Proj 13: Reset Windows Password with an Install Disk (15 pts.)

Purpose

Often you need access to a Windows machine but you don't have the password. That's easily solved by booting from a Windows installation disk. This is a very old technique

What You Need

Booting from the ISO File

Launch VMware Player. On the left side, click your Windows 2016 machine. On the lower right, click "Edit virtual machine settings".

In the "Hardware" box, on the left side, click "New CD/DVD". On the right side, click the "Use ISO image file" button.

Click the Browse... button. Navigate to your Downloads folder and double-click the 4393.0.161119-1705.RS1_REFRESH_SERVER_EVAL_X64FRE_EN-US.ISO file, as shown below.

Click the Close button.

In VMware Player, on the lower right, click Play. A message appears saying "Press any key to boot from CD or DVD...", as shown below.

Click in the virtual machine window and press Enter.

A box appears asking what language to use, as shown below. Click Next.

In the next box, on the lower left, click "Repair your computer", as shown below.

Opening a Command Prompt

A "Choose an option" screen appears, as shown below. Click Troubleshoot.

An "Advanced options" screen appears, as shown below. Click "Command Prompt".

Modifying Utilman

In the Command Prompt window, execute these commands, as shown below. These commands put a copy of cmd.exe on top of the utilman.exe file, which is a very old trick that makes it possible to hack into Windows.

D:
cd windows\system32
ren utilman.exe utilman.exe.old
copy cmd.exe utilman.exe
shutdown -r -t 0

When your machine restarts, don't press a key to boot from the CD. Just let it proceed to the login page shown below.

Press the Windows logo key and the U key. (On a Mac, press Cmd+U.).

A Command Prompt opens, as shown below. Execute these commands to see how it works and reset the Administrator password--you are now "System", and therefore more powerful than the Administrator. Enter a new password twice when you are prompted to.


whoami
net user administrator *

Saving the Screen Image

Make sure your screen shows the answer to "whoami" of "nt authority\system", as shown above.

Save a whole-desktop image with the filename "Proj 13 from YOUR NAME".

Turning In Your Project

Email the image to cnit.123@gmail.com with a subject of "Project 13 from YOUR NAME".

Sources

How to Reset Forgotten Windows Server 2016 Password


Last modified: 3-22-18 7:21 am