The VX-Files
The VX-Files
  • README.txt
  • For updates, questions, suggestions or just chatting: @malcrvz
  • Download your own local copy or check my other libre projects: Github/malcrvz
  • 📕Cybersecurity Theory
    • Index
      • Malware types
        • Viruses, worms and Trojans
        • Backdoors, Rootkits and Spyware
        • Botnets, DDoS and Spammer
        • Ransomware
        • Scareware and Adware/PUP/PUA
        • Downloaders and Launchers
        • Hacktool
        • APT - Advanced Persistent Threat
      • Social engineering techniques
        • Phishing
        • Pretexting
        • Baiting
        • Quid pro quo
        • Tailgating
      • Cryptography
        • Hash functions
        • Symmetric, Asymmetric and Hybrid cryptography
        • Digital signatures & Digital certificates
        • TLS Protocol
      • Pentesting methodology & Techniques
        • CIA Triad - Confidentiality, Integrity & Availability
        • The methodology steps
        • Pre-Engagement
        • Information Gathering
          • HTTP status codes
          • robots.txt
        • Vulnerability Assessment
        • Exploitation
          • Password cracking
        • Post-Exploitation & Persistence
          • Types of Shells
        • Privilege Escalation & Lateral Movement
        • Reporting & Remediation
  • 🐧Linux Essentials
    • Index
      • 1, 0, bits, Bytes: Units of digital information
      • User management
      • Packet management
      • Privileges & sudo
      • Passwd & Shadow files
      • Managing files, links and regex
      • find
      • Terminal/TTY
      • SSH
  • 🪟Windows Essentials
    • Index
      • CLI user management
      • CMD File management
  • 🌍Networking Essentials
    • Index
      • Windows CLI IP management
      • Linux IP management
      • Linux CLI Wi-Fi connection
  • 🕸️Network Pentesting
    • Tools
      • 1. Pre-Engagement
        • OpenVPN
      • 2. Information gathering
        • cURL & wget
        • Nmap
        • arp
        • Netcat
        • whatweb
      • 3. Vulnerability assessment
        • smbclient
      • 4. Exploitation
        • Metasploit
        • Hashcat
        • John the Ripper
      • 5. Post-Exploitation & Persistence
        • SSH
      • 6. Privilege escalation & Lateral movement
        • Possible privilege escalation vectors - Auto-enumeration scripts
      • 7. Reporting & Remediation
    • Techniques
      • Upgrade reverse shell to interactive
      • Transferring files to/from remote victim
      • Possible privilege escalation vectors - Manual checklist
    • Resources
      • Manufacturer default passwords lists
        • IP Cameras
      • Get Shells
  • 💉Web App pentesting
    • Tools
      • CeWL
      • Gobuster
      • whatweb
    • Techniques
      • Command injection
    • Resources
      • Reverse Shells
      • Bind Shells
  • 📡Wireless pentesting
    • Tools
    • Techniques
    • Resources
  • 🔓On-Premises Pentesting
    • Tools
    • Techniques
      • Removing Linux user passwords
      • Removing Windows user passwords
    • Resources
  • 💽Disks & Forensics
    • Index
      • Getting a disk ready
      • Inodes & Sectors
      • Recover deleted files
      • BUILDING - Secure file deletion
  • 🕷️Bash scripts
    • coming soon
  • ⚡PowerShell Scripts
    • coming soon
  • 🟩HTB Walkthroughs
    • coming soon
  • 🏴‍☠️External Resources
    • Schools
    • Books & Wikis
    • Utilities
    • Interactive cheat sheets
    • Wordlists
Powered by GitBook
On this page
  1. On-Premises Pentesting
  2. Techniques

Removing Windows user passwords

Last updated 1 year ago

For this you need a toolkit USB loaded with a live CD tool as (deprecated, but still functional) "Hiren's Boot" or its spiritual successor (and loaded with tons of useful tools, very recommended!) "Medicat".

There's instructions/scripts to install them on a USB in their webs.

Once you boot the live CD there's a section with various password removal tools that edit the SAM file and let you change/remove the pass easily with a graphical interface. Just select the account you want to remove the password and follow the steps.

If live CD doesn't load directly and BIOS has a password, meaning you can't change boot order, you would need to open the system and remove the CMOS battery located in the motherboard for a couple minutes, so the BIOS resets to default.

Be very careful when editing SAM files and never do it on production systems if there's other way, as it can corrupt the file and leave the account inaccessible!

🔓
LogoHomepageHiren's BootCD PE
LogoMedicat - Computer Diagnostic and Recovery Toolkit