- First, you will start up the computer (or restart it).
- While the computer is coming up and you can see it saying, “Starting Windows,” grab and hold down the power button until it does a hard-shutdown.
- This will make Windows have an issue. It will think it is broken and ask you if you want to Launch Repair, or Start Normally. You will choose to Launch Startup Repair.
- Startup repair will boot up and take a little while, then it will ask you if you want to use a System Restore Point. You are going to choose “Cancel.”
- Now is the long part… You will wait, and wait. After a long time, you will get a dialogue telling you that Startup Repair could not repair the computer automatically! What! After all that waiting? That is okay, because this plays right into our plans. So, you will click on the down arrow in the bottom left so you can see the Problem Details.
- Now you will click on the link at the very end of the Detail Report. It is the link for the Privacy Statement.
- Notepad will come up with the Privacy statement in it. You will go on the File menu and go to Open.
- Using the Open Dialogue, you will go to “Computer” –> “Local Disk” –> “Windows” –> “System 32”
- Now, don’t forget to switch from “Text Documents” to “All Files” so you can see every file in this folder.
- Find the application file “sethc” This is the accessibility keys program.
- Rename this file as a backup file: I named it “sethc-bak”
- Now find the file: “cmd” in the same folder. This is your command prompt. Right click on this one and go to Copy. Then right click in the white background of the folder and Paste.
- You will now have a file called “cmd – Copy.” You need to rename this to “sethc”. Then close out of all the windows and finish, so that the computer restarts.
- You will now be at the Login prompt (where you don’t know the password). Hit the Shift Key on your keyboard 5 times.
- The Command Prompt with Administrator Privileges comes up!
- You will type in:
and then make note if your intended victim username. If the username you have at the login screen is not here, then it is probably a mask for one of the ones here on the net user screen. Choose wisely.
- You can find out which user is in the admin group by simply typing:
net user [username]
for each one.
- To reset the password, type in:
net user [username] *
This will give you a prompt to type a new password. Keep in mind that if you set it to something new, the user will definitely not be able to get into their computer. However, if you just leave it blank, they will not be prompted for login. It is much more likely this way, that they will think it is some fluke. Maybe you put something on to monitor them, and now they will just set their password again and go on about their business. Whereas, if they can’t get in because you changed the password, they will probably wipe the drive.
- Either way, you will put the corresponding password into the login box after and you will be in!