7262019 Backdoor Windows 7

httpslidepdfcomreaderfullbackdoor-windows-7 116

Backdoor to Reset Administrator

Password or Add New User in Windows 7

As long as there is physical access to a computer it is always possible to gain access to theoperating system even if it is password protected For example you can use Kon-Boot to

login to any user account in Windows with any password by booting up the computer with

the CD or USB If BIOS is secured with a password to prevent changing of boot order you

can change the jumpers or remove the battery from the motherboard to clear the CMOSsettings As long as you can boot up the computer with CD or USB there are quite a lot of

tools that allows you to reset the user account password even if you donrsquot know the original

password

Here is an interesting method which I recently discovered that allows you to plant a

backdoor to your Windows 7 operating system so that you can always reset or even add anew user account without even first logging in to Windows This method is a bit restrictive

because it requires an administrator privilege to the computer in order to make changes to

the system but it does not involve installing any third party software or changing any

system files like the old DreamPackPL

This backdoor allows you to run command prompt (cmdexe) with system privilege from

the Windows 7 login screen So with a system privilege command prompt in your handsyou can actually do a lot of stuff including creating new accounts to resetting administrator

password to gain access to the password protected Windows Check out these step-by-step

instructions

1 First make sure you are logged in as an administrator Click on the start button type

cmd in the Search programs and files bar right click on the cmdexe that is displayed on the

list and select ldquoRun as administratorrdquo

2 Copy the command below and paste it to the command prompt

REG ADD HKLMSOFTWAREMicrosoftWindows NTCurrentVersionImage File

Execution Optionssethcexe v Debugger t REG_SZ d Cwindowssystem32cmdexe

If you see the message that says ldquoThe operation completed successfullyrdquo that means you

have installed the backdoor If not make sure you are logged in to a user account withadministrator privilege and also run the cmd as administrator

7262019 Backdoor Windows 7

httpslidepdfcomreaderfullbackdoor-windows-7 216

3 When you are at the login screen you can either press the SHIFT key continuously for 5

times or Alt+Shift+PrintScreen which will open a command prompt with system privilegeYou can now do whatever you want with it such as typing

Explorer ndash To launch explorer and give you access to Start menu and taskbar Any attemptto run Windows Explorer will prompt an error saying ldquoThe server process could not be

started because the configured identity is incorrect Check the username and passwordrdquo If

you need to check the files and folders on the sytem use the dir command instead in cmd

7262019 Backdoor Windows 7

httpslidepdfcomreaderfullbackdoor-windows-7 316

Net user user_name new_password ndash This command allows you to set a new password to

any username without knowing the current password

Net user user_name password add ndash This command allows you to add a new user to the

system so you can login to Windows without touching the existing user accounts

This proof of concept has been around for a very long time and is not really an exploitwhich is why Microsoft does not intend to patch and block it To remove or uninstall the

backdoor simply delete the registry value that you have added or paste the command below

to an elevated command prompt followed by pressing the Y key to confirm the deletion

REG DELETE HKLMSOFTWAREMicrosoftWindows NTCurrentVersionImage FileExecution Optionssethcexe

Here is a simple explanation on how this backdoor works In the Windows login screen

you are allowed to turn on sticky keys or high contrast using the hotkeys (Shift x 5 OR

Alt+Shift+PrintScreen) Attempting to turn on either one with launch the sethcexe fileAdding the provided registry will tell Windows that you want to run cmdexe as a debugger

for sethcexe but the problem is Windows does not check if it is a valid debugger So

whenever you try to launch sticky keys or high contrast in the Windows 7 login screen youwill run the command prompt instead

7262019 Backdoor Windows 7

httpslidepdfcomreaderfullbackdoor-windows-7 416

Below is a video demo to show how the whole thing works

Unlock Create a hidden or invisible drive

Tip How to execute an app during Windows startup

Updated Adding Desktop Right-Click Menu items using Registry and Regdevelop

Unlock For Us

Hidden Backdoor in Windows 7Vista Welcome Screen

Ok This is fun Anyone of you watch the famous 1995 movie The Net by Sandra

Bullock The Famous Praetorian PI was used as a backdoor to access password-protected

sites Can we create a vista backdoor something like that in Windows Vista or 7 Yes you

