When people find out you “work with computers,” there is no limit to the number of mind numbing things you’ll come across. I’ve received computers that I’m supposed to get working right away without being told any credentials to actually login. There are plenty of other scenarios where it’s completely necessary and justified to “hack” an Admin password. In the past, in instances like this where I’ve needed to log into a computer without credentials I would turn to tools like OphCrack and the Offline NT Password & Registry Editor. OphCrack can take a while to process and won’t necessarily work for long passwords. The bigger concern with OphCrack is that it tells you the password and people might hold you to a certain amount of liability once you have that information. The Offline NT Password & Registry Editor won’t take as long, but it’s not always as reliable to change or blank out a password. Doing this also requires notifying people that you’ve change the password so they don’t have to go through the same process.
Despite experience with these tools and others, I’ve never found a tool that would let you log into a local Windows administrator account without knowing the password as impressively simple (and scary) as Kon-Boot. (Yes, it seems to be named after the Modified Soul in a stuffed lion from the anime show Bleach, Kon.) Kon-Boot, according to the website, is tested to work with 32-bit Windows Server 2008, Server 2003, Vista, XP, and Windows 7.
To use Kon-Boot on a Windows system, you simply download the tiny 110KB iso and burn it to a CD. You then stick the CD into the target computer and boot it up from the CD. Upon initial boot, you’ll see this screen and you should press Enter to proceed.
(I apologize if these shots look like they belong in an old Nintendo Power magazine.) Once you press Enter, the screen will change to draw a Kon-Boot logo and boot up.
After the two Kon-Boot screens, you’ll see the normal Windows splash screen. From here on out, everything is just as if you had booted normally with one exception.
Granted that you have to know user name of a local admin account, if you enter that user name, leave the password box blank, and hit Ok, you’ll be signed into the computer as the account you specified. No password required.
To return to normal Windows operation (e.g. password required), eject the CD and restart the computer. That easy and that scary. To protect against this and the other tools I mentioned before, you need to have the BIOS password protected and the Boot From CD option either disabled or come after booting from the hard drive. You’ll also need to physically protect the inside of your computer so somebody can’t reset your BIOS options and password with a jumper.
To check it out for yourself, visit the Kon-Boot page.