authorize/allow physical access to your PC
  2. do not set a BIOS password OR you set the boot order of devices with anything different from internal hard disk

If you do both the above, you would actually "deserve" :w00t: being hacked :ph34r:.

 

And BTW, if you allow physical access to the machine and allow booting from *any* external media, there are several other ways to gain access using bootdisks.

 

:cheers:

Wonko



#46 coder

coder

    Member

  • Members
  • 63 posts
  •  
    United States

Posted 12 April 2013 - 08:07 PM

Wonko,

I was more talking abut why we are "celebrating" this kind of findings when (from my humble point of you) we should be against the ones that make this kind of info public. If the hole was already there even worse; if the author of the Windows crack is not really the author probably he should have said it. I cannot understand his excitment about all the sites reproducing a finding that you say was not originaly made by him??

 

About security; the scenario where the consultant uses a notebook that stays on a desk while he goes for lunch does it sound familiar to you?

Bios password off course, but the point really is that this can of "research" that is comunicated as a "service" to the IT comunity is not really ever the case. Security is always badly affected for this kind of helpers.  (just my opinion; I might be wrong)

 

I rather read a constructive how-to from Mr Jamal than one that teaches me how to "easily" defeat my OS passwords



#47 Wonko the Sane

Wonko the Sane

    The Finder

  • Advanced user
  • 13745 posts
  • Location:The Outside of the Asylum (gate is closed)
  •  
    Italy

Posted 13 April 2013 - 12:26 PM

Wait a minute.

 

The "procedure" was known.

 

That it applied to Windows 8 as well is (was) a new finding.

 

And Jamal took additionally the time to test it, verify it, assemble it in a detailed howto.  :thumbup:

 

There is nothing "cracked", as a matter of fact there are several "cracking" solutions to do the same, the "beauty" of this is that you can do it without using any particular tool.

 

If the consultant has not a BIOS password and allows physical access to his/her machine, that it's his/her problem.

 

This is more or less exactly the same "field", transposed, as lockpicking.

If you can open a lock with a bent paperclip it does not mean that you will go around opening other people's locked doors.

 

Knowing that someone can actually open your lock with a bent paperclip is actually a good thing, as you will be more careful, and either use  a "better" lock or avoid keeping anything of value behind that door, or anyway add some additional means of protection.

 

There is nothing "dangerous" or "viral" or "putting the security of users at risk" in knowing (and let people know) how it is possible - if needed - to gain access to a computer if the password was forgotten or the like.

 

Breaking into someone else's computer is forbidden by Law, if you do that, it's not the means that you use that make a difference (and as said there are tens of different ways to do the same).

 

Let's go back to kitchen knives and car batteries:

http://reboot.pro/to...ge-3#entry84698

let's classify them weapons and prohibit their use....

 

:cheers:

Wonko



#48 DarkPhoeniX

DarkPhoeniX

    Frequent Member

  • Team Reboot
  • 452 posts
  • Location:In the middle of nowhere
  • Interests:Interesting Things
  •  
    South Africa

Posted 13 April 2013 - 08:56 PM

This Is indeed a Old Method of hacking a system i remember doing something close to this in windows XP(the screen saver trick)

And their is way better and easier ways of Removing a password like salsa's password tool , the ERD's ect

The real trick is to not remove the password but to find out what it is.so the user dose not know about the infiltration

Additionally I read a lot of security reports that state that most users use the same passwords on different accounts

For instance you may use the same password for bank account and your Facebook account and your PC

A hacker could hack one of you accounts and get into the rest of your life

I think what is explained in this tutorial is not a real big security issue as the original password is not shown to the hacker

I think this tutorial is a real tool for legitimate password removal if the Hacker is stranded without his preferred tools and trying to help a forgetful person

This just seems to be a small over-site, remember the would be hacker needs to have physical contact whit the target PC to do this, a nice party trick at best

And Remember Technically a kludge



#49 coder

coder

    Member

  • Members
  • 63 posts
  •  
    United States

Posted 13 April 2013 - 11:42 PM

@wonko
with all due respect I do not agree with your views. If Jamal found that an old hack/crack/security breach or what ever you want to call it, applies today to Windows 8 he should've sent it to MS w/o publishing it.
To me it is hard to understand his excitment for something he really didn't find; he just only verified that an old method (found by someone else) applies to Windows 8. It is also unveliebable that here people "celebrates" "Mr." Jamal hacker attitude.

What about someone publishing how to bypass w/o tools your house alarm? what do you think about a guy like that??



#50 Wonko the Sane

Wonko the Sane

    The Finder

  • Advanced user
  • 13745 posts
  • Location:The Outside of the Asylum (gate is closed)
  •  
    Italy

Posted 14 April 2013 - 10:12 AM

It's perfectly OK :), that we disagree.

 

The point you still fail to consider is that - as said - Microsoft has evidence on this approach working on at least 4 (four) previous releases of the OS and did NOTHING about it and that there are - last time I counted them - at least 17 (seventeen) other ways to access a PC without knowing the password, provided that you have physical access to the machine and that you can alter the BIOS boot order.

 

About the excitement, consider how most people "excited" are/were not old enough/knowledgeable enough to know how the nature of this procedure is the same since years and the "celebration" is (if any) an issue with those celebrating of course.

 

The point is still that my (fictional, as I don't have one) house alarm can ALREADY be neutralized in no time by a burglar using (in no apparent order):

  1. a  bucket of water
  2. a can of spray poliurethan foam
  3. a high power CB radio
  4. a set of powerful rare earth magnets
  5. a specific electronic tool (sold in shops specialized in burglars' hardware)
  6. a backdoor code implemented by the manufacturer

knowing that you can additionally disable it by connecting with a paper clip terminals K27 and C33 for three seconds does not, in any way change the security level of the device.

 

:cheers:

Wonko






0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users