March 11, 2010

Hacking Windows

In this post , I would be focusing on a simple hacking strategy. I would be explaining how to access a system(Windows) to which you have no access. Let me elaborate the scenario. Suppose you want to access your friend’s desktop when he is on leave. You actually need to get some important document from his computer that is related to your project and you are not able to get him online to get his password so that you can have access to his system, in such a case you can use the below mentioned method. This is one of the good uses out of it. But as you all know, the negative side would be more attractive for the most where you can access your administrator’s system on his absence, you can peep into your boss’ system, the list goes on and on.

Concept
In Windows, the feature you can have access to before logging into the system is “sticky keys”. This is actually not in a flaw in the system, but its devised so that even physically challenged people can access the system with much ease. But, unfortunately, we have tapped the functionality for some “other” purposes. Now our procedure is basically developed on exploiting this property of Windows. But to use this property , you should at least get 30 seconds access to the system you are planning to hack. The file that executes Sticky Key is present in "C:\WINDOWS\system32" and the name of the file is “sethc.exe”.

Procedure
Step.1: Copy the file “cmd.exe” from “C:\WINDOWS\system32” to any other folder.
Step.2: Rename the file as “sethc.exe”.
Step.3: Copy the file back to “C:\WINDOWS\system32”.A message would pop up asking if the existing file needs to be replaced.Click on "Yes". ( It is advised that you copy the original sethc.exe file to some other folder intially)
Step.4: Now log off the system.
Step.5: Now press Shift key 5 times and you can see your command window opening up on the login screen.

This is not over yet. Now type in “ start explorer.exe ” and you can see the whole start menu popping up in the login screen. Now use them on your will. So you are actually using the system without even logging in.Now since you have command prompt ready for you to use, I guess you know the power you have got. In the next post, I would be talking about how to tweak it further.

Note:Try this at your own risk :)

Courtesy:Kyrion Technologies

5 comments:

dinooz said...

good one machu..
Finally a really useful post !! lols..
I'm gonna try it soon on ma roomate's system !! hope he never reads this !

" 007 - 7 " said...

Hmmmmm

Rahul said...

Varun..thats a really good(!!) post..
Lemme add something to that..
We have a powerful command called "net user" in windows.what is more interesting is, you can add and modify any account details,u can even change the password of an existing user..ALL THESE WITHOUT SUPPLING ANY PASSWORDS!!!!..All you need is an access to Command prompt!
Thanx to varun,he came up with a brilliant idea to access command prompt..
Syntax: net user
google for additional details!

I'm not sure why microsoft kept a loophole like this..We are supposed to prompt for the current password to reset with a new password,right??I think that is a bug..
Share ur views...

Rahul Erai

Unknown said...

@ Rahul This is nt actually a bug, but u r actually tweaking sticky key functionality and precisely creating a back door. Cant take it as a bug. and also remember u atleast need to get administrator access once to implement this

Rahul said...

@Appu..
Appreciate ur comment..
But i was not talking about the stuff VArun discussed!I was speaking about "net user" command that is provided in windows...Using that,we can change any existing password without even knowing it!!!