This article will show you how to use Ubuntu boot U disk (or CD) to cleverly crack the Windows boot password. If you accidentally forget your password but don't want to reinstall the system, then this method allows you to reset the password without reinstalling.
This method is suitable for WindowsXP/7/8/10. In future versions, as long as the "Utilman" function of the Windows login interface is not cancelled, you can use this cracking method.
In operating systems after Windows XP, a function called "Easy Access" (Utilman) has been added to the startup interface. The main purpose of this function is to help users who have poor eyesight or hearing, or who cannot use the keyboard to complete Some operations.
This function called "easy access" can be executed before entering the password, which provides us with an idea. If we replace a function in "easy access", then we can implement the replacement before entering the password. A certain program can achieve the purpose of cracking the password.
The following is the startup interface of WIN8 (Win7 also has this icon, but the interface that pops up is different, but you can also see the "screen keyboard", XP needs to press the "Win key + U" on the keyboard to open easy access. Note : The simplified version of the system may delete this function. At this time, you can copy cmd.exe to Utilman.exe. Just call the "easy access" function on the boot interface to open cmd. The reason why the on-screen keyboard osk.exe is replaced is because This is more concealed.)
1 ) Prepare an Ubuntu bootable U disk (it does not have to be an Ubuntu system, any system that can read the computer system disk or PE), please refer to the method of making a U disk boot disk: How to make a U disk system boot disk in Linux environment; Use the U disk to boot into the U disk system.
2 ) Find or mount the partition where the Windows system is located, enter the partition, and replace Windows/system32/osk.exe with cmd.exe. This example uses Ubuntu. After entering the U disk system, open the terminal (Ctrl+Alt+t) and see The following example:
1 | # View hard disk partition list |
---|
2 | [email protected]:~$ sudo fdisk -l |
---|
The judgment of this step depends on your understanding of hard disk partitions. Generally, when you install the system using the partition interface that comes with Windows, a 100M boot partition will be generated, which is /dev/sda1 in the figure below. See this partition It means that Windows may be installed in /dev/sda2; if you install the system after using PE partition, there may be no such partition. If there are multiple hard disks, then mount the first partition of each hard disk to view Just check if there is a windows folder;
In addition, most of the Windows partition Type is NTFS/FAT32. If you see that the latter Type is ext4 or the like in this step, it is definitely not a Windows partition, but a Linux-like system partition format;
Through the above analysis, try to mount the /dev/sda2 partition under boot to /mnt to view its content, and see the familiar directory structure of Windows;
Enter the Windows/System32 folder (note the case of the directory name), replace osk.exe with cmd.exe, and then restart the computer;
3 ) You don’t need this U disk now, you can unplug it, restart to the Windows login interface, use the shortcut key "Win key + u", or click "Ease of Access" -> Start "On-Screen Keyboard" to see what happens what?
Change the password here to complete, just log in to this account with the changed password 123456.
The last thing to note is that after you enter the system, it is best to change the "\Windows\System32\osk.exe" under the system disk back, and make a backup file called osk.exe.bk, which is a disguised osk. exe delete, rename osk.exe.bk to osk.exe, so everything is back to normal;
The more recommended method is to encrypt the BIOS, so that others need to enter the password first to enter the BIOS setting interface, otherwise they cannot change the system boot sequence and set the USB or CD boot. Although the BIOS password can be cracked by discharging the BIOS, it is necessary after all Disassembling the machine will be a lot of trouble.
The aforementioned method of deleting the system "easy access" program cannot completely prevent this cracking, because cmd can be copied into Utilman.exe, so that only need to call the "easy access" function on the boot interface to open cmd.
Article source: QingSword (QingSword.COM)
Scan and follow us (Thousands of prizes are approaching, don’t hurry up)
Lab join application, business cooperation, enter the discussion group and contact Tone
Recommended Posts