Recently my colleague shown me an article about creating a backdoor for Windows Vista and after we tried it out, it was pretty cool and I would like to share with you guys. What we gonna achieve is to create a backdoor so that we can access almost anything in the computer includes those operations that requires UAC, reset/changing admin password and etc without needing you to logon as an authenticate user. Sounds cool?
The overview of the whole thing is that by replace some of the features in Ease of Access provided by Windows Vista, we can actually brings up the command prompt console in the CAD (Ctrl+Alt+Del) Screen.
To achieve this, first you would need to logon as an administrator or whoever that has sufficient privileges to play with the Windows files. After you logon, now starts to gets your hand dirty. I am using a Windows 2008 beta Virtual PC Image for demo as I don't want to mess up with my machine.
Open up your windows explorer, navigate to C:\Windows\System32, and when you open up the properties for magnify.exe, it shows that TrustedInstaller own the file and has the rights to modify it.
In order for you to have the rights to change the file, simply open your command prompt and pump in these command :
takeown /f magnify.exe
This will update the ownership of the file to your account. Next followed by this command :
cacls magnify.exe /g administrator:f
This will grant full access to "administrator" account for magnify.exe. In case you are not running as administrator, you can grant to your current user account by changing the "administrator" to whatever name that your current user account was. After you pump in this command, you will usually prompted with a confirmation, type Y for yes to proceed. Now you hold full permission on magnify.exe, you can proceed to change the file. As for safety reasons, I would suggest that you rename the original magnify.exe instead of replacing it. For eg, type in this command:
rename magnify.exe magnify.bak
which basically will update magnify.exe to magnify.bak.
After done with the command, just copy the original cmd.exe and paste it on the same directory. You should be able to see something like "cmd - copy.exe". Just rename the copy to "magnify.exe" and logoff.
To see the wonders, simply click on the Ease of Access button at the CAD screen, and check on the Magnify option, a command prompt would be prompted out right after you click on the OK button. To double confirm you are running on what kind of user account, you can type on the following command :
whoami /user
You can also enter the GUI mode by pump in the explorer.exe command at the command prompt. The only limitations of this account is you have to depends on the command prompt mode as Windows Explorer wouldn't open when you try to trigger it by double click on My Computer icon.
*Please consume information above at your own risk and I am not responsible for any damage caused by the steps above.
Original guide that I read : http://www.computerperformance.co.uk/vista/vista_backdoor_logon.htm
0 comments:
Post a Comment