Can How

The Clue The Ease of Access Program

Where The 624kb Utilmanexe is the key located at System Folder

Steps

Open the Folder WindowsSystem32 and check the Properties of Utilmanexe

7262019 Backdoor Windows 7

httpslidepdfcomreaderfullbackdoor-windows-7 316

Net user user_name new_password ndash This command allows you to set a new password to

any username without knowing the current password

Net user user_name password add ndash This command allows you to add a new user to the

system so you can login to Windows without touching the existing user accounts

This proof of concept has been around for a very long time and is not really an exploitwhich is why Microsoft does not intend to patch and block it To remove or uninstall the

backdoor simply delete the registry value that you have added or paste the command below

to an elevated command prompt followed by pressing the Y key to confirm the deletion

REG DELETE HKLMSOFTWAREMicrosoftWindows NTCurrentVersionImage FileExecution Optionssethcexe

Here is a simple explanation on how this backdoor works In the Windows login screen

you are allowed to turn on sticky keys or high contrast using the hotkeys (Shift x 5 OR

Alt+Shift+PrintScreen) Attempting to turn on either one with launch the sethcexe fileAdding the provided registry will tell Windows that you want to run cmdexe as a debugger

for sethcexe but the problem is Windows does not check if it is a valid debugger So

whenever you try to launch sticky keys or high contrast in the Windows 7 login screen youwill run the command prompt instead

7262019 Backdoor Windows 7

httpslidepdfcomreaderfullbackdoor-windows-7 416

Below is a video demo to show how the whole thing works

Unlock Create a hidden or invisible drive

Tip How to execute an app during Windows startup

Updated Adding Desktop Right-Click Menu items using Registry and Regdevelop

Unlock For Us

Hidden Backdoor in Windows 7Vista Welcome Screen

Ok This is fun Anyone of you watch the famous 1995 movie The Net by Sandra

Bullock The Famous Praetorian PI was used as a backdoor to access password-protected

sites Can we create a vista backdoor something like that in Windows Vista or 7 Yes you

Can How

The Clue The Ease of Access Program

Where The 624kb Utilmanexe is the key located at System Folder

Steps

Open the Folder WindowsSystem32 and check the Properties of Utilmanexe

7262019 Backdoor Windows 7

httpslidepdfcomreaderfullbackdoor-windows-7 416

Below is a video demo to show how the whole thing works

Unlock Create a hidden or invisible drive

Tip How to execute an app during Windows startup

Updated Adding Desktop Right-Click Menu items using Registry and Regdevelop

Unlock For Us

Hidden Backdoor in Windows 7Vista Welcome Screen

Ok This is fun Anyone of you watch the famous 1995 movie The Net by Sandra

Bullock The Famous Praetorian PI was used as a backdoor to access password-protected

sites Can we create a vista backdoor something like that in Windows Vista or 7 Yes you

Can How

The Clue The Ease of Access Program

Where The 624kb Utilmanexe is the key located at System Folder

Steps

Open the Folder WindowsSystem32 and check the Properties of Utilmanexe

7262019 Backdoor Windows 7

httpslidepdfcomreaderfullbackdoor-windows-7 516

Problem My current Logon Username Lawrence and Administrators has no Permissionno modify the file Thus If you try to rename the file it will give you the message

Destination Folder Access is Denied You need permission to perform this action

Normally Winbubble Context Menu Take the Ownership of this file can add the

permission but this time you cant (The Next Version can do it easily)

Also Most of the Buttons are Disabled

How to Add the permission

7262019 Backdoor Windows 7

httpslidepdfcomreaderfullbackdoor-windows-7 616

Prevention is better than Cure To easily recover your system from any problems Create

a Restore Point First using the Context Menu that can be created by WinBubbles Read here

or you can do it manually Win+R gt rundll32exe shell32dllControl_RunDLL

sysdmcpl4 gt Create Button gt Enter the name

1 Take the Ownership Of the File using the LONG METHOD Click here and Right-Clickthe file gt Properties gt Go to Security Tab gt To change Permission Click Edit Button gt

Click Administrator gt Click to Check Allow Setting of Full Control option box

Another Way because I understand that your a Geek

Open Command Prompt as Administrator Start Search gt type CMD gt PressCTRL+ALT+Enter gt Enter the Following commands

a takeown f DirectoryFile

eg takeown f cwindowssystem32Utilmanexe

b icacls DirectoryFile grant administratorsF

eg

icacls cwindowssystem32Utilmanexe grant

administratorsF

If you didnt open CMDexe as administrator youll get this message

ERROR The current logged on user does not have ownership privileges on the file (or

folder) cwindowssystem32Utilmanexe

2 Rename Utilmanexe to any for backup example Utilman_oldexe

7262019 Backdoor Windows 7

httpslidepdfcomreaderfullbackdoor-windows-7 716

3 Create a copy of cmdexe (CTRL+Drag)

4 Rename the Copy - cmd to Utilman

Thats It

Go to your Welcome Screen Start Menu gt At the Bottom Click the Right Arrow gt SwitchUser

