Hey Folks, in this tutorial we will tell you about various ways by which you can silently bypass or crack the logon password of any window 10 machine using bootable USB. If we look at it from another point of view, as we know that people are afraid of hackers and their fraud, so they enforce strict security in their system to protect themselves but they forget the password after implementing the security is what they set before, hence this article can also be helpful for those who have forgotten the password set earlier and now want to retrieve the password.

Requirements to crack window 10 password

  • Window 10 ISO Image – Donwload here
  • CD/DVD or USB drive with at least 8 GB
  • Rufus Softrware – Donwload Here

Let’s take a look 😛 !!

Make Bootable USB of window 10

There are several tools available for making bootable USB which we list below.

  • YUMI – Multiboot USB Creator
  • WinSetUpFromUSB
  • DiskMaker X
  • UNetBootin
  • EaseUS
  • Rufus
  • Windows USB/DVD Tool
  • Universal USB Installer
  • RMPrepUSB
  • Etcher

You can use all the above tools but in our case we will use the Rufus tool to create a bootable USB. Don’t think too much, just follow the steps given to make Windows 10 bootable USB.

  • Step-1 First download the Rufus tool using the link above.
  • Step-2 After that boot the software, download the ISO image of window 10 using the link given above.
  • Step-3 After downloading the image file, then click on Select, browse the ISO image and select it.
  • Step-4 Just click on start and complete the process of making bootable USB.

What we are going to do ?

Usually the window machine has an “ease of access” button in the bottom right corner, where we get the “on-screen keyboard” option after clicking on that button, so only we will change the cmd.exe application to the osk.exe via command prompt and the results, you can open a command prompt before login inside the window machine, change the password and then enter the machine successfully. Understand 😛 !!

Let’s Start Cracking Window 10 Password

Our bootable USB is ready, so just connect the bootable USB to the computer USB port and enter the BIOS setup by pressing the special key (ESC) via the keyboard ( It may be difficult according to the different-2 computers ), select bootable USB and you will get the interface as shown in the given picture. Click on “next” button.

Just click on “Repair your computer” button and go further.

Now click on “troubleshoot” option and proceed to arrive at the destination : P !!

We’ve got the main option “Command Prompt“, so just click on it and boot the command prompt.

Replace cmd.exe with osk.exe application

We have already told you the purpose of executing these commands so that you do not need to give more information about these commands. But make sure you should know the path of “/window/system32/” drive. After finding it just go to the location of system32 directory and execute the given command. After executing the above all commands then reboot the system.

Done 😛 !! When we click on the highlighted option, the “osk.exe” service gets activated and keeping this in mind we just replace this application to the cmd.exe through the copy command and when we click on it then the command prompt (cmd.exe) is activated on the login screen. Now just hit enter on this option.

BOOM 😛 !! As you can see when we click on “On-Screen Keyboard” option then the CMD prompt gets activated with an administrator privileges. After booting the cmd prompt all we have to do is change the password of the existing user using the “netuser” command.

User 🙂 !! net user < login username > < new password >

That’s it 😛 !! We got success because you can see that we have successfully logged into the system.

Replace cmd.exe with Utilman .exe application

Now here also we will follow the same procedure and first go to system32 directory then rename (Utilman .exe) application and finally we will replace cmd.exe application with Utilman .exe via copy command. Alright 😛 !! just execute the command. After execute the following commands then reboot the system and stay on system login.

Ready 😛 !! Look at the image below where we have indicated the button on which to click to activate the cmd prompt.

Done 😛 !! That’s what we thought ! after hit enter on “Ease of Access” button immediately cmd prompt get activated with admin rights. As before, we will change the password of the existing user through the “netuser” command and enter into the system successfully.

User 🙂 !! net user < login username > < new password >

Replace cmd.exe with sethc.exe ( Sticky Key ) application

As you have seen, when we press multiple keys at the same time (such as hit shift button five times) we get a sticky key warning on the screen (both before and after login). So just we will replace cmd.exe executable service with sethc.exe which shows us the alert on screen after which the cmd prompt will be activated when we press the key in sequence. Just execute the following command and reboot the system after doing it.

Great 😛 !! Now when we hit the shift button five times in sequence, we get a CMD prompt instead of a sticky key alert.

User 🙂 !! net user < login username > < new password >

Done 😛 !! Finally after changing the password using “netuser” command we can successfully log in to the system.

About the Author
Shubham Goyal Certified Ethical Hacker, information security analyst, penetration tester and researcher. Can be Contact on Linkedin.

Leave a Reply