Winlockpwn: unlock Windows without password
A security consultant based in New Zealand has released a tool that can unlock Windows computers in seconds without the need for a password. Adam Boileau first demonstrated the hack, which affects Windows XP computers but has not yet been tested with Windows Vista, at a security conference in Sydney in 2006, but Microsoft has yet to develop a fix. Interviewed in ITRadio’s Risky Business podcast, Boileau said the tool, released to the public today, could “unlock locked Windows machines or login without a password … merely by plugging in your Firewire cable and running a command”. Boileau, a consultant with Immunity Inc., said he did not release the tool publicly in 2006 because “Microsoft was a little cagey about exactly whether Firewire memory access was a real security issue or not and we didn’t want to cause any real trouble”.
But now that a couple of years have passed and the issue has not resolved, Boileau decided to release the tool on his website. To use the tool, hackers must connect a Linux-based computer to a Firewire port on the target machine. The machine is then tricked into allowing the attacking computer to have read and write access to its memory. With full access to the memory, the tool can then modify Windows’ password protection code, which is stored there, and render it ineffective. Paul Ducklin, head of technology for security firm Sophos, said the security hole found by Boileau was not a vulnerability or bug in the traditional sense, because the ability to use the Firewire port to access a computer’s memory was actually a feature of Firewire.
Source: The Age
Comments(93)
nice!
Gotta get one of these!
Microsoft probably didn’t think of it as a real threat as soon as he said “….all you need is a machine with Linux…”
Arrogant fools
That dudes website is weird. He sounds like a total nerd.
But besides that. This could come in handy if you’re into stealing peoples laptops and such.
What an unsympathetic news for Micro$oft, just a few days after they knew they had the privilege to pay EU’s fee…
Justice is still alive…
or you could just download hirens boot cd and boot off of it and remove all passwords within seconds…..
jeezus this seems like a lot of work just to get rid of a password..
hiren’s boot cd ftw!
it’s not a bug, it’s a FEATURE!!!4
Before everyone starts bashing MS again you should know this is a Firewire problem and it also happens in OS X and Linux…
Lol you can do this with a linux hack boot cd I’ve been doing it for years
no need for this -.-’ it also works on vista 
But what do they mean with unlocking? Remove this program the password of the bios or what?
@9:
Not on Linux dude. Read reliable source before you go public with your moronic theories.
Maybe MS intended it to be like that. Its like a feature incase you forgot ya password.
You know its similar to how Cisco makes their Password recovery system for their routers. XD
“What an unsympathetic news for Micro$oft”
Yeah, two years old news.
I haven’t got any of those fancy firewire-ports anyways ^^
is he claiming fame for his tool??
See a hacking show years ago when some american dude did it with a mini flash drive of some sort with some !boot software that copys the PC’s memory to it on boot up or summit along those lines….
There are plenty of bootable CD’s that you boot up and it searchs for the “MSSAM” file which stores the passwords then all you do is hit one command and it removes the password.
Wow, all I need to do to by pass a windows password is lug around a linux PC and a firewire cable and hope the xp machine has a firewire port. Genius. And here I am just booting to an ERD cd like an idiot . . .
This can be useful, I repair a lot of computors, and they are given to me. (old ones) with passwords still on them.
martin the mac fanboi strikes again. so why dont you post the cracked appz, hacks and tools for mac? are you under contract with mac?
Yawn… Anyone wanna tell me HOW this is news?
Firstly – it’s not.
Secondly – as per previous posts: HIRENS BOOT CD!
End of discussion!
REmoving password & changing to other 4 windows are many ways!!
Knowing the original password(Decrypting) is what some people require (which takes longer time) and are generally 2/3 methods!!
I think this guy has posted a way to bypass the the initial logging using linux!!
But if every things fails just pop up a Linux Live CD n Njoy!!
So how do I break through a safeboot password protected harddrive?? (Safeboot v4.2)
Can this tool unlock Halo 3?
why even bother with a boot cd when you can just start it in safe mode? i’ve done it loads of times, it lets you in without a password, then you remove the password when you get in.
no need to lug anything around just hit f6 (for me) during boot up
where can you get a black windows wallpaper like that with the red background? now that’s hardcore. somebody post the link pretty please!
i thought the “its not a bug, its a feature” thing was just a joke…but microsoft lives by it haha
noob….
omg ill load Linux and this on my mobile and hax XPs everywhere..
Think ill start with giving it to some kid who can make youtube videos of how he hacked the school computers and formated them
Martin! Basicaly it noax. Who can care info 2 years
about some vulnerability in MS! They look on post and all undegrouond newsgroups since it it never was existing. Who wwas know about Blogs back to 1993?
They patch some sh.. t last tuesday like they do! I Keep prety standard setting with WXP plus Kasperskiy plus my Hungry prowider! All atacks i have only from hungry Porn Sites. simple and stupid. Rest of them on Federal sites, banks, and bla. bla.. do some Entuisiasts and newcomeres from reversenginering! Good luck gyus! We all waith result!
Feds to!!
U can not use Hiren Boot CD if booting from optical device is disabled in BIOS and it is locked and U can not open computer to reset BIOS. Also, when U use Hiren Boot CD it resets password, so person whose PC U hacked will know that. Not a good thing don`t U think?
So… This does really come in handy, for when U want to hack a PC quick, get data from it and/or install software in U want without PC owner knowing…
All the talk about Hiren is thus totaly bull! Stop acting smart, and think a bit.
Sorry i am reposting! For years we have so many tools to unloack Windows! So Iim surprise its comimlike a major news!
Hiren boot comin like comersial program! Dont forget we have a lot Linix based booting engines around web to made same dealLLLs
i would like a hi-res link to the red/black windows image used in this post please
“”why even bother with a boot cd when you can just start it in safe mode? i’ve done it loads of times, it lets you in without a password, then you remove the password when you get in.”"
Exactly ,, been doing this for years !!
This is a flaw in the Firewire spec (developed by Apple), not Windows. Every OS that implements the specifications correctly should have this vulnerability.
So yeah, it a feature, not a bug.
I used safe mode to get into a friends PC last time I stayed at his place. He had to go to work and left me all alone in his apartment. I like to play pranks, so he has never really trusted me around his PC and I like to keep up the mistrust I’ve worked so hard to earn over the years.
@37: Straightforward, well said. If people still can’t grasp the basic concept that the firewire specification itself is fundamentally flawed, then they are total idiots.
I forgot to mention that the black on red Windows emblem does indeed look nice. Should be super simple to recreate a high resolution version in a 3d application (3ds Max, Maya, etc). It’s just a plane surface, several cubes, a reflective material (in black and red), and an overhead light source. I might even make one myself if I can find some free time today.
u r all n00bz… hirens only work with local accounts passwds this means that hiren is no good on a LAN… plus like someone already said the user will no that their passwd has been changed… with this hack u access a locked account on a LAN without resetting the passwd and all u have to do is remember to lock the account when u r done!
GO NEW ZEALAND!!!!
–Saiyanfury
Oohh man this for xp not for vista!
Xp is easy for me!
But vista is easy to, much bug!
sorry for my bad english
Mumu-I want to make sweet love to your earhole.
Congratulation! The guy just signed a death sentence to the Firewire.
@39 Cromwell:
Please share the image with us if you do it
WE WANT A HIGH-RES VERSION OF THAT RED / BLACK WINDOWS PIC PLEASE!!! MAKE IT HAPPEN!!! SOMEBODY LINK IT!!! DO IT!!
DO IT.
Heres the image in green;
http://www.new-dream.de/image/wallpaper/computer/xpgloss/xp-gloss_10.jpg
Open in Photoshop, then go to image>adjust image>hue saturation>change to red.
save as…
Bingo.
I believe XP SP3 address’s this issue. I have it on my pc laptop and I’ve tried this with my macbook running ubuntu and have been unsuccessful, Or it could be due to my lack of “skills” certainly not my lack of Bow Fighting Skills, those rock!
Here’s the image in red……just change the number in the link for more colours
http://www.new-dream.de/image/wallpaper/computer/xpgloss/xp-gloss_13.jpg
http://www.codeangel.org/article/crack_a_mac_with_firewire
why would you want to waste your time with connecting to another pc or running disks to get around passwords on xp ,
jus got into safe mode and reset the password n reboot , sure thats damn site easier !!!
this trick theoretically works on every operating system that supports firewire. you connect one computer to another and your able to read the other computers memory contents, getting login password, pgp keys, &c.
this is like the recent work done with cooling and removing RAM and reading its contents in another computer before it decays. same idea, different method.
safe mode ..
start tab ..
run..
type…control userpasswords2
set new name and password , lock your friends out there own pc !
This is not for man in the street users it’s something that Forensic Analysts use to crack PC’s without alerting the user.
Ur boss wants to know if u been stealing his crap, he calls em they dump your drive without you knowing get the proof and u get marched outta the building.
This is yes a bit of hassle for u guys but for professional hackers this stuff is good.
*rolls eyes* at people who only thinks something is worthwhile if it’s worthwhile to them.
Safe mode is a great option, but only if the person hasn’t made a password for their administrator account when they installed windows xp (like I did when i was installing winxp) or afterwards in the password manager.
Can some one post some Windows Hacking tools on to http://www.providings.com please?
you dont need these tool
if you forget ur password ,just go to administrator on the safemode- the main account which only appear on the safemode
longing it not disable (disable – enable on user account)??
Software like this has been around for years…
THANK YOU SO MUCH pevabe!
for all u hiren and erd kiddiez ever heard of this? http://home.eunet.no/pnordahl/ntpasswd/
for all u kiddiez with no pass for the admin account i mean all u kiddiez in love with safe mode all i need is your IP
for the bathory fan plz make this work over TCP/IP
So no one still answered my question… How do you decrypt a safeboot 4.2 password blocking the main harddrive… For instance; Everytime i turn the laptop on… Safeboot screen comes on and asks for name and password…name is already defaulted, but the password is?????????????????? Is there anything or anyone out there? If so forward me a solution at jscottcapps@gmail.com
ROFL @ J
I Dont have firewire on my system, and dont have any reason to use that old technology.
I want to use it.Please send to me : namthang_gt05@yahoo.com
Thanks alot
@60 Iron Mask:
Umm, the same way you would with other encryption schemes, such as Bitlocker and TrueCrypt? No, I’m not trying to be smartass. I’m actually playing with TrueCrypt 5.0a at the moment since I noticed they have recently added the ability to encrypt the system partition to it’s bag of tricks. I’ve been messing around with encryption in it’s various forms for a few years now.
Encryption algorithms get dropped quite often, for example, either because something better has come along, or more likely because they are no longer deemed safe and reliable. There was a hardware hack posted here not too long ago that involved getting pass keys from memory. For every one of these types of stories you hear, how many are there that have not been made public? Then of course there is always the possibility of a back door. Urban legend, or is there a grain of truth to it?
Pirates love to point out that if something can be seen and/or heard, then it can be copied regardless of the protection. Nothing is uncrackable. Likewise, saftey is an illusion no matter what form it may take. The best one can hope for by using security measures of any kind is that the effort to overcome such measures will be too much of a hassle for the attacker, causing them to simply give up. Someone with the right tools, intelligence level, and patience will eventually find a way in however. That is simply part of the nature of the universe unfortunately.
kutto kamino…sala dusro ke passwords chori karoge to teri biwi ko chor utha le jayega wo bhi bina password ke……….ha ha ha
Windows password Unlocker is also capable of unlocking windows password without the previous password.
※.Login to a computer that can link to Internet. Download <a =http://www.passwordunlocker.com>Windows Password Unlocker 4.0</a> and decompress it on that PC. Note that: there is a .ISO file. Burn the .ISO file to a CD.
※. Get out the newly created CD and insert it to the locked computer.
※. re-booted the locked computer and then followed the process of instructions. Just a few steps, the old password was removed.'''
※. Setting new password:
Step one: Open the "Control Panel"
Step two: Click the "User Account "
Step three: Select the account you wanna to set a new password.
Step four: Click "changing Account " and "set up password", then fill out the form as listed. Click "Create Password".
Thus, you have a personal login ID and Password, any one has no right to login to your computer with out this info.
The program that I recommend is the Windows Password Key 8.0, it is very easy to create a
recovery disk that you can use on any Windows PC. It works perfectly to reset any local user account to a blank password. Just an easy to use bootable CD/DVD . It can also be used on a USB Flash Drive. http://www.lostwindowspassword.com/
Forgot or lost Windows password? reset Windows 7 password with Password Unlocker Bundle, one of whose functions is to recover windows password for Windows NT 4.0, Windows 2000, Windows XP, Windows 2003 Server, Windows Vista, Windows 7. ect. This password recovery Bundle is based on friendly GUI, even a computer novice can control the whole process freely. Besides, password unlocker bundle saves a lot trouble. It helps to create a windows password reset CD, with which, you can remove the admin password even you have logged out the computer, yet no reinstalling, no data loss!
Password Unlocker Bundle is a professinaol password recovery kit, which contains series of password recovery tools: Windows password recovery, PDF password recovery, MS documents password recovery, MS Excel password recovery, WinZIP/ZIP password recovery, WinRAR/RAR password recovery, MS SQL password recovery, Internet password recovery, Windows Live/MSN password recovery, MS Access password recovery, Outlook password recovery, and Outlook Express password recovery, etc., No matter you are at home or in office ,the bundle helps to reset the password we forgot or lost. To grasp the opportunity.
it is NOT a security hole of windows, it affects all OSes, even Linux and MacOS!
Forgot windows password?Do not be so anxious. I know a tool which can help reset windows password, need no to reinstall the windows os, its safely and easily.By using “Any Windows Password Recovery 3.0 ” ,could be helpful.
You can get it from the reference link: http://www.anypasswordrecovery.com/download.html
I ever used a windows password recovery software to reset windows password to blank,it need not to reinstall or reformat the windows os, with no data lose,the tool is “Any Windows Password Recovery 3.0 “,its easier,you could have a try.
The link to the soft: http://www.anypasswordrecovery.com/download.html
Forgot windows password? My friend told me advanced windows password recovery 4.0 and I downloaded it from http://www.recoverwindowspassword.com/, It solves all my problem within a few minutes. I like it, It’s a professional windows password recovery tool, no need to call a technician, no need to re-install anything. And it also supports to recover windows administrator password with with USB Flash Drive or Floppy Disk!!
Here I would like to commend a new software name’s Windows Password Key 8.0.
It works very prefect to regain your password .Also use boot CD/DVD.
I have download it from this website : http://www.lostwindowspassword.com
try blank.
here is the methods I know.
The first thing which you check if you forget login password. When we install Windows, it automatically creates an account “Administrator” and sets its password to blank. So if you have forget Your user account password then try this:
Start system and when you See Windows Welcome screen / Login screen, press ctrl+alt+del keys Twice and it’ll show Classic Login box. Now type “Administrator” (without quotes) in Username and leave Password field blank. Now press Enter and you should be able to log in Windows.
Now you can reset your account password from “Control Panel -> User Accounts”.
Same thing can be done using Safe Mode. In Safe Mode Windows will show this in-built Administrator account in Login screen.
Windows XP and further versions also provide another method to recover forgotten Password by using “Reset Disk”. If you created a Password Reset Disk in Past, you can use that disk to reset the password.
just learn from others how to reset windows password with Windows Password Recovery Tool 3.0 .
http://www.windowspasswordsrecovery.com
I have locked out of my computer for a while,and have tried everything i could do but failed.Until I found this great tool Windows Password Key 8.0 as recommend above.It works great,Such a marvellous and useful tool
If you don’t want to change the password:
1 > Get a program called Ophcrack(very large. 496Mb)
2 >> Download the liveCD (ISO)
3 >> Burn the ISO to a CD using an ISO burner
4 >> The Live CD’s come with the free rainbow tables, so you might need to download other tables (cost money)
4 >> Bootup from the CD
5 >> Crack the SAM and System file
If you want to remove Windows password(the fastest way):
freeware:Offline NT Password & Registry Editor
commercial option: Windows Password Reset Standard http://www.resetwindowspassword.com/
I have downloaded windows password Recovery Basic. It is a very quick and useful utility for recovering passwords. Just an easy to use bootable CD/DVD . It can also be used on a USB Flash Drive. http://www.windowspasswordrecovery.net/
I know a simple way to reset windows password to blank when you forgot windows administrator password,it need not to reinstall windows OS,and wont loss any data,by using “Reset Windows Password 1.3″.
You could get the windows password recovery tool from the reference link:
http://www.top-password.com/reset-windows-password.html
I always trust Winlogon Password Reset, which helps to remove the lost or forgotten password with no data loss. Moreover, it is very easy to use.
http://www.windows-logon-password.com/
I would like to introduce Windows Password Reset Kit 1.5 . it not only supports XP, 2000, and NT, I have personally tested it with Vista Home Premium and Ultimate. It creates a password recovery CD/DVD,USB Flash Drive for home, business and enterprise. It works perfectly to reset your Windows password. You can download it from
http://www.reset-windows-password.net/
SMARTKEY Password Recovery Bundle is a must-have toolkit to recover/remove/reset passwords for Windows, Excel, Word, Access, PowerPoint, Outlook, Outlook Express, PDF, RAR/WinRAR, ZIP/WinZIP, MSN, AOL, Google Talk, Paltalk, Trillian, Miranda, Opera, Firefox and IE Browser, etc. Over 21 types of passwords can be Recovered instantly. Until now, these password recovery tools are the fastest on the market, the easiest to use and the least expensive.
http://www.google.com/search?q=SMARTKEY+Password+Recovery+Bundle&btnG=Search&hl=en&source=hp&gs_rfai=&cad=&cad=&aq=f&aqi=&aql=&oq=
Password Unlocker provides the best password recovery solutions for Windows, Office (Excel, Word, Powerpoint, Access), PDF, MS SQL, Rar/ZIP, IE, Email and MSN. We can reset or recover any password for you with ease.
http://www.passwordunlocker.com/windows-password-recovery.html
You can reset a lost or forgot Windows password with 4 methods below:
1. Another valid administrator account which can normally log on.
2. A password reset disk or a repair disc, which is created in advance ( before you lost password ).
3. Third-party software to create a bootable password reset CD/DVD or USB, like Windows Password Reset Tool – http://www.windowspasswordreset.net .
4. Re-install. Will lose data.
I think the best way for you is to reset your windows password. The Windows password Recovery Tool 3.0
can solve all your problem within a few minutes. Importantly,No need to call a technician, no need to re-install anything, and you certainly don’t need to reformat. http://www.windowspasswordsrecovery.com/
it also allows you to reset windows password with with USB Flash Drive or cd/dvd Disk now!!
another way to reset password is http://www.password-buster.com
I would like to introduce Windows Password Recovery Tool 3.0 . it not only supports XP, 2000, and NT, I have personally tested it with Vista and windows 7. It works perfectly to reset any local user account to a blank password. I Wrote it to an 512MB USB flash drive do this. Booting up and clearing a password takes a minute or two works like a charm. You can download it from http://www.windowspasswordcracker.com . It also supports cd/dvd
A few days ago , I was confronted with the password problem.
Finally , my workmate James introduce the Windows password
Seeker.It help me access windows successfully. It’s official
site: http://www.passwordseeker.com
hmm, i forgot my password before, and i have tried the safe Mode and my guest account, but failed to enter the system.finally i use Windows login Recovery software, I downloaded the professional free trial and reset my password. Wow, it’s great. users lost password would better have a try.
http://www.windowsloginrecovery.com/windows-7-password-recovery.html
Forgot windows 7 password?Here use “windows password reset professional” tool Only two simple step to reset your username and password quickly and safely!Before you get Windows 7 password reset, you should have to prepare one CD/DVD or USB flash drive in advance. And then you can take use of Windows Password Reset Professional to reset password with USB drive or CD/DVD.
step1:Download and install the sofeware in any available computer.
step2:Run the program, insert a blank CD/DVD you’ve prepared into an accessible computer.
When you finish two step, you can login your windows quickly without any password.
Reset Windows password could be done quickly and efficiently without any data losing or file damaging with Windows password reset tools while forgot Windows admin password.
http://www.resetwindowspassword.com/recover-windows-7-password.html
Many people ask me the question that how to recover their lost Windows 7 Password on my site or Email. I know they urgently need to access Windows 7 for different reasons. they are worry that the Win7 OS would be destroyed and their data would be lost. This is not worried and I will tell you the steps to recover forgotten Windows 7 login password.
Reset windows 7 password or recover windows 7 password is no more be confuse somebody else. Because when you forgot windows 7 password, just take less than 5 minutes to use windows password reset professional to handel it.
http://www.resetwindowspassword.com/recover-windows-7-password.html
Windows Key Finder is also a good choice. It enables to reset lost administrator/user password for all Windows system. Additionally it can also recover lost product keys even if your computer is crashed or unbootable. It’s worth a try.
If you want to download Windows Key Finder, please check this link: http://www.windows-key-finder.com
Four steps can help you reset the lost Windows 8/7/vista/xp/2008/2003/2000 password:
Step 1: Download Windows Password Rescuer/Windows password recovery tool on any available computer you have access to.
Step 2: Install Windows Password Rescuer and run it to burn a bootable CD/DVD or USB flash drive
Step 3: BIOS setting of your locked computer to set it boot from CD/USB.
Step 4: Insert the newly CD/USB to the computer.Reset Windows password successfully after Windows Password Rescuer starts.You also can use Windows Password Rescuer to add a new user with administrator privilege to your Windows when you can not find target user. With this New user account you can logon your locked computer directly to copy important data from the locked computer if you want to reinstall your Windows system at last.
More details about the usage: http://www.daossoft.com/documents/how-to-use-windows-password-advanced.html
http://www.daossoft.com/windows-7-password-recovery/how-to-use-windows-7-password-recovery-tool.html
http://www.ilikemall.com/guide/reset-windows-7-password.html