[Update] If you want to recover Windows 8/8.1 passwords instead of removing them see this tutorial
So we are back. About a Year ago I wrote a post on how to remove Windows Password using CHNTPW but many readers complained that it was not working on Windows 8. I tried myself on many it worked but once I also got stuck. So I did a little work around. In this tutorial I'm going to show you how to remove Windows 8/8.1 passwords using CHNTPW. Well it's little bit tedious than the older one but believe me it's fun too.
Background:Let's get started with a little bit background. Windows OSs have a User known as Administrator which is hidden by default. This user is there for security reasons (maybe it's the way around). Most of the users who use Windows are lame, sorry to say that but I'm not talking about you, they don't even know that such an invisible account exists so it is almost everytime without a password. But this Administrator user is a SU (Super User), that means you work wonders once you get access to this account. So our first task will be to make it visible and then we'll access it and using it's power privilages we'll remove password of other accounts (which is not really neccessary cuz you can access any user folder or file using Administrator Account).
Requirements:1. Physical Access to the Victems computer.
2. A Live Bootable Kali/Backtrack Linux Pendrive or DVD.
(You can downoad Kali Linux here)
Steps:1. Plug in the Live Bootable Pendrive/DVD into to victim's computer and then boot from it.
2. After accessing kali linux (I'm using Kali Linux) from victim's computer open a terminal.
3. Now we have to mount the drive on which the victim's OS is loaded. In my case it is sda2. So in order to mount that drive I'll type the command:
mount /dev/sda2 /media/temp
this means that I'm mounting the drive in folder /media/temp if you haven't created a temp folder in /media then you must create one by typing these command:
4. After mounting the OS we need to access the SAM file and make visible Administrator account using chntpw. It's so simple lemme show you how.
first we'll navigate to /media/temp/Windows/System32/config:
now we display the list of users on our victim's computer:
chntpw SAM -l
You'll see an Administrator User there which is disabled. Now we'll enable that:
chntpw SAM -u Administrator
now type 4 and hit return
press 'y' to save changes to SAM file.
OK voila! the hard part is done.
5. Now restart your Computer and take out your Pendrive/DVD from your computer and boot into windows 8 OS. You should be able to see Administrator User on Logon screen now. If not then look for a backward pointing Arrow besides the user Login Picture. Click on that Arrow and you should see an Administrator User. Click on the Administrator Account and wait for a while until windows 8 sets it up.
6. After a while you get Access to the computer and you can access anything. Enjoy :)
7. What you want to remove the password? I don't think it's a stealth mode idea, is it? OK I'll tell you how to do that but It's not a good hacker way of doing.
Open up the command prompt, simple way to do it is:
Press Ctrl + 'x' and then Press 'a' and if prompted click yes.
After that Enter following commands:
(This command will display all users on computer)
net user "User Name" newPassword
(This Command will change the Password of User Name user to newPassword).
OK you're done now logout and enter the new password. It will work for sure.
8. If you want to disable the Administrator Account again then type in command prompt:
net user Administrator /active:no
I tried it on Windows 8/8.1 all versions and it works. Guess what it works on all windows OSs.
Hope you enjoyed this tutorial. Don't forget to share it and yes always read the Disclaimer.