Although Microsoft have tried to create a version of Windows that is more secure than its predecessors, the new OS, Windows 8, still falls short of this commitment, being vulnerable to the same hack that the older versions were. Although the system has improved, for some users, it still remains a possible security breach.

It would seem that Microsoft wants to improve the security of its OS, but they still don’t resolve the older issues. This is also the case of the Internet Explorer vulnerability that we’ve talked about recently, in which mouse movements could be tracked with a javascript exploit.

windows-8-security

Note: We realize the potential risk behind this method and the reason why we’re writing about this is only to inform users about this vulnerability. This method can prove to be very useful for those who have really forgot their passwords but also by hackers. Therefore, we hope that the Redmond guys will take some measures about this.

How to bypass Windows 8 password protection

In older versions of Windows, you could replace the password to any account fairly easy, with a recovery disk and a few commands in CMD. Microsoft have tried to resolve this issue, and have succeeded, but only half way. By default, Windows 8 users are logged in to their online Microsoft accounts, in which case, they are pretty secure, but if someone who uses computer running Windows 8 on a local account, they are still vulnerable. Their passwords can still be changed with ease.

Although we do not encourage accessing another computer without permissions, sometimes, there is need for this measure when someone forgets their password and the computer is rendered inaccessible. This step by step guide will show you how to change a Windows 8 user account password in only a few minutes, without the need of any hacking experience. For this, you will need a recovery disk, which can be created either on a CD/DVD or on a USB flash drive.

windows-8-password-hack-1

1. Insert your USB flash drive in a Windows 8 computerwindows-8-password-hack-2

2. Navigate to Control Panel -> Recovery

windows-8-password-hack-3

3. Select “Create a recovery drive” and follow the wizard to create the recovery drive

windows-8-password-hack-4

After the USB drive is complete, insert it into the computer that you want to access, restart the computer and enter Boot Menu.

Note: To enter the Boot Menu requires you to press a key right when the computer starts, usually this key is “F8”, but this is not true for every computer. Look it up on the Internet or watch when the computer starts, it will show you what key it is.

windows-8-passwrord-change

Boot from your USB drive, and when it starts, select the language of your choice and head over to “Troubleshoot” -> “Advanced Options” -> “Command Prompt”. This will open a CMD window, where you will type a few command lines. When the CMD window opens, write these commands:

CMD - Diskpart

  • diskpart
  • list vol

Note: Be careful what volume you select, it should be the letter corresponding to your Windows partition. Usually the letter is “C”, but in some cases, it might differ.

  • exit

Note: For this tutorial, we will assume that your Windows installation partition corresponds to the letter C. Also, be careful at the spaces in the command lines, you have to write them exactly as featured here.

CMD - password-hack

  • C:
  • CD WINDOWS
  • CD SYSTEM32
  • COPY CMD.EXE CMD.EXE.ORIGINAL
  • COPY UTILMAN.EXE UTILMAN.EXE.ORIGINAL
  • DEL UTILMAN.EXE
  • REN CMD.EXE UTILMAN.EXE
  • SHUTDOWN -R -T 00

Now the system is ready to have its password overridden. Your computer will restart, let it boot normally and when it reaches the logon screen, click on the “Ease of Access Center” in the bottom left corner of the screen and a command prompt should open. In this CMD window, type the following:

CMD - password-hack-change-password

  • NET USER
  • NET USER username *

Now you will be prompted to input the new password for the account. Notice that the password will not show and the cursor will not move, so be extra careful when typing it, because you are typing blind. After you confirm the password, the process is complete. You can close the CMD and log on to the computer using the new password you have just provided.

Note: For the second NET USER username * command, replace username with your own account name that is shown after the first command and the “*” will have to be typed after the username, with a space between them.

The process is very simple and can be done by anyone. Also, if you want to revert the effect of this process (the deleted files in the first part of the tutorial), you can do this by re-inserting and booting from your USB drive, open the CMD windows in the same manner as before and type the following commands in the CMD window:

  • C:
  • CD WINDOWS
  • CD SYSTEM32
  • DEL UTILMAN.EXE
  • REN UTILMAN.EXE.ORIGINAL UTILMAN.EXE
  • REN CMD.EXE.ORIGINAL CMD.EXE
  • SHUTDOWN -R -T 00

When you computer boots up, you will notice that by clicking on the “Ease of Access Center”, it will no longer open a CMD window, but it will have changed to the default setting.

Note: For those who have a Windows 8 installation DVD, you can do this without a recovery disk. Boot your Windows 8 DVD and when reaching the first start screen (where you select the language of the installer), hold “Shift”+”F10” keys together and a CMD will open. In this scenario, continue only from the “diskpart” command.

This is how it was done in the previous versions on Windows, and this also works on Windows 8, but only on local accounts. If your targeted account uses the Microsoft online logon, this method will not work. Again, we strongly suggest that you do not use this method unauthorized!

34
SHARES
PHOTO CREDITS: Reboot.pro
 
Author

I often wonder, where is technology heading? What do all of these advances mean for us and for our future? I sometimes miss the days when I didn’t know how to use a floppy disk, or how a computer CPU works, but now, until I find an answer to my questions, I’ll keep tracking these advances and show everything I find to those who share my interests.

 
 
  • http://techeverytime.com/ Ankur

    very useful and detail post. I I would surely try this on Win 8.

    • Nedelcu Ionut

      I am glad you like it. If you follow the steps here, it will work on a local account, however, we do not recommend using this method to gain access to other computers without autorization.

      • Avi Jit (@skyhitblog)

        Nice tutorial. I’m also going to try it. :)

  • http://twitter.com/scriptnull Vishnu Bharathi

    Good one !

  • Sahil Arora

    Really nice one! I read it few days back and tried on one of my relative’s pc. After reading 5 times this article, I finally got the security bypass!! He is still shocked and I rocked! Credit goes to you @nedelcuionut:disqus Thanks for this exceptional post! Keep up more like that! :)