Windows Admin Password Exploit

Steps to use the exploit

  • Boot using any live cd to access the hard drive
  • Replace C:\Windows\System32\sethc.exe with C:\Windows\System32\cmd.exe
  • Reboot
  • On Login Screen hit Shift key 5 times
  • net user "username" "newpassword" [without quotes]
  • Voila!

To secure your system from this venerability, these steps could slow down / stop the attacker.

  • Disable booting using removable media using UEFI / BIOS & protect with password
  • Full System Encryption
  • Disable Sticky Keys
  • Physical Security for the hardware