5 Click the Blue Magic Button pointed by the arrow as shown in the first Picture above

You have now successfully launch a Command Prompt in Administrator mode with UACdisabled

Doesnt Work Possible Mistake In your Folder Option Window gt View Tab gt If Hide

extensions for known file types is checked Dont rename it to Utilmanexe use

Utilman ONLY

7262019 Backdoor Windows 7

httpslidepdfcomreaderfullbackdoor-windows-7 816

NEW Using the newest version of WinBubble you can easily get this functionality in just

few clicks

Click the Windows 7Utilities Tab Logon Tools option

Click Yes and Restart your PC Works great in Windows 7 3264 bit version

NOTE You need to re-open again the program after restarting your computer and repeat

the procedure again to be able to activate the feature

SWEET Start Hacking your own computer )

Now its fine for me to forget my password without creating a password reset disk or byhacking and clearing Vista Password using a Linux OS Create a Backdoor instead Is this

bad Of course this is bad if youll use it that way

Net user [Username] [NewPassword]

For more Information Read Here

Is this legal Yes it is My steps needs the Administrator login to create a backdoor andIf you do this by using another OS like Linux to another computer Thats the time it will

became Illegal

Type whoami all |more

7262019 Backdoor Windows 7

httpslidepdfcomreaderfullbackdoor-windows-7 916

Now we can see that System logon is the one running when you input Username and

Password in the Welcome Screen

Try typing taskmgrexe (Browse Button lets you run a mini-windows explorer) Notepad

and even Explorerexe

In my observations

Windows Firewall is ON (Great)

Spyware and other Malware Protection is ON (Great)

User Account Control is OFF

You can browse the Internet

The Location of Desktop cWindowsSystem32configsystemprofileDesktop

Launch Windows Media Player Windows Calendar Windows Mail and many more

Note There is a possibility that the guide above will work in latest build (RC version) ofWindows 7 Due to License and some legal concerns I cant reveal any data Tell me

ENJOY LEARNING WINDOWS

6 Comments

vince said

nice hack but wont that just defeat the purpose of the welcome screen why not

just forget your password for your username all together and boot directly to thedesktop )

November 20 2008 at 1011 PM

Anonymous said

Wait are you saying that you have Windows 7 Beta Just wondering Or can younot tell us that either

November 20 2008 at 1132 PM

Anonymous said

It works I have Windows 7 Build 6801 leaked from torrents and it worked

perfectly I am waiting to download The Net (1995) I am curious )

November 22 2008 at 1123 PM

Nura M said

Hi

I have forgotten that movie(The Net) you were talking about I do not know if I may

7262019 Backdoor Windows 7

httpslidepdfcomreaderfullbackdoor-windows-7 1016

be opportuned to have a look at it(refer me to site ) so that I can answer the

question

I WISH TO HAVE MORE OF YOUR EDUCATING INFORMATION

Thanks Nura

November 23 2008 at 944 PM

Anonymous said

Unlock Create a hidden or invisible drive

Tip How to execute an app during Windows startup

Updated Adding Desktop Right-Click Menu items using Registry and Regdevelop

Unlock For Us

Hidden Backdoor in Windows 7Vista Welcome Screen

Ok This is fun Anyone of you watch the famous 1995 movie The Net by Sandra

Bullock The Famous Praetorian PI was used as a backdoor to access password-protectedsites Can we create a vista backdoor something like that in Windows Vista or 7 Yes you

Can How

The Clue The Ease of Access Program

Where The 624kb Utilmanexe is the key located at System Folder

7262019 Backdoor Windows 7

httpslidepdfcomreaderfullbackdoor-windows-7 1116

Steps

Open the Folder WindowsSystem32 and check the Properties of Utilmanexe

Problem My current Logon Username Lawrence and Administrators has no Permission

no modify the file Thus If you try to rename the file it will give you the message

Destination Folder Access is Denied You need permission to perform this action

Normally Winbubble Context Menu Take the Ownership of this file can add the

permission but this time you cant (The Next Version can do it easily)

