Hacking User Accounts Without Programs in Win10 Home

July 27, 2018 | Views: 5623

Begin Learning Cyber Security for FREE Now!

FREE REGISTRATIONAlready a Member Login Here

Welcome to hacking Windows 10 Home profiles! This walkthrough only applies to Win10 Home without any encryption software. Encryption software like Bitlocker or Bitcrypt will block this capability. Win10 Pro Edition without encryption software or on a domain may work, but it hasn’t been attempted yet.

These issues don’t come up often, but when they do, we can get frustrated. If you don’t have software like UUkeys, this may be a little tedious to figure out. This only came up for me since an unorganized, cheap friend of mine who owns a business at home only uses Win10 Home, and he forgot his password. He asked me to hack it, since Microsoft wouldn’t assist, and yes, it was his legal copy and he owns the laptop. Please ensure that you yourself do not use this technique for any malicious acts. 

If you feel like purchasing a useful tool, visit https://www.uukeys.com/.

If you have a hack for Bitlocker, please share!

In order to continue, go to the Windows site and create a USB image to boot from. It’s free and will come in handy for desktop support positions or even hacking your idiot friends’ computers! If  you have a copy from when Win10 was first released, grab a 32 GB flash drive and create a new one. The latest kernel version is 1803 and takes forever to update. To alleviate that issue, create a new USB with the new kernel version.


How to Hack

Ok… now to the good stuff, and this will be rather short!

Place BIOS on legacy boot and boot from USB.

Once the Windows repair comes up, the GUI will show “Install” in the center and “repair” in small text to the bottom left. On this screen, you may be able to press Shift+F10 to bring up CMD. If not, no worries; just click on repair and navigate to CMD.

Once CMD is up, you need to find the drive letter of your hard drive. It will vary depending on the computer. Type “diskpart” and then “list vol.” You’ll notice that the drive that most likely has the most space is the c: drive, but if you notice, the ISO USB changed the letter drive.

“Exit” and CMD will bring you back to the main area. Let’s pretend your c: drive’s letter is now f:.

Use these commands in this order:

  1. cd f:
  2. cd windowssystem32
  3. rename osk.exe osk.old
  4. rename cmd.exe osk.exe
  5. Exit

Restart the computer. Once you have returned to the login main screen, go to the bottom right and click on On-Screen Keyboard.

Hellooooo CMD comes up at the sign in!

Type “net user

Then “net user win10 *”

CMD will prompt for a password change.

Once you change the password, you will have access to the account. Remember to go back and boot from the USB again, and change the files back accordingly to where osk.exe is cmd.exe and osk.old is osk.exe.

Just a reminder: Please do not use this for any malicious acts and get yourself into trouble. This is a last-resort process.

Share with Friends
Use Cybytes and
Tip the Author!
Share with Friends
Ready to share your knowledge and expertise?
Comment on This

You must be logged in to post a comment.

Our Revolution

We believe Cyber Security training should be free, for everyone, FOREVER. Everyone, everywhere, deserves the OPPORTUNITY to learn, begin and grow a career in this fascinating field. Therefore, Cybrary is a free community where people, companies and training come together to give everyone the ability to collaborate in an open source way that is revolutionizing the cyber security educational experience.

Support Cybrary

Donate Here to Get This Month's Donor Badge


We recommend always using caution when following any link

Are you sure you want to continue?