Method 1: (This one's the same as Palash Jain, so go through the next

ones.. if you've read that answer)

1) Go to C:/windows/system32.
2) Copy cmd.exe and paste it on desktop.
3) Rename cmd.exe to sethc.exe.
4) Copy the new sethc.exe to system 32,when windowsasks for overwriting the
file,then click yes.
5) Now Log out from your guest account and at the user select window,press shift
key 5 times.
6) Instead of Sticky Key confirmation dialog,command prompt with full
administrator privileges will open.
7) Now type NET USER ADMINISTRATOR "zzz" where zzz" can be any password
you like and press enter.
8) You will see The Command completed successfully" and then exit the command
prompt and login into administrator with your new password.
You've hacked the administrator account through guest account !!
Reason:
1. When SHIFT key is pressed >=5 times, windows executes a file named
sethc.exe located in system32 folder. It doesnt even check if its the
same file. Also it runs with the privilege of the current user
which is executing the file i.e if u have logged on as a guest then in
the TASK manager under processes, it shows your user name as guest.
2. The file executes even if u log off, and have the windows login screen is
showed up, BUT THIS TIME SINCE NO USER HAS LOGGED IN IT
RUNS WITH
SYSTEM PRIVILEGE.
You can create your another admin privileged account and even hide
that !!
This method works.. if you have somehow the administrative access to the
machine once i.e. you are logged in as administrator.
1 . Run cmd as administrator
2. Type net user.. it will show you all the users on the system.
3. Suppose administrator is ABCD
4. Type net user ABCD *
5. It will prompt for new password and confirmation.. without even asking for the
old password !!