- Boot your computer with any live CD / DVD that supports mounting a NTFS drive (preferably live CDs of any Linux) .
- Proceed with mounting the Windows root drive from your live CD session and navigate to the "%WINDIR%\System32" folder.
- Here, create a backup copy of 'utilman.exe' by renaming it as 'utilman.exe.bak' and rename 'cmd.exe' to 'Utilman.exe'.
- Now restart the computer and boot the Windows OS, when you are at the login screen you have to invoke the Utility manager by pressing 'Ctrl+U'; but instead of the utility manager in this case you are presented with a 'no holds barred' command prompt, with SYSTEM privileges.
And that is how your lil bro can pwn Windows.
Surely a brand of operating systems thats almost getting its seventh version out must do something about this scenario, considering that it is a major player in the business.
EDIT: LOL ... even windows 7 is not secure against this; and this works even if 'cmd.exe' replaces other applications like the onscreen-keyboard(osk.exe), which are accessible from the login screen; you just have to follow the procedure to start whatever 'exe' you replaced with 'cmd.exe', to be able to access the prompt.
I'm trying to come with a workaround to this problem, been tinkering with the registry. I'll post the solution as soon as possible.
0 comments:
Post a Comment
Write your comment here