In a former tutorial, I showed how to hack Windows 7 Account Password without any tools at all. In that tutorial I mentioned that there also where tools available to do this. Since I just lost the password to one of my virtual machines, I decided to make a quick tutorial on how to use such a tool. I will be using the tool Activpasswordchanger.


This is real basic stuff, I know – but it shows you that with the right tools, getting access to an system account is child’s play unless the system disk is encrypted. To do this you need a bootable disk containing Activpasswordchanger. Furthermore you need to set your BIOS to boot form the CD-ROM drive.

1. Boot from the CD-ROM drive and press 0 and the Enter


We will be presented to a menu that allows us to make Activpasswordchanger automatically search for the MS SAM database, which is where Windows stores it’s users passwords.

2. Press 2 and then Enter


The software will scan the disk for SAM databases, this can take a little while depending of the size of the disk. Ones it has been found, select the database to clear the users password.

3. Press Enter


In this scenario, we only have an Administrator and a Guest account on the system. We want to clear the Administrator password so we choose this account.

4. Press 0 and then Enter


We are now present to a menu with a few option for this account, the option Password never expires and Clear this User’s Password is pre-selected so all we have to do is accept.

5. Press Y an the Enter


The password has now been removed, all we have to do now is to exit the software and reboot

6. Press Esc, Esc, Esc to exit, remove disk and restart

The system now starts up and logs on automatically without a password.


Please follow and like me:
Bookmark the permalink.

4 Responses to ActivPasswordChanger

  1. Kasper Tranz says:

    Hi Mads

    At CGI we use Symantec PGP Encryption to encrypt the entire drive in the the laptops we use. For many reasons.

    • Hegelund says:

      Yeah we use drive encryption software as well. All organisation holding holding system critical data should do so I my opinion.

  2. Jesse says:

    This is why I use whole-disk system encryption on the 35+ laptops in my company too. Noone in my office understands why I bother, as it typically takes 10+ hours to encrypt and sometimes the encryption password prompt doesn’t boot first, the system repair does (because it goes ‘whoa! there’s no OS here!’. (They’re all UEFI boards.)

  3. Leafar says:

    This is similar to one that has the same methods and was released in CMD mode.. i dont’n remember the name.

Leave a Reply

Your email address will not be published. Required fields are marked *