Also Most of the Buttons are Disabled

7262019 Backdoor Windows 7

httpslidepdfcomreaderfullbackdoor-windows-7 1216

How to Add the permission

Prevention is better than Cure To easily recover your system from any problems Createa Restore Point First using the Context Menu that can be created by WinBubbles Read here

or you can do it manually Win+R gt rundll32exe shell32dllControl_RunDLL

sysdmcpl4 gt Create Button gt Enter the name

1 Take the Ownership Of the File using the LONG METHOD Click here and Right-Click

the file gt Properties gt Go to Security Tab gt To change Permission Click Edit Button gtClick Administrator gt Click to Check Allow Setting of Full Control option box

Another Way because I understand that your a Geek

Open Command Prompt as Administrator Start Search gt type CMD gt Press

CTRL+ALT+Enter gt Enter the Following commands

a takeown f DirectoryFile

eg takeown f cwindowssystem32Utilmanexe

b icacls DirectoryFile grant administratorsF

eg

icacls cwindowssystem32Utilmanexe grant

administratorsF

If you didnt open CMDexe as administrator youll get this message

ERROR The current logged on user does not have ownership privileges on the file (or

folder) cwindowssystem32Utilmanexe

2 Rename Utilmanexe to any for backup example Utilman_oldexe

7262019 Backdoor Windows 7

httpslidepdfcomreaderfullbackdoor-windows-7 1316

3 Create a copy of cmdexe (CTRL+Drag)

4 Rename the Copy - cmd to Utilman

Thats It

Go to your Welcome Screen Start Menu gt At the Bottom Click the Right Arrow gt Switch

User

5 Click the Blue Magic Button pointed by the arrow as shown in the first Picture above

You have now successfully launch a Command Prompt in Administrator mode with UACdisabled

7262019 Backdoor Windows 7

httpslidepdfcomreaderfullbackdoor-windows-7 1416

Doesnt Work Possible Mistake In your Folder Option Window gt View Tab gt If Hide

extensions for known file types is checked Dont rename it to Utilmanexe use

Utilman ONLY

NEW Using the newest version of WinBubble you can easily get this functionality in just

few clicks

Click the Windows 7Utilities Tab Logon Tools option

Click Yes and Restart your PC Works great in Windows 7 3264 bit version

NOTE You need to re-open again the program after restarting your computer and repeat

the procedure again to be able to activate the feature

SWEET Start Hacking your own computer )

Now its fine for me to forget my password without creating a password reset disk or by

hacking and clearing Vista Password using a Linux OS Create a Backdoor instead Is this

bad Of course this is bad if youll use it that way

Net user [Username] [NewPassword]

For more Information Read Here

Is this legal Yes it is My steps needs the Administrator login to create a backdoor and

If you do this by using another OS like Linux to another computer Thats the time it will

became Illegal

Type whoami all |more

7262019 Backdoor Windows 7

httpslidepdfcomreaderfullbackdoor-windows-7 1516

Now we can see that System logon is the one running when you input Username and

Password in the Welcome Screen

Try typing taskmgrexe (Browse Button lets you run a mini-windows explorer) Notepad

and even Explorerexe

In my observations

Windows Firewall is ON (Great)

Spyware and other Malware Protection is ON (Great)

User Account Control is OFF

You can browse the Internet

The Location of Desktop cWindowsSystem32configsystemprofileDesktop

Launch Windows Media Player Windows Calendar Windows Mail and many more

Note There is a possibility that the guide above will work in latest build (RC version) ofWindows 7 Due to License and some legal concerns I cant reveal any data Tell me

ENJOY LEARNING WINDOWS

6 Comments

vince said

nice hack but wont that just defeat the purpose of the welcome screen why not just forget your password for your username all together and boot directly to thedesktop )

November 20 2008 at 1011 PM

Anonymous said

Wait are you saying that you have Windows 7 Beta Just wondering Or can younot tell us that either

November 20 2008 at 1132 PM

Anonymous said

7262019 Backdoor Windows 7

httpslidepdfcomreaderfullbackdoor-windows-7 1616

It works I have Windows 7 Build 6801 leaked from torrents and it worked perfectly I am waiting to download The Net (1995) I am curious )

November 22 2008 at 1123 PM

Nura M said

HiI have forgotten that movie(The Net) you were talking about I do not know if I may

be opportuned to have a look at it(refer me to site ) so that I can answer the

questionI WISH TO HAVE MORE OF YOUR EDUCATING INFORMATION

Thanks

Nura

November 23 2008 at 944 PM

Anonymous said