Ever go to get on a computer and the user is logged out, and you don't know the password? Or do you have some access, but not access to a users private files, and you want access to those files?

This quick tut will show you the steps to do this locally, and to protect your computer from people doing this to you!

STEPS TO CHANGE/RESET PASSWORD FOR ANY USERNAME

1. Reboot the computer
2. Right after the bios is finished, hit F8 (or F2,10,12)
3. Select 'Safe mode' or 'Safe mode with networking support'
4. Windows will boot up to the logon screen. Click administrator, 9/10 there is no password.
5. Do, Start->Run->type 'command'
6. At the prompt, type 'net user' which will display a list of usernames. Find the one you are looking for, try 'net user username' for them all. Type 'net user /HELP' for more info.
7. To reset the password type 'net user username *' where username is the username you want to reset.
8. For no password, leave blank.
9. Now, reboot and you can login as that user.

STEPS TO PROTECT YOURSELF FROM THIS METHOD

1. Log into your account (must have admin rights)
2. Get to a command prompt and type 'net user username *' where username is Administrator, or the renamed administrator account.
3. Give administrator a STRONG password.
4. Done.

I never use windows, but when I do, I reinstall the OS on a clean harddrive, and take steps to secure it before I connect it to the net for windows and antivirus upgrades.

One of the first things I do is give the Administrator a password. I also disable the guest account, and give the guest username a password.

Next I uninstall all networking components except TCP/IP. Next I disable netbios in the TCP/IP component settings.

Then I disable some services from running, use 'net user username /DELETE' to delete the "SUPPORT" and helpdesk usernames totally, and do a bunch of other stuff.

Caveats:
If you are on a pc that does not allow you to boot into safe mode, you can get around this. They aren't disabling the safe mode from the OS, they are just not allowing it from startup by pressing a function key. All you need to do is reboot, and then when windows is still loading, before the login screen, turn off the computer by holding down the power button for 5 seconds. Then turn it back on and you should have safe mode available. You can try this at many different stages to get to a safe mode.

If you have administrator rights, you can modify your boot.ini file to automatically boot into safe mode, or, preferably, you can modify your boot.ini file to give you a choice of booting into safe mode every single time you reboot. I have a custom boot.ini on every windows I run.

You could also use a linux "live cd" such as knoppix to edit your boot.ini file. But if you are going to do that, why not just use a live cd to reset the password, or retrieve and crack the hashes, etc..

See available boot.ini switch options at microsoft support boot.ini switch options

This is meant to be for beginners so don't give me any $hit for how easy or simple this is. Not all of us even use windows.

Questions/Comments welcome.

THIS IS TOO EASY ! YOUR NOT 1337 !!!

j/k

Nice little tut, just one thing.... Not to be nicky picky



Under Windows 9x it was command.com, and called DOS Prompt -> Because it was linked to the underlying DOS that windows ran on top of

Under Windows NT (NT / 2000 / XP / Vista (yeah, we gotta add that now)) it is cmd.exe, and called Command Prompt -> Because it is just a 'emulator' of the old DOS Prompt



But yeah, just adding in some constuctive critisism, before kids start saying this method does work - complaining over 6 pages of posts without even adding in the error 'command not found' which would make to solution easier.... anyways, nice work...

Thanks for the clarification.. but I do think that typing command will work for any version. I personally always head on over to c:\windows\system32\cmd.exe, and create my own pif file, (i guess its just a shortcut these days) with enhanced buffers, quick edit, etc.. , you can also always set a variable in your system properties area.

Its funny that windows still comes with this default insecure setup even today. I remember back with windows for workgroups (and 3.11, and 95, and 98, etc.) where all you had to do was rename the .pwl files.. lol, this method I just posted about has been availble since then, I couldn't believe it still worked. They even have made it easier in some ways.

I just wanted to post about it because I noticed that windows is masquerading as some kind of secure OS, with its new login screen with all the fancy bells and whistles.. Its almost like they are fuc$ing every naive user on purpose.. Oh well, they are big enough to not have to worry abuot anything. Which they just proved when they started invading everyones privacy last week.

very nice
thanks on that tutorial