Jump to content
Tuts 4 You

How to bypass logon password screen?


Recommended Posts

Hi guys,


so I need again some help.I have a friend who is using Windows 7 on Laptop and now after some weeks my friend did forgot the logon password and can't come to desktop anymore to work with the Laptop. :) The problem is the missing password and the Nag keeps poping up.Now I tried to google a little bit to find any solution to bypass this Nag or change the password and found something to start the Laptop in safemode with command prompt.




So I thought that would be the right solution and sound also very simple to handle and tell this my friend on telephone but wonder oh wonder it didn't work so the problem starts already after choosing the start method "safe mode with command prompt" so it dosen't stop at any command prompt and loads again the normal windows with mouse + password Nag!?!What now?How to handle that problem and how to get the command prompt?


Has anyone of you any idea what to do and how to handle that problems now?Without command prompt my friend can't change the password and without password = no access to windows. :( No idea why this startup with command prompt isn't working on that Laptop.


So if you got any ideas what my friend can do now then post it please.


Thank you

  • Like 1
Link to comment
Share on other sites

just make a linux live cd and use a program called chntpw to reset it offline, its easy (assuming disk isn't encrypted)


or u can boot from windows disk & open recovery console from there to get a cmd prompt, but no admin pw's will be changed from limited user acct w/out some tricks. tricks non techs won't be able to pull over the phone.


offline backup + refortmat may be the best bet though

Link to comment
Share on other sites

I did that a while ago, using this tutorial



Works just fine.

Edited by Alcatraz3222
Link to comment
Share on other sites

Hi LCF-AT,I had the same problem about forgetting (due to the automatic logon feature) my/my friend's/etc. Windows password in the past a couple of times.I have some solutions for you :-)
But first: There is no reason to panic. No need to format the hard-drive and lose all your data.
The general procedure is to start the computer from a CD or USB drive and then accessing/modifying the file where the Windows password hash is stored)
For this to work, the computer needs to be able to boot from CD/USB. Here are the instructions for all the major BIOS models:
You have to press a certain key before Windows starts, and the key differs from BIOS to BIOS.Now the possibilities:
1. The first one was already mentioned, here is the link to that website:
The download link is at the bottom of the website.2. My favorite: Kon-boot
Kon-Boot also starts from CD/DVD or USB and can directly bypass the logon password temporarily. This works by tampering with the windows boot-process and is completely transparent and the changes are only in the memory. Nothing is written to the disk. To me this is the easiest and most convenient option.

Once you bypassed the login once, you can change the password to anything you want.
Unfortunately, you would need to find the full version (latest is V2.4) on google, because the free version doesn't support Windows 7.

(Not endorsing piracy here, Teddy :-) )


3. The reverse engineering option:
You could write a dup2 patcher with this method and send the patcher to your friend. After he's done, he can replace the patched file with the backup.


4. The “sticky keys” option.
If you are using Windows right now, you can press the SHIFT key five times and a window will appear. This window also appear on the lock/logon-screen before signing into windows. By replacing a file in the system32 folder named “sethc.exe” with “cmd.exe” (and renaming the cmd.exe to sethc.exe) you can pop-up a command window on the logon screen before signing in. Then you can reset you windows password from the console (with the “net user USERNAME *” or “control userpasswords2” command)
This option requires some time, as you need to download a Linux/etc. live-CD system to access the windows hard-drive.
I hope it works!
Feel free to ask me any question about it, if you have one.Kind regards


edit: Saw alcatraz's post after writing this, the video uses option 4 and explains it in "only" 20 minutes (No offense to the creator of the video, but that is ridiculous.)

Edited by Zulu
Link to comment
Share on other sites

Hirens boot , -> NTPWEdit (reset Xp/vista/7 user password) is the better NON invasive program
https://www.youtube.com/results?search_query=hirens+boot+NTPWEditfor  windows 95/98/98se/millenium/xp sp1/sp2 can use datapool cia commander from a floopy
Best Regards Apuromafo

Link to comment
Share on other sites

Hi again,


thanks for your answers so far.So the solutions you did postet seems to be more complex as I thought before.Hhmmm.So it looks that my friend has just to re-install Windows and never using a stupid logon password again. :) I also can't explain these steps on phone so my friend would just understand railway station you know.Oh boy,such a BS!


On the other hand I have installed Windows 7 32 bit on my VM so there I could maybe test & check some hints out etc.


Ok guys,thanks again and I will see....if got another ideas "something like for dummies" then post them too ok.



Link to comment
Share on other sites

Hi again,


ok sounds good to try & create a Hirens boot CD.I did read the descriptions now about the password reset and I think that way could be easy enough for my friend.I hope that this method will work. :)


Thanks again guys and I do later send feedback about success or failure.




  • Like 1
Link to comment
Share on other sites

I would suggest you to follow the easiest way


You could change the password by using a bootable windows CD. Use the CMD prompt from windows setup and replace utilman.exe with cmd.exe by doing


copy c:\windows\system32\utilman.exe c:\copy c:\windows\system32\cmd.exe c:\windows\system32\utilman.exe


note that you need to change C:\ to wherever your windows is installed at. This can be verified with the dir command.


after that you reboot and click the accessibility icon at the bottom of windows logon screen. This will bring the cmd and then you can use the net user command to change your password.


Personally i tried it few days ago to help a friend and it did work just fine.

Edited by Lostin
Link to comment
Share on other sites

  • 1 year later...

To decrypt windows 7 password just use mimikatz!!!

But how can run this remotly??  any hint?  or using a bat file?

For example on windows 7 embedded ?? here the aplication runs external as terminal rerver.

But I have the IP of this pc  or HDD..  to can connect to other pc by USB (not to chnage hdd to other pc and boot from this.. never works)

As you we know the password its on memory of lsass process.




thank you.

Edited by H_C
Link to comment
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
  • Create New...