Saturday, November 12, 2011

Breaking Windows 8 Authentication

Think all of the IT users know what does sticky key does. If you are not sure what is those , I got some good article that mention about it here. It may bring some good useability to some of the users. But it also can bring some vulnerabilities to the windows if it is not handle properly. What I want to show you here will be where by you have a scenario where by username is unknown and you will need to have access to the windows machine. Yet in the market there is plenty of tools to do so, but do you know that certain tweak in the windows you can gain access to the cmd and reset the password. Sethc is nothing but sticky keys program which is present in system32 files.

The concern I want to raise here is, how many of us did aware of this issue?How many of us validate the files integrity in the server in a week?


Step for Windows XP
Step 1. Goto c:\windows\system32
Step 2. Rename the file sethc.exe to sethc.exe.bak
Step 3. Copy cmd.exe to sethc.exe
Step 4. Now log off and in press the key 5 times


Step for Windows 7, Vista, 8
Step 1. Goto c:\windows\system32
Step 2 Right click on sethc.exe and run as administrator.
Step 3 Again right click on sethc.exe, open properties.
Step 4 Click on Advanced tab , then on owner 
Step 5 Click edit, change the owner from "trusted installer" to "administrator" and click apply.
Step 6. Rename the file sethc.exe to sethc.exe.bak
Step 7. Copy cmd.exe to sethc.exe
Step 8. Now log off and in press the key 5 times

Here you go, a sample video how it look like. You can view this video at my youtube channel as well @ http://www.youtube.com/watch?v=Fg913McTRIU



Don't learn to hack... hack to learn!!!!

I am interested in hearing your feedback, so that I can improve my articles and learning resources for you.

2 comments:

  1. sir windows8 me advanved ke ander OWNER ka to option hi nahi hai
    but win7 me h.

    ReplyDelete
  2. no one says how to do it...(copy and replace).... we require abhove admin privilage in win 8....

    ReplyDelete