Tips for entering a secret system without changing the density

Many system users will set a password for their computer to protect their computer from being used by others. In fact, such a simple password setting program is sometimes unsafe. In the eyes of the master, you can still avoid the set password and go directly to the system with the password. How to achieve such a magical operation? The skill is now shared with everyone.

Enter PE (no external program is required, you can enter in minimum mode to save time).

Open the registry (Note: The registry here is only PE and not the system inside the hard disk!)

Then click HKEY_LOCAL_MACHINE and then click "File" “ “ Load the hive” At this time, you can select the sam file in the hard disk.

General files are placed in the system disk such as: “c:\\WINDOWS\\system32\\config” folder. Once you find it, click OK to load.

When loading, you are prompted to enter the load name. You can enter it here (for example: 0541).

At this point, you will find that there is an additional 0541 item under HKEY_LOCAL_MACHINE! This item is the SAM password file of the hard disk system just loaded.

Ok, the preparation is done.

Start modifying the registry (you can backup the SAM file in the hard disk first)

1. Locate the branch of HKEY_LOCAL_MACHINE\\0541\\SAM\\Domains\\Account\\Users\\000001F4” Right click on the 000001F4 item to export. Export the 000001F4 item to any location. Name it ADMIN1F4.

2. Find the branch of HKEY_LOCAL_MACHINE\\0541\\SAM\\Domains\\Account\\Users\\Names\\Guest” Right click on the Guest item to export. Export the Guest item to any location and name it Guest .

3, click "HKEY_LOCAL_MACHINE\\0541\\SAM\\Domains\\Account\\Users\\Names\\Guest"; the Guest item in the branch looks at the right type such as: 1F5 Find the corresponding item in the Users item such as: 000001F5 and export This item. Named Guest1F5

4. Edit the Guest registry file you just exported.

(1) Change the Guest in the Guest registry file to any name (eg huaidan). This is the username you use when logging in. It cannot be the same as the existing one.

(2) Change the “1f5” in the @@hex(1f5) in the Guest registry file to “1e5”

(3) Save this registry (Guest ) Import.

5. Edit the Guest1F5 registry file. Change 000001F5 in the second line to 000001e5 and do not close.

Then edit the ADMIN1F4 registry file, copy “F” (include) the following key values ​​(excluding) and overwrite the same location in the Guest1F5 registry file.

6. Import the Guest1F5 registry file that has just been edited.

Ok, all the things have been done. At this point you can restart the computer and press the “ctrl+alt+del” key to change the username when asked for a password. Then enter the username (huaidan) you just created. The password is blank. What do you find when you enter the system? This is the highest privilege! It is actually entering the ADMInistrator.

Principle: This method actually uses the permission key value in the Administrator administrator registry key. And the guest user's password key value constitutes a new user to enter the administrator's interface. What if the guest user sets a password?

You can use the guest user password of other XP systems or directly use the guest account password key value in the PE system. That is, the key value below the beginning of the word "V”".

It is important to note the import path of the registry. Since we are loading the system SAM file inside the hard disk, the import path cannot use the SAM path in the PE system.

For example, the path of the hard disk SAM file is “HKEY_LOCAL_MACHINE\\0541\\SAM\\Domains\\Account\\Users\\Names\\Guest”

The path in the PE system is “HKEY_LOCAL_MACHINE\\sam\\SAM” \\Domains\\Account\\Users\\Names\\Guest

What do you do after entering the system? Oh, you can use the software to read the password of the Administrator administrator account. Or continue to log in with this hidden user.

Remove hidden user methods. Just open the registry after entering the system. At this time, you need to set permissions to open the SAM item. Right click on the SAM item to select permissions, add, advanced, and find immediately. Then find the username you are using now. Click OK and click OK. Then select the username you just added and set the permissions below. Press F5 to refresh. You can open the SAM item.

Locate “HKEY_LOCAL_MACHINE\\sam\\SAM\\Domains\\Account\\Users\\Names” in the SAM item to delete the “000001e5”

Then go to “HKEY_LOCAL_MACHINE\\sam\\SAM\\Domains\\Account\\Users\\Names”Delete“huaidan” items can be

“huaidan” The value corresponds to the value of “000001e5”.

If there is a problem, you can overwrite the backed up SAM file in the PE to “c:\\WINDOWS\\system32\\config”

The above is the process of directly entering the secret system without changing the password. Perhaps you will feel that it is unsafe to have a confidential computer and be accessed by others. In fact, more When we need our own self-discipline behavior, knowledge is a skill rather than a means of harm. Viewing the privacy of others is not allowed by law. The methods we introduce can of course be limited to legal and normal channels.