November 26, 2022
Keyboard sticking out a cup of honey

Bypass Windows Password Using Sticky Keys Hack

This hack takes advantage of the sticky keys message when the shift key press multiple times. by replacing the sethc.exe file in the system32 directory with cmd.exe. it replaces the message with a command prompt. It also happens to be when the stick keys command runs it has administrative privileges. This means that you can gain access to the admin command prompt! allowing for changing the password or even creating new users!

Stick keys hack been around for years and still work on windows 7,8, and 10! This hack only works with Local accounts and not any microsoft accounts.

Boot Usb Stick

First, you’re going to want to get your hands on a USB stick and flash a Linux distro to it. You can use my Yumi tutorial for making your own Multi flash USB stick, and learn how to load boot USB sticks. Any Linux distro will work, but in this tutorial ill be using Pop-os

When the Linux distro boots to its live environment. Hit ctrl+alt+T or meta+T on the keyboard(meta key aka windows key) the terminal will show up.

First, check where the windows install is mounted, you can use lsblk. I see sda2 is 50GB bigger so that’s must be the windows main partition.
Then make a folder To mount the parition drive too. Here I made c_drive folder.
mount the partition. learn more about mounting Here if you want more help

Performing The Hack

Navigate to the windows system32 directory. example. ‘cd /Your_Drive_Path/Windows/System32
Run ‘mv sethc.exe sethc.bak‘. This renames the file so it doesn’t get overwritten.
Then Run ‘cp cmd.exe sethc.exe‘.

After that, the hack has been made. type and run reboot this will reset the computer, remember to remove the USB stick after it starts to reset.

Using The Hack And Changing a Password

Boot back to windows login screen then repeatedly hit the shift button. You should see a command line box pop up.

You can see what users are on the system by running Net user
To Change the User Password, use Net user USERNAME *
replace USERNAME with the user you want to change the password
Put in a new passowrd when prompted. Tip: you can have a blank pasword by hitting enter at theses prompts.

Thats it, login with the new password or if its blank press enter with no password. Don’t forget to undo the hack after your done, which can be done my copying the sethc.bak to sethc.exe.

Make a New Account

If you can’t change the password, its probably a microsoft account. Make a new admin account instead and gain full control!

Then add that user to the admin group. Type net localgroup administrators USERNAME /add
Type Net user USERNAME /add

To see the change you need to reboot the computer, once rebooted you will see the new user. It won’t have a password, and it will have administraion privileges.

colby

Computer guru with years working with technology. I find it fun to tinker with computer new and old, and make them do my work for me.

View all posts by colby →

Leave a Reply

Your email address will not be published.