Tweet
>>> To gain administrative privileges on almost any Windows 7/8 computer with no tools, you can power off the system, power it on and as Windows is loading, kill it. Power it on again and repeat. The next time you power it on, Windows Startup Repair will load.
Once it’s performed it’s Scan for Problems, there is a little link to view the log file it generates. This opens up in Notepad. Whilst this is open, you can go to File > Open and bam, you have System level access to all files on the Computer.
To gain administrative priviliges when Windows is properly booted, you can go to C:\Windows\System32 and rename “sethc.exe” to “sethc.bak” (this is the .exe for the Sticky Keys application). Next, in the same folder, make a COPY of cmd.exe and rename that COPY to sethc.exe - you have just replaced Sticky Keys with Command Prompt.
Now reboot and the proper version of Windows will load, at the logon Screen press Shift 5 times in rapid succession to load up ‘Sticky Keys’ - but because you replaced it, it will actually load up Command Prompt at the Logon Screen. And due to the way Windows was developed, at the Logon Screen you may think you’re not logged in as anyone, but you have to be for apps like WINLOGON.EXE to load so at the login screen, you’re technically logged in as System. So when the Command Prompt pops up you have complete control over the system. You can create a new administrator account by entering the following commands line by line followed by Enter:
then reboot the system and when it loads back up, there will be a new account called “Localadmin” with the password “12345” - and this account is an administrator. Log in and do as you wish.
For Windows 10 and Up to Date Windows 7/8 versions you will need to boot into a portable OS such as Linux to achieve this, as Microsoft patched the whole “notepad” trick in Startup Repair.<<<
Source: I get myself into trouble a lot.
323.7k Views · 3,786 Upvotes
>>> Indeed, once you have actual physical access to the machine, so much becomes easy.<<<
Kevin Borders, Former NSA Employee
Updated May 19, 2014 · Featured in HuffPost
https://www.quora.com/What-are-some-...st-people-dont
Steve A.
Once it’s performed it’s Scan for Problems, there is a little link to view the log file it generates. This opens up in Notepad. Whilst this is open, you can go to File > Open and bam, you have System level access to all files on the Computer.
To gain administrative priviliges when Windows is properly booted, you can go to C:\Windows\System32 and rename “sethc.exe” to “sethc.bak” (this is the .exe for the Sticky Keys application). Next, in the same folder, make a COPY of cmd.exe and rename that COPY to sethc.exe - you have just replaced Sticky Keys with Command Prompt.
Now reboot and the proper version of Windows will load, at the logon Screen press Shift 5 times in rapid succession to load up ‘Sticky Keys’ - but because you replaced it, it will actually load up Command Prompt at the Logon Screen. And due to the way Windows was developed, at the Logon Screen you may think you’re not logged in as anyone, but you have to be for apps like WINLOGON.EXE to load so at the login screen, you’re technically logged in as System. So when the Command Prompt pops up you have complete control over the system. You can create a new administrator account by entering the following commands line by line followed by Enter:
Code:
net user localadmin /add net localgroup administrators localadmin /add net user localadmin 12345
For Windows 10 and Up to Date Windows 7/8 versions you will need to boot into a portable OS such as Linux to achieve this, as Microsoft patched the whole “notepad” trick in Startup Repair.<<<
Source: I get myself into trouble a lot.
323.7k Views · 3,786 Upvotes
>>> Indeed, once you have actual physical access to the machine, so much becomes easy.<<<
Kevin Borders, Former NSA Employee
Updated May 19, 2014 · Featured in HuffPost
https://www.quora.com/What-are-some-...st-people-dont
Steve A.
, hope this helps.
Comment