It would seem that Microsoft wants to improve the security of its OS, but they still don’t resolve the older issues. This is also the case of the Internet Explorer vulnerability that we’ve talked about recently, in which mouse movements could be tracked with a javascript exploit.

Note: We realize the potential risk behind this method and the reason why we’re writing about this is only to inform users about this vulnerability. This method can prove to be very useful for those who have really forgot their passwords but also by hackers. Therefore, we hope that the Redmond guys will take some measures about this.

How to bypass Windows 8 password protection

In older versions of Windows, you could replace the password to any account fairly easy, with a recovery disk and a few commands in CMD. Microsoft have tried to resolve this issue, and have succeeded, but only half way. By default, Windows 8 users are logged in to their online Microsoft accounts, in which case, they are pretty secure, but if someone who uses computer running Windows 8 on a local account, they are still vulnerable. Their passwords can still be changed with ease. Although we do not encourage accessing another computer without permissions, sometimes, there is need for this measure when someone forgets their password and the computer is rendered inaccessible. This step by step guide will show you how to change a Windows 8 user account password in only a few minutes, without the need of any hacking experience. For this, you will need a recovery disk, which can be created either on a CD/DVD or on a USB flash drive.

  1. Insert your USB flash drive in a Windows 8 computer

  2. Navigate to Control Panel -> Recovery

  3. Select “Create a recovery drive” and follow the wizard to create the recovery drive

After the USB drive is complete, insert it into the computer that you want to access, restart the computer and enter Boot Menu. Note: To enter the Boot Menu requires you to press a key right when the computer starts, usually this key is “F8”, but this is not true for every computer. Look it up on the Internet or watch when the computer starts, it will show you what key it is.

Boot from your USB drive, and when it starts, select the language of your choice and head over to “Troubleshoot” -> “Advanced Options” -> “Command Prompt”. This will open a CMD window, where you will type a few command lines. When the CMD window opens, write these commands:

diskpart list vol

Note: Be careful what volume you select, it should be the letter corresponding to your Windows partition. Usually the letter is “C”, but in some cases, it might differ.

exit

Note: For this tutorial, we will assume that your Windows installation partition corresponds to the letter C. Also, be careful at the spaces in the command lines, you have to write them exactly as featured here.

C: CD WINDOWS CD SYSTEM32 COPY CMD.EXE CMD.EXE.ORIGINAL COPY UTILMAN.EXE UTILMAN.EXE.ORIGINAL DEL UTILMAN.EXE REN CMD.EXE UTILMAN.EXE SHUTDOWN -R -T 00

Now the system is ready to have its password overridden. Your computer will restart, let it boot normally and when it reaches the logon screen, click on the “Ease of Access Center” in the bottom left corner of the screen and a command prompt should open. In this CMD window, type the following:

NET USER NET USER username *

Now you will be prompted to input the new password for the account. Notice that the password will not show and the cursor will not move, so be extra careful when typing it, because you are typing blind. After you confirm the password, the process is complete. You can close the CMD and log on to the computer using the new password you have just provided. Note: For the second NET USER username * command, replace username with your own account name that is shown after the first command and the “*” will have to be typed after the username, with a space between them. The process is very simple and can be done by anyone. Also, if you want to revert the effect of this process (the deleted files in the first part of the tutorial), you can do this by re-inserting and booting from your USB drive, open the CMD windows in the same manner as before and type the following commands in the CMD window:

C: CD WINDOWS CD SYSTEM32 DEL UTILMAN.EXE REN UTILMAN.EXE.ORIGINAL UTILMAN.EXE REN CMD.EXE.ORIGINAL CMD.EXE SHUTDOWN -R -T 00

When you computer boots up, you will notice that by clicking on the “Ease of Access Center”, it will no longer open a CMD window, but it will have changed to the default setting. Note: For those who have a Windows 8 installation DVD, you can do this without a recovery disk. Boot your Windows 8 DVD and when reaching the first start screen (where you select the language of the installer), hold “Shift”+”F10” keys together and a CMD will open. In this scenario, continue only from the “diskpart” command. This is how it was done in the previous versions on Windows, and this also works on Windows 8, but only on local accounts. If your targeted account uses the Microsoft online logon, this method will not work. Again, we strongly suggest that you do not use this method unauthorized!

Windows 8 Security Breach  Password Protection Can be Bypassed - 42Windows 8 Security Breach  Password Protection Can be Bypassed - 77Windows 8 Security Breach  Password Protection Can be Bypassed - 47Windows 8 Security Breach  Password Protection Can be Bypassed - 92Windows 8 Security Breach  Password Protection Can be Bypassed - 44Windows 8 Security Breach  Password Protection Can be Bypassed - 58Windows 8 Security Breach  Password Protection Can be Bypassed - 11Windows 8 Security Breach  Password Protection Can be Bypassed - 41Windows 8 Security Breach  Password Protection Can be Bypassed - 84Windows 8 Security Breach  Password Protection Can be Bypassed - 21Windows 8 Security Breach  Password Protection Can be Bypassed - 17Windows 8 Security Breach  Password Protection Can be Bypassed - 83Windows 8 Security Breach  Password Protection Can be Bypassed - 33Windows 8 Security Breach  Password Protection Can be Bypassed - 34