Forgot your Windows password? No problem read this



OK after the winter break I forgot the password for one of my virtual machines I use for school and rather than waist the time to reinstall the operating system I decided it would be faster to reset the passwords for the other accounts and I decided to take some screen shots to show everyone else how I did it.

All you need is Backtrack and a blank DVD, you can get Backtrack from this link

first load up Backtrack and you will be greeted with the terminal

first create a directory where you will mount the windows partition I wanted to mount mine at “/mnt/win” so I entered the command “mkdir /mnt/win” this creates a new directory

next enter the command “fdisk -l” this will show all your partitions and what device they are associated with

/dev/sda2 is my windows partition so I mounted it using “mount /dev/sda2 /mnt/win”

next I navigated to the system32 folder using the command “cd /mnt/win/Windows/System32”

next I looked for all files with the string seth using the command “ls seth*” this revealed a single file called sethc.exe this is the sticky utility on windows

next I made a backup of sethc using the command “mv sethc.exe sethc_real.exe” this renames sethc.exe to sethc_real.exe

next I made a copy of the command prompt using “cp cmd.exe sethc.exe”

then I listed all files with the string seth again using “ls seth*” and I can see I now have two files the original renamed and a new copy that is really cmd.exe

next I return to the home director with “cd” and unmount my windows partition using “umount /mnt/win”

then I list the contents of /mnt/win using “ls /mnt/win” to make sure it is no longer mounted

next I rebooted into windows and hit “Shift” five times to turn on sticky keys which now brings me to a command prompt

from here I use “net user” to list my users

next I use “net user Tempusr /add” to create a new user without a password

next I added the new user to the administrators using “net localgroup administrators /add Tempusr”

Next I added the new account to the backup operators to avoid any NTFS security issues using “net localgroup “Backup Operators” /add Tempusr”

next I restarted the VM and there is my new user

a simple click and I am into my VM

you can also just change the password of an existing account by using “net [user name] [new password]” if you are working on a friend or relatives computer creating a temporary user is better so you will not have to change their password.


The first step with the renaming and copying procedure should be feasible with nearly any modern linux distribution. You will even have an explorer-style filemanager for that job.

Or simply boot from your Windows install disc and use the built-in repair console :cool:
On older systems like W2k or XP, there is the tool from pnordahl :wink: