sunipkm/wac_bypass.md

Created January 30, 2024 16:02

Star (0) You must be signed in to star a gist
Fork (0) You must be signed in to fork a gist

Learn more about clone URLs
Clone this repository at <script src="https://gist.github.com/sunipkm/012645a82b0270bc206990d2356b45c0.js"></script>
Save sunipkm/012645a82b0270bc206990d2356b45c0 to your computer and use it in GitHub Desktop.

Download ZIP

Windows Account Bypass

Raw

wac_bypass.md

In case of forgotten Windows Account Password

Boot into a recovery environment/installer
Open a command prompt
Execute regedit

In `regedit`

Select HKEY_LOCAL_MACHINE
On the menu bar, select File -> Load Hive
Navigate to <Windows Install Drive>:\Windows\system32\config\ and load SYSTEM
Give it a key name, such as 1234 (this way this key block will live on top)
Expand HKEY_LOCAL_MACHINE, and go into 1234.
Select the Setup keygroup.
Set CmdLine to cmd.exe.
Set SetupType to 2.
Select the 1234 keygroup.
Navigate to the File menu and Unload Hive.

Reboot the computer. You will be greeted with a command prompt.

In the `cmd`

List the users: net user
Create a new local user: net user NAME PASSWORD /add (Make NAME without space).
Add the user to admin: net localgroup Administrators NAME /add
Exit the shell: Type in exit and hit enter.

Now you can log in with the local account.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment