A Tale On How I Bypassed Windows Logon Screen and Saved Myself From A Massive Headache.
Not knowing this would have caused me to lose important files and having to deal with starting from ground zero.
Beginning of a massive headache
Photo by Edward Jenner
Ever locked yourself out of your computer because you forgot your password and the next logical step for you was to reinstall the operating system?
You thought of it for a while and felt a severe sense of loss because of the number of resources you will have to let go of. And if you don't have a backup of your information somewhere...
That headache and decision intensify.
This is a story of how I found myself in this situation for a second time and decided to find a way to not have my data deleted or reinstall the entire operating system.
The headache started when I moved a PC from the domain controller to a workgroup. If you're unfamiliar with these terms, here's what they mean.
When setting up a network, you can decide to have one of these two(2) services running. A peer-to-peer network or a server-based network.
A peer-to-peer network is one in which two or more PCs share files and access to devices such as printers without requiring a separate server computer or server software.
While a server-based network is a network in which network security and storage are managed centrally by one or more servers.
With that in mind let's move on.
The Clock Ticks
Photo By Pixabay
When the pressure started building up after hours of research (mostly googling and watching youtube videos), and knowing we would be using the PC soon I reached out to Stephen Wagner on Linkedin.
Stephen runs a blog called The Tech Journal and he has been an amazing resource to me and others around the world.
The advice I received on how to recover my files is golden. Basically, we can use a live boot of kali, windows or any operating system to have access to files only if they're not encrypted.
Then came...
The Turning Point
Photo by DS stories
I thought, kali is a powerful OS and I reckon there's a tool on there to bypass the logon screen of a windows machine, this was what I was looking for and stopped when I downloaded malware ( analysis on this artifact later )
And truth be told, there's is a way to make this happen.
The Solution
Photo by Pixabay
Watching this youtube video on how to Reset Forgotten Windows Password With Kali Linux for the first time, I was excited to try it out.
And here's a rundown of what I did
Step 1. Make a live kali USB
Step 2. Hitting my head against the wall when my system gave me an error "Security Boot Failed" and after disabling the secure boot with the help of this video, booted kali in forensics mode.
I had to change my BIOS from UEFI to legacy because disabling secure boot was greyed out.
Step 3. Opened up a terminal of the partition (disk) that contains the SAM config in kali as root and entered the following commands
- Change from your previous working directory to the config directory
cd Windows/System32/config
- List directory contents. The * is a wildcard to find files containing SAM
ls -l SAM*
Using chntpw which is a utility to overwrite Windows NT/2000 SAM passwords. We use -l to list all users in the SAM database.
chntpw -l SAM
List the user you want to remove the password for using...
chntpw -u { user } SAM
Enter 1 to clear the password and enter q to quit
Restart the PC and viola, you should see the logon screen but this time it boots right in without asking for a password.
Note: I tried step 3 three times before it worked. After every reboot, windows ended up fixing the deleted config and one thing I did was disconnect it from the internet.