Home 0P3N Blog Hacking User Accounts Without Programs in Win10 Home
Ready to Start Your Career?
Create Free Account
dnieves s profile image
By: dnieves
July 27, 2018

Hacking User Accounts Without Programs in Win10 Home

By: dnieves
July 27, 2018
dnieves s profile image
By: dnieves
July 27, 2018
Welcome to hacking Windows 10 Home profiles! This walkthrough only applies to Win10 Home without any encryption software. Encryption software like Bitlocker or Bitcrypt will block this capability. Win10 Pro Edition without encryption software or on a domain may work, but it hasn't been attempted yet.These issues don't come up often, but when they do, we can get frustrated. If you don't have software like UUkeys, this may be a little tedious to figure out. This only came up for me since an unorganized, cheap friend of mine who owns a business at home only uses Win10 Home, and he forgot his password. He asked me to hack it, since Microsoft wouldn't assist, and yes, it was his legal copy and he owns the laptop. Please ensure that you yourself do not use this technique for any malicious acts. If you feel like purchasing a useful tool, visit https://www.uukeys.com/.If you have a hack for Bitlocker, please share!In order to continue, go to the Windows site and create a USB image to boot from. It's free and will come in handy for desktop support positions or even hacking your idiot friends' computers! If  you have a copy from when Win10 was first released, grab a 32 GB flash drive and create a new one. The latest kernel version is 1803 and takes forever to update. To alleviate that issue, create a new USB with the new kernel version.https://www.microsoft.com/en-us/software-download/windows10

How to Hack

Ok... now to the good stuff, and this will be rather short!Place BIOS on legacy boot and boot from USB.Once the Windows repair comes up, the GUI will show "Install" in the center and "repair" in small text to the bottom left. On this screen, you may be able to press Shift+F10 to bring up CMD. If not, no worries; just click on repair and navigate to CMD.Once CMD is up, you need to find the drive letter of your hard drive. It will vary depending on the computer. Type "diskpart" and then "list vol." You'll notice that the drive that most likely has the most space is the c: drive, but if you notice, the ISO USB changed the letter drive."Exit" and CMD will bring you back to the main area. Let's pretend your c: drive's letter is now f:.Use these commands in this order:
  1. cd f:
  2. cd windowssystem32
  3. rename osk.exe osk.old
  4. rename cmd.exe osk.exe
  5. Exit
Restart the computer. Once you have returned to the login main screen, go to the bottom right and click on On-Screen Keyboard.Hellooooo CMD comes up at the sign in!Type "net user"Then "net user win10 *"CMD will prompt for a password change.Once you change the password, you will have access to the account. Remember to go back and boot from the USB again, and change the files back accordingly to where osk.exe is cmd.exe and osk.old is osk.exe.Just a reminder: Please do not use this for any malicious acts and get yourself into trouble. This is a last-resort process.
Schedule Demo

Build your Cybersecurity or IT Career

Accelerate in your role, earn new certifications, and develop cutting-edge skills using the fastest growing catalog in the industry