[OS Password]Nice "Backdoor" in All Vista =)
Posted: Sun Mar 07, 2010 11:32 pm
Hi, for this tutorial, we will talk about ways to reset/change windows password.
This is just one of the many methods for changing/resetting your windows password.
As most of us know, there is a ease of access button in the vista login screen as shown below:
This is a nice hole for us to dig in.
What do you need to use this backdoor:
-physical access ( i personally think physical security is the most important )
-any unix based live boot CD ( backtrack, suse, ubuntu and many more )
Steps:
-First boot the computer you wish to change/reset your password with the live boot CD
-Depends on the OS of the live boot, some will auto mount your harddisk, some wont.
-To mount your hard disk and windows partition, use the command "mount -t ntfs /dev/hda1 /mnt". some will be sda1 depends whether your HDD is SATA or IDE.
-Now your windows partition is mounted on the folder /mnt, go to the system32 folder by using this command "cd /mnt/Windows/System32"
-Now there are 4 programs in the Ease of Access, which are
magnify.exe - magnify function
narrator.exe - narrator function
osk.exe - show on screenkeyboard
utilman.exe - this will show ease of access menu
-Now we need to backup cmd.exe and any one of the above program you wish to use, i will be using utilman.exe
issue this command "cp cmd.exe cmd.exe.bak" and "cp utilman.exe utilman.exe.bak"
-Then we will overwrite utilman.exe to cmd.exe by using this command "mv cmd.exe utilman.exe"
-Our job is done here, utilman.exe is actually a command prompt.
Restart and boot normally to your windows, press the Ease of Access button, a command promt will show out.
With a command promt with system privilege, you can do anything.
Changing/Resetting of password:
"net user <yourusernamehere> *"
Please post any question here if you met any problem. Use/Try at your own risk =)
Lesson of the day, never leave your notebook/laptop unattended, all this can be done in less than 10 minutes =)
This is just one of the many methods for changing/resetting your windows password.
As most of us know, there is a ease of access button in the vista login screen as shown below:
This is a nice hole for us to dig in.
What do you need to use this backdoor:
-physical access ( i personally think physical security is the most important )
-any unix based live boot CD ( backtrack, suse, ubuntu and many more )
Steps:
-First boot the computer you wish to change/reset your password with the live boot CD
-Depends on the OS of the live boot, some will auto mount your harddisk, some wont.
-To mount your hard disk and windows partition, use the command "mount -t ntfs /dev/hda1 /mnt". some will be sda1 depends whether your HDD is SATA or IDE.
-Now your windows partition is mounted on the folder /mnt, go to the system32 folder by using this command "cd /mnt/Windows/System32"
-Now there are 4 programs in the Ease of Access, which are
magnify.exe - magnify function
narrator.exe - narrator function
osk.exe - show on screenkeyboard
utilman.exe - this will show ease of access menu
-Now we need to backup cmd.exe and any one of the above program you wish to use, i will be using utilman.exe
issue this command "cp cmd.exe cmd.exe.bak" and "cp utilman.exe utilman.exe.bak"
-Then we will overwrite utilman.exe to cmd.exe by using this command "mv cmd.exe utilman.exe"
-Our job is done here, utilman.exe is actually a command prompt.
Restart and boot normally to your windows, press the Ease of Access button, a command promt will show out.
With a command promt with system privilege, you can do anything.
Changing/Resetting of password:
"net user <yourusernamehere> *"
Please post any question here if you met any problem. Use/Try at your own risk =)
Lesson of the day, never leave your notebook/laptop unattended, all this can be done in less than 10 minutes =)