Breaking any windows or windows server when you have physical access

Md. Mahim Bin Firoj
3 min readMay 3, 2024


Disclaimer: Do not use this skills illegally. This writeup is solely for educational purpose. I will not be responsible for any kind of unethical work.

Scenario: Say you have forgotten your windows or windows server password. You need to emergency access the system. In this case, this tricks will help you to bypass the authentication system of windows.

When we click here (the below right watch icon) then in the background utilman.exe is executed and that's why you see the below right side white popup window having Narrator, On-screen keyboard etc.

In order to hack this, we need a pen drive 8gb of free space, a iso file of windows or windows server. Then we will go to the installation mode. Then our plan is we will replace utilman.exe with cmd.exe so that we can play with the system with command prompt.

Again you will need windows 10/11 iso and windows server iso. If you want to break windows systems then use windows iso and if you want to break windows server iso then use windows server iso.

You can bootable a pen drive with the iso if this is a physical machine or if it is a virtual machine then just mount the iso. Now powerup the machine.

Go to the boot menu and select proper bootable media.

Press enter.

Once you are in this page, now press shift + F10

Now use this command “wmic logicaldisk get name”

You will get a list of volume letters.

Now you need to move to the correct drive where your windows is installed.

You need to sift through the drive letters to find out the actual drive where windows is installed. As you can see, here in this prompt; drive letter C does not mean it is actual C drive. Here D drive is the actual C drive.

Now go to the Windows\System32 folder. Then type following:

copy utilman.exe utilman.exe.bak

Then type

copy cmd.exe utilman.exe /y

Now close everything and reboot the system again. This time directly go to the login screen.

This time clicking in the watch icon will open command prompt with system level privilege. Now you can create a user with password and take the user to the administrator group. Or you can also change the Administrator user password.

To change password of a user:
net user Administrator Pa$$w0rd

If you want to take the user to the Administrator group:
net localgroup Administrators Avi /add

You can also create a new user:
net user Mahim Pa$$w0rd /add

Thanks hope you like it. Please subscribe below.