How To Bypass Windows Password
This is the easiest possible known for gaining access to almost any Windows computer.
In this tutorial, we will be going over how to login to Windows without access to the password. This will enable you to log into any Windows computer under any user. The tools we will be using here are simple, using a tool that can be installed on Windows or Linux. Mac support is available, please write in the comment section if you are interested.
What this tool does.
- It is a Master Boot Record infection. It basically infects the MBR when Windows boots. It does not cause any harm to the computer or leave any trace of it being used. More information.
- It works with all Windows variants up to Windows 8.1
What this tool does not do.
- First, it is not possible to change the password associated to the account used to connect. However, changing the password of other local accounts on the system seems to be possible.
- The files encrypted with the EFS (Encrypted File System) Windows feature cannot be opened. An “access denied” message is displayed by the system.
- In a more general way, it is not possible to use the private keys stored in the Windows certificates store (it is not possible to access to secure websites, or to decrypt e-mails.
- Kon-boot does not allow to bypass the authentication on an Active Directory domain.
What you will need
- Computer with admin access
- Blank USB flash drive or CD or SD card
- Download this folder that contains the tools that we will be using
- Computer to compromise
Instructions for Windows users. Scroll down for Linux users.
Once you have downloaded this file, extract it to your desktop.
Next, navigate to My Computer. Note the drive letter that you want to use for KonBoot. Right click the drive (once you have removed the content from the drive that you want to keep) an select "Format Drive"
Select "restore device defaults" and click "start"
Now to install KonBoot to drive
Go back to the KonBoot folder you just downloaded and extracted.
Open the CD folder if you are going to install on a CD
Open the USB folder if you are going to install on a flash drive or SD card
To Install On Flashdrive/SD card
THIS IS IMPORTANT
Unplug any other drives you have in your computer. Otherwise you risk permanent data loss.
Right click "usb_install2_NEEDADMIN" and select "Run as Administrator". Click "OK" and it will write KonBoot to drive.
That's it! KonBoot is now written to the drive! You may now put whatever files you want back on the drive, being careful to not delete any konboot files already on the drive.
To Install on CD
Open the "kon-boot CD" folder in the Kon Boot file you downloaded. Right click and click "Open with Windows Disk Imager" Select disk that you want to burn and click "burn" KonBoot is now installed on CD.
How To Use KonBoot
Power off the victim machine. Plug Kali Linux into a USB port on the machine. Turn on the machine and hit the key "F12" or "F10" when you see the BIOS loading (black screen with various nonsensical words). Some computers are different. You want the computer to show this screen.
In this case I will select "CD-ROM" since I am booting from a CD. Select the number or letter that correlates with either "CD-ROM" or "USB HD". You may have to try other USB options, BIOS's vary from one another. Once you have selected the drive, you should see a screen like this.
From this point on there will be no more screen shots due to limitations in Oracle VM.
Finally, hit the "enter" key to start KonBoot. It will begin and soon Windows should load. When you get to the user login, select any user you want and hit the login button. You will automatically be logged in to that computer. For computers where you have to type in username. Type in username that you wish to use and log in. The privilege escalations will last until you shut the computer off.
To Install on a Linux machine.
Download KonBoot hereTo install on USB or SD
Download and install UnetBootin by typing: sudo apt-get install unetbootin
Then type"sudo unetbootin"
A graphical interface will come up (sorry this method won't install over putty).
Extract the file and select the diskimage from the KonBoot folder USB.
Next, wipe the drive you intend on using.
Finally, write the image to the USB.
To install on CD
Go to the KonBoot CD folder and "burn to disk".
Proceed from How To Use KonBoot.
picture from this site
Complete details on the use of the tool. Link.