Author: Awolf
Starter: Awolf's Security Blog
I. Cause
That day, my brother's computer was taken back with great sweat. But when I got home, I had to enter the system and asked for a password n times. The password was wrong. (Forgot) I used a usb keyboard to crack the program with a ghost system disk and the keyboard could not be used to crack the program. So I have this article.
Ii. Principles
Windows PE stands for Windows Preinstallation Environment, namely, Microsoft Windows pre-installation Environment. It is a Windows XP Professional tool running in protection mode and has only a few (but very core) the Win32 subsystem of the service. A key function is to operate files on the original system disk.
Later I think of the idea of sticking backdoors in a few days ago. In this way, you can successfully bypass the password verification of adminstrator and directly create a system administrator. Then, use the user you just created to delete the original administrator password. The principle is very simple. Let's take a look at the practice.
Iii. Practical actions
1. Prepare the PE system. The following two methods (key 2)
1.1 if your computer has an optical drive, it will be easy to purchase a system disk with PE, a lot on the market. (I own an optical drive)
1.2 here I will not go into details, refer to: http://www.awolf07.cn/bbs/viewthread.php? Tid = 18 &; extra = page % 3D1
2. Use shift to paste the backdoor.
Put it simply: after using the pesystem you just created, replace c: windowssystem32sethc.exe with cmd.exe.
In this way, you do not need to boot the PE system to restart the system. If you press shift key 5 consecutively, the system will jump out of cmd and execute the command to add a super administrator. It's done .. The following things are all done by yourself.
(In fact, this magnifier works the same way)