This is one of the old tricks that was used to hack windows password, it works even today is big surprise. So lets see how this works.
Vulnerability:
When you press shift, alt or ctrl for more than 5 times windows opens sticky keys options for you. But this is not vulnerability, vulnerability is that it even works when you are on log-in screen. Our this hack uses this vulnerability to hack administrator password, works nearly in all versions of windows.
Procedure:
To make this work first of all take a bootable CD, Linux live CD can be preferred. Now browse through “C:\Windows\System32” folder and search for sethc.exe file, this is the file which is called when you press shift, alt or ctrl more than five times. Rename this file to anything and search for cmd.exe file, create its copy and rename that file to sethc.exe. Now reboot your system when your log-in screen will appear press shift key more than five times command prompt will open in front of you. Type following commands,
c:\>net user
It 'll show you number of users of that system watch for “administrator”. If it is not present there type following commands for each user
c:\>net user <username>
and check its “Local Group Membership” for administrator. Once found administrator type following commands,
c:\>net use {administrator/user with administrator privileges} 12345
Press enter now login to administrator account with password 12345. By using above command you'll reset password of administrator to 12345. You can use any password that comes to your mind. Please try this on your virtual system(for more info on virtual system read “Basic Lab Setup For Hacker”).
Counter Measure: Disable all sticky keys option, its just that simple.
Note: I know I started windows hacking phase without completing reconnaissance/footprinting. But I think you'll get bored if we will continue only reconnaissance because reconnaissance is completely passive phase so I thought its better to keep things interesting. We will cover reconnaissance and windows hacking in parallel. Don't forget to tell me your views about above hack. Thanks for reading and keep visiting.
No comments:
Post a Comment