In this article we will show a effective and simple way to bypass Windows Server 2008 password protection in the case where we have forgotten the password and need to get access to our system.
The following approach can be used only in cases where we have forgotten the password or it has been changed by a third party for reasons beyond us.
Note: Do NOT use this approach to backdoor any server in your work environment!
Tools used for this demonstration:
Windows Password Recovery Tool(It is an exe file.)
Download: Windows Password Recovery Tool 3.0 (~24MB)
The workaround:
1) Run the exe file
2) Burn the recover iso to cd/dvd or usb
3) Boot with the recovery disk
4) Choose the windows
5) Choose the user accout
6) Click the “Reset” button
7) The reset is successful.Preview:
Tools used for this demonstration:
PING (Partimage Is Not Ghost)
Download: http://ping.windowsdream.com/ping/Releases/3.00.01/PING-3.00.iso (~22MB)
The workaround:
1) Boot with PING Linux distribution
2) fdisk -l | grep NTFS
3) mkdir -p /mnt/windows
4) mount -t ntfs-3g /dev/sda1 /mnt/windows
5) cd /mnt/windows/Windows/System32
6) mv Magnify.exe Magnify.bck
7) cp cmd.exe Magnify.exe and rebootPreview:
Booting into Windows Server 2008:
1) Click on Ease Of Access
2) Select “Make items on the screen larger (Magnifier)
3) Click OK
4) On Command Prompt type explorerPreviews:
1) Ease of Access
2) Getting Command Prompt
3) Interacting with Windows Explorer
The following approach can be used with Windows Vista and also by any other Ease Of Access tools or even by Ease Of Access itself by renaming “utilman.exe” to “cmd.exe”.
