Change Windows administrator password with win7 operating system sticky key vulnerability

Last Update:2016-07-20 Source: Internet

Author: User

Tags net command administrator password

Developer on Alibaba Coud: Build your first app with APIs, SDKs, and tutorials on the Alibaba Cloud. Read more ＞

This tutorial focuses on using the Windows System Sticky Key vulnerability implementation to replace the CMD command prompt and then use the Net command to change the Windows password. First, when we get a computer, we definitely need to get the administrator privileges on this computer. Find the computer icon right-click Admin Open, Find local Users and groups, double-click inside the user button,

650) this.width=650; "Src=" Http://s1.51cto.com/wyfs02/M00/84/63/wKioL1ePLdrCAEBMAABuEGp3uuA623.jpg-wh_500x0-wm_3 -wmp_4-s_3103570370.jpg "style=" Float:none; "title=" 1.jpg "alt=" Wkiol1epldrcaebmaabuegp3uua623.jpg-wh_50 "/>

After you expand the user, you see a small black arrow below the "Administrator" user on the right, which indicates that the account is disabled. We now need to enable the account, so double-click the "Administrator" account Pop-up Properties dialog box, the "account is disabled" before the tick off,

650) this.width=650; "Src=" Http://s1.51cto.com/wyfs02/M00/84/63/wKiom1ePLdvCIuOeAADoUNxl1zc789.jpg-wh_500x0-wm_3 -wmp_4-s_796080600.jpg "style=" Float:none; "title=" 2.jpg "alt=" Wkiom1epldvciuoeaadounxl1zc789.jpg-wh_50 "/>

Then we log off the current computer, go to the Account selection screen, here we see there are two accounts, one of which is "Administrator" account and the other is a regular user account, we choose to enter the "Administrator" Administrator account,

650) this.width=650; "Src=" Http://s2.51cto.com/wyfs02/M01/84/63/wKioL1ePLduRRSaTAAFNerg6UMA016.jpg-wh_500x0-wm_3 -wmp_4-s_2476211876.jpg "style=" Float:none; "title=" 3.jpg "alt=" Wkiol1epldurrsataafnerg6uma016.jpg-wh_50 "/>

When we go in, it means that we can take the next step of extracting permission work. Open "C:\Windows" to find the "System32" folder,

650) this.width=650; "Src=" Http://s2.51cto.com/wyfs02/M00/84/63/wKioL1ePLduTF1Y1AAD8jvfyl6k494.png-wh_500x0-wm_3 -wmp_4-s_675308019.png "style=" Float:none; "title=" 4.png "alt=" Wkiol1epldutf1y1aad8jvfyl6k494.png-wh_50 "/>

Right-click the file to select Properties,

650) this.width=650; "Src=" Http://s2.51cto.com/wyfs02/M01/84/63/wKiom1ePLdywbo5kAAEqt9qtbQc957.png-wh_500x0-wm_3 -wmp_4-s_3011233405.png "style=" Float:none; "title=" 5.png "alt=" Wkiom1epldywbo5kaaeqt9qtbqc957.png-wh_50 "/>

Open Properties Select the "Advanced" option on the "Security" tab,

650) this.width=650; "Src=" Http://s2.51cto.com/wyfs02/M01/84/63/wKioL1ePLdzRtFbjAAFYA-KCZF8698.png-wh_500x0-wm_3 -wmp_4-s_752749244.png "style=" Float:none; "title=" 6.png "alt=" Wkiol1epldzrtfbjaafya-kczf8698.png-wh_50 "/>

Open and click on the "Owner" tab,

650) this.width=650; "Src=" Http://s2.51cto.com/wyfs02/M01/84/63/wKiom1ePLdzA9GLVAAGE4h1GYXg299.png-wh_500x0-wm_3 -wmp_4-s_909268995.png "style=" Float:none; "title=" 7.png "alt=" Wkiom1epldza9glvaage4h1gyxg299.png-wh_50 "/>

When opened, we need to configure permissions for the administrator, change the owner from "trustedinstalled" to "Administrators", click the "Edit" button,

650) this.width=650; "Src=" Http://s2.51cto.com/wyfs02/M02/84/63/wKioL1ePLd2T_6FjAAEpAKkJHug485.png-wh_500x0-wm_3 -wmp_4-s_3505124540.png "style=" Float:none; "title=" 8.png "alt=" Wkiol1epld2t_6fjaaepakkjhug485.png-wh_50 "/>

After you open the second "Administrators" in the list, and tick the "replace the child container and the object owner" below, click OK, then the system will change, the middle will pop up the prompt box select "Yes" to replace the directory permissions.

650) this.width=650; "Src=" Http://s5.51cto.com/wyfs02/M02/84/63/wKiom1ePLd3TPVGSAADh7fltNbI514.png-wh_500x0-wm_3 -wmp_4-s_888842597.png "style=" Float:none; "title=" 9.png "alt=" Wkiom1epld3tpvgsaadh7fltnbi514.png-wh_50 "/>

650) this.width=650; "Src=" Http://s5.51cto.com/wyfs02/M02/84/63/wKiom1ePLd7Bn7ImAAEJKEyUS38798.png-wh_500x0-wm_3 -wmp_4-s_2684144302.png "style=" Float:none; "title=" 10.png "alt=" Wkiom1epld7bn7imaaejkeyus38798.png-wh_50 "/>

650) this.width=650; "Src=" Http://s1.51cto.com/wyfs02/M00/84/63/wKioL1ePLd6TtHz4AAFwL7PdvOg604.png-wh_500x0-wm_3 -wmp_4-s_2635506225.png "style=" Float:none; "title=" 11.png "alt=" Wkiol1epld6tthz4aafwl7pdvog604.png-wh_50 "/>

650) this.width=650; "Src=" Http://s1.51cto.com/wyfs02/M02/84/63/wKioL1ePLd7z2yVtAAE6eWHWi6w683.png-wh_500x0-wm_3 -wmp_4-s_265268415.png "style=" Float:none; "title=" 12.png "alt=" Wkiol1epld7z2yvtaae6ewhwi6w683.png-wh_50 "/>

Click OK when the changes are complete

650) this.width=650; "Src=" Http://s1.51cto.com/wyfs02/M00/84/63/wKiom1ePLd-RqqFVAAExk-2rCws314.png-wh_500x0-wm_3 -wmp_4-s_2125640086.png "style=" Float:none; "title=" 13.png "alt=" Wkiom1epld-rqqfvaaexk-2rcws314.png-wh_50 "/>

Then we see that the owner changed to "Administrators" to indicate that this step was successful and then return to the Permissions tab.

650) this.width=650; "Src=" Http://s1.51cto.com/wyfs02/M01/84/64/wKioL1ePLd_gsFL5AAEJB1kAudE488.png-wh_500x0-wm_3 -wmp_4-s_1112129008.png "style=" Float:none; "title=" 14.png "alt=" Wkiol1epld_gsfl5aaejb1kaude488.png-wh_50 "/>

Click on the "Change Permissions" tab,

650) this.width=650; "Src=" Http://s1.51cto.com/wyfs02/M01/84/63/wKiom1ePLd_i9U9SAAEeHpOfIao808.png-wh_500x0-wm_3 -wmp_4-s_1737575510.png "style=" Float:none; "title=" 15.png "alt=" Wkiom1epld_i9u9saaeehpofiao808.png-wh_50 "/>

The line suffix that starts with "Administrators" When you click Open is "Subfolders and files only." Tick the checkbox below, "Replace all child object permissions with permissions inherited from this object", then click OK

650) this.width=650; "Src=" Http://s1.51cto.com/wyfs02/M00/84/63/wKiom1ePLeCyux1AAAELPB0jSL0947.png-wh_500x0-wm_3 -wmp_4-s_463254408.png "style=" Float:none; "title=" 16.png "alt=" Wkiom1eplecyux1aaaelpb0jsl0947.png-wh_50 "/>

When you click OK, a warning pops up, select "Yes" to continue,

650) this.width=650; "Src=" Http://s5.51cto.com/wyfs02/M02/84/64/wKioL1ePLeCxRDIXAAD2kXLuL68057.png-wh_500x0-wm_3 -wmp_4-s_3385139782.png "style=" Float:none; "title=" 17.png "alt=" Wkiol1eplecxrdixaad2kxlul68057.png-wh_50 "/>

After continuing, the system will pop up a warning box again, click "Yes" to continue,

650) this.width=650; "Src=" Http://s5.51cto.com/wyfs02/M02/84/63/wKiom1ePLeDwQVvgAAEcmoQmieY425.png-wh_500x0-wm_3 -wmp_4-s_2802652661.png "style=" Float:none; "title=" 18.png "alt=" Wkiom1epledwqvvgaaecmoqmiey425.png-wh_50 "/>

After the operation, click "OK", then we go back to the "System32" property tab, click on the "Security" button, and then click on the "Edit" button below,

650) this.width=650; "Src=" Http://s5.51cto.com/wyfs02/M00/84/64/wKioL1ePLeHBuKXDAAHMHHHh9h4542.png-wh_500x0-wm_3 -wmp_4-s_2485733011.png "style=" Float:none; "title=" 19.png "alt=" Wkiol1eplehbukxdaahmhhhh9h4542.png-wh_50 "/>

Users who clicked "Administrators"

650) this.width=650; "Src=" Http://s5.51cto.com/wyfs02/M00/84/64/wKioL1ePLeGwti1kAAE7rS10lc4346.png-wh_500x0-wm_3 -wmp_4-s_1177498311.png "style=" Float:none; "title=" 20.png "alt=" Wkiol1eplegwti1kaae7rs10lc4346.png-wh_50 "/>

Give the "Administrators" account Full Control, tick the checkbox after "Full Control", then click "OK",

650) this.width=650; "Src=" Http://s5.51cto.com/wyfs02/M00/84/63/wKiom1ePLeKiErYdAAFDA2gVzzY658.png-wh_500x0-wm_3 -wmp_4-s_3237879863.png "style=" Float:none; "title=" 21.png "alt=" Wkiom1eplekierydaafda2gvzzy658.png-wh_50 "/>

Pop-up Warning box, select "Yes" to continue,

650) this.width=650; "Src=" Http://s5.51cto.com/wyfs02/M01/84/64/wKioL1ePLeLQuZs0AAFJZTx14S8913.png-wh_500x0-wm_3 -wmp_4-s_2118416529.png "style=" Float:none; "title=" 22.png "alt=" Wkiol1eplelquzs0aafjztx14s8913.png-wh_50 "/>

Now that you have the control permission for the "System32" folder, we need to override the Sticky key function with the cmd command prompt. Open cmd as an administrator,

650) this.width=650; "Src=" Http://s5.51cto.com/wyfs02/M01/84/63/wKiom1ePLeLBEFB3AACQ5Kuv2HQ024.jpg-wh_500x0-wm_3 -wmp_4-s_3242027690.jpg "style=" Float:none; "title=" 23.jpg "alt=" Wkiom1eplelbefb3aacq5kuv2hq024.jpg-wh_50 "/>

Open cmd after input command: "Copycmd.exe Sethc.exe",

650) this.width=650; "Src=" Http://s4.51cto.com/wyfs02/M01/84/63/wKiom1ePLeTSkiO4AAOgDpxYBgs736.png-wh_500x0-wm_3 -wmp_4-s_3422496296.png "style=" Float:none; "title=" 24.png "alt=" Wkiom1epletskio4aaogdpxybgs736.png-wh_50 "/>

After that, you will be prompted to overwrite, enter "Yes" and prompt for the copy to succeed,

650) this.width=650; "Src=" Http://s2.51cto.com/wyfs02/M01/84/64/wKioL1ePLeWwYwI0AALl-fyBrOE174.png-wh_500x0-wm_3 -wmp_4-s_2348053342.png "style=" Float:none; "title=" 25.png "alt=" Wkiol1eplewwywi0aall-fybroe174.png-wh_50 "/>

The vulnerability has been successfully deployed, and then we can use sticky key vulnerabilities to modify the Windows power-on password.

Below we log off the computer into the Account Selection page, continuous click 5 times "Shift" key to call out the sticky key, will automatically pop up the cmd prompt box,

650) this.width=650; "Src=" Http://s4.51cto.com/wyfs02/M02/84/63/wKiom1ePLeXzEfy0AAEBqiQ2czY471.jpg-wh_500x0-wm_3 -wmp_4-s_3691883058.jpg "style=" Float:none; "title=" 26.jpg "alt=" Wkiom1eplexzefy0aaebqiq2czy471.jpg-wh_50 "/>

In this interface we enter the password change command "NET user administratorxxxx" (XXX indicates the password that needs to be changed) here I change the password to "123123", so my command is as follows:

650) this.width=650; "Src=" Http://s4.51cto.com/wyfs02/M02/84/64/wKioL1ePLeWANmYOAAI8zlOkvj4869.png-wh_500x0-wm_3 -wmp_4-s_2825351600.png "style=" Float:none; "title=" 27.png "alt=" Wkiol1eplewanmyoaai8zlokvj4869.png-wh_50 "/>

Press ENTER after successful input, prompt success

650) this.width=650; "Src=" Http://s4.51cto.com/wyfs02/M02/84/64/wKioL1ePLeagADYDAAM9Sx-Om-0915.png-wh_500x0-wm_3 -wmp_4-s_681274787.png "style=" Float:none; "title=" 28.png "alt=" Wkiