how hackers bypass windows login screen!

7:00 Brings a whole new meaning to the tooltip "Ease of Access"

-UsernameNotFound

There is an even easier way in which you don't have to use the cmd to rename and copy cmd, that is opening notepad.exe from the cmd, navigating from the open file menu, and changing whatever you want. Windows is really easy to hack at these levels, all you need to do is a little research.
As always, great content! <3

gustavogattinger

I fondly remember doing this exercise during a pc repair class I attended, pretty useful for clients that are "forgetful".

delvinciposterkid

Been a SE since Windows NT and I'm left baffled lol. THIS is what I LOVE about I.T. You never stop learning. Well done.

zeevyasharahla

This is basically the sticky keys (bug /hack) from Windows 7, you'd hit a key 5 times and Cmd window would popup rather than the sticky key message. Most companies already have the Usb and Bios disabled. So this is only useful if you forget your microsoft password.

Human_Shrek

this has been known for years, around since Windows 7, and you made it potentially more complex than is needed - you can also hit the reset key twice while Windows is booting. In startup recovery, you sometimes don't even need a password to open the CMD and change things from there

itsTyrion

In some cases you can't change the password (policies etc). You can create a new user (net user add etc) and put em to administrators group, login with this new account and you can see all local users and change their passwords. In some older versions you can also change domain users passwords - before login disable network so the domain controller will not be found by the os 😊

elmeromero

I love stuff like this. Once you see the trick, it’s so simple, but I would _never_ have thought of using this as a route into the command prompt screen.

OneBiasedOpinion

This was actually really simple :p no clickbait. Appreciate it.

cxi

Not the commands and actions I do during this exploit, but very informative nonetheless without teaching people how to do damage. There are additional steps to make it untraceable, especially on enterprise computers (which you would also have to unplug ethernet before boot). Nice choice with the Windows Install IMG over Linux (simpler to use, and allows you to just use the computer on your own OS), as it is digitally signed by MS and less likely to trigger the unsigned drive error (which would require a bios password [not hard to bypass]. However, this will not work on an encrypted drive, which i encourage all IT managers to undergo. Bitlocker takes 5 min to set up domain-wide. To prevent this attack on your machine, set a bios password, set another password for boot loader/menu, encrypt your drives, and disable automatic startup repair.

boardingurban

The main obstacle to this is just disk encryption with bitlocker, but the amount of people who don't have it on (esp because not everyone buys win 10 pro and signs in with a ms account) is large enough I think. But this is def an accurate representation of what someone could do if they stole your computer.
In fact if your password is weak enough they could even bruteforce the hash with special software.

smashmastersstuffs

There are multiple ways of making this secure.

1.
for business and home make sure that your case has a lock on it so someone can't remove the cmos battery and reset the bios.

2. Make sure the PC always boots from the hard drive first

3. Most importantly make sure your bios has a password set

4. Disable boot select menu

Also Microsoft can prevent this from having the main login UI check to see if any programs that it launches during the login screen has been tampared or can even block programs while on the logon screen.

PhantomWorksStudios

Excellent video my friend. I haven't logged into my laptop for 2 years and I forgot my password, I tried for 2 weeks different passwords but couldn't remember. This video saved me over $100 at the computer shop to get them to do it. I fixed it myself at home in front of the TV :)

trinityfoxxx

Most computers, especially company computers won’t allow you to boot the usb without entering bios first and it’s generally locked by a password, there’s still ways to get around that but this method requires a few more steps to work on most computers

firsttimegaming

This seems so much easier/more simple than using a Linux ISO boot to redo account passwords. Thanks for the info!

tallpaul

I used this first one on my dads old laptop when he forgot the password. It actually startled me how easy it was!

TheGrowOp

This vid is really helpful for tech support. So many occasions that we really need this. 😅

blightfrog

There is no need to do the download and USB set-up, etc.

When starting your computer, if you shut the power a couple of times in a row, then the next time that you start the computer, you will be offered a menu to repair your computer.
I do not recall the exact menu. But if you click around, you will find the option for running the command prompt. From there, you can follow our host's instructions.

Also note that many computers will not allow you to boot from a USB drive, which will prevent you from doing what our host described.
For those computers, you will have to go into the BIOS, and set a password. After that, you will be able to change a BIOS setting to enable booting from a USB drive. After that, you can remove your BIOS password.

NoEggu

I first saw someone (a CEH) do this about 6 months ago and I was shocked and intrigued to study CEH as well. The difference was at the CMD he created a local admin account on the machine and logged in with that

jonjones

You can do same without a usb windows bootable drive, only physical access is required.

To void this: use drives auto bitlocker enabled, which unlock automatically after your login and auto lock after reboot or poweroff.

Whenever someone try same they will face bitlocker encryption.

Good guide, keep it up 👍

neymat