Hack a Windows 7/8/10 admin account password with Windows magnifier

This exploit takes advantage of the ease of access tool on the login page by ‘tricking’ windows into launching a fully privileged command prompt by selecting ‘make items on the screen larger – magnifier’. By using this method you can simply reset admin account password, just by having physical access to the computer.

Disclaimer: This is for use on a PC that you own. Breaking into someone else’s PC is considered a serious crime in most places. If you make a mistake or change something else, your Windows may become a non-boot. If so, just undo whatever you changed outside of the hack shown here, and it will back to normal. Need I say this is for Educational Purposes! You are responsible for your own thoughts and actions.

1. Launch any OS that allow full access to file system

Here you can use many different linux distros or even a windows disk/usb, as long as you can access the terminal/command prompt, you’re good. In this case, we are going to use Kali linux distro. Insert CD/DVD into drive and reboot the machine. Start your Live DVD. You may need to go into the BIOS screen and change the boot-up order to CD/DVD drive first, HDD second.

2. Navigate to Sys32

Use the file browser in your Linux environment, navigate to %windir%/system32/. You may have to right-click and mount the Windows partition/drive first or use the NTFS-3G command.

Article is written on a macbook with Windows dual booted, there is Windows instance named as BOOTCAMP.

3. Rename Magnify.exe

Find and rename magnify.exe (Magnifier file) to magnify.old

READ ALSO:  WannaCry ransomware: researcher halts its spread by registering domain for $10.69

4. Rename cmd.exe

Find and rename cmd.exe to magnify.exe.

5. Shut Down Linux & Reboot Windows

Log out and reboot, remove CD/DVD/USB, and restart into Windows.

6. Get CMD Prompt Modify Accounts

When Windows reboots, click on the ease of access button in the bottom left corner

Click the second selection “Make items on the screen larger (Magnifier)” and hit apply.

The command prompt should now be in front of you. You now have a system level command prompt. At this point is where you can change the admin password and make any modification to the system using administrator privileges. 

TipYou can right-click on cmd.exe and click “Run as administrator” inside of Windows for escalated privileges. To edit files, it would never be allowed at basic admin level (caution). Same goes for any app in Windows right click and make the magic happen.

Type net user to get a list of accounts

Change Password: 

Tip: when you do so, the password changes without prompting you again.

Add an account: 

Tip: If your username has a space, like John Doe, use quotes like “John Doe”.

Admin that: 

Delete that: 

Remote Desktop Users Group: 

Net User Syntax Reference:

7. Revert back all changes

Now you should insert your Linux Live CD/DVD/USB and rename the files back to the original names.

  1. Repeat Step 1
  2. Repeat Step 2
  3. Rename magnify.exe back to cmd.exe
  4. Rename magnify.old back to magnify.exe
  5. Log out, take out CD/DVD USB, reboot into Windows
READ ALSO:  WannaCry ransomware - hitting world right now uses NSA windows exploit

Recommended resources

Kali Linux
Create Live USB Sticks Rufus

Conclusion

Well, that was how you hack a Windows 7/8/2008/10 administrator account password with Windows Magnifier. This also demonstrates how you could Pwn a machine if you think about it some, have hands on and they have not disabled EoA.  Hope it helps you in some way.

source: https://null-byte.wonderhowto.comhttps://thehacktoday.com