Sethc Windows Exploit

Robert Washbourne - a year ago -

Here is how to become administrator without a password.
This is proven on windows 7&8, but this should also work on windows 10.

First download the ophcrack vista/7 iso from Ophcrack. (if you do not want to crack passwords, this tutorial will work on any linux disto Get a writable disk and put it into your computer.
Download free iso burner.
Open the Free iso burner program and select the ophcrack iso file.

Now you select burn and burn the disk. Once it is finished, save your files and restart your computer. You might want to write down the later steps so you can see them when ophcrack starts. Now, when the boot screen comes up, you need to select ophcrack graphic mode. If you need to find out admin passwords, use the hack tool.

Install extra rainbow tables if needed. If you do not, go to navigation and locate windows and open  system32. Now find cmd.exe. Duplicate it and rename it sethc.exe. When it prompts to replace, say yes.

Remember that annoying thing that popped up when you pressed shift five times? Yeah, sticky keys. This is replacing sticky keys with command prompt. This makes it so when you press shift five times, admin command appears.

If you cannot locate cmd.exe and sethc.exe, you can use these commands:

copy c:windowssystem32cmd.exe c:

copy /y c:windowssystem32cmd.exe c:windowssystem32sethc.exe

If you do not want the sticky keys, in the terminal you can just enter

net user Admin_account New_password

To exit ophcrack, click the leave session button on the top right. Press shift five times until command pops up. Enter this command:

net user Admin_account New_password

Now login and you will be admin. More on the Sticky keys method at 4sysops.com

Subscribe to DevPy
Get a post every few weeks, no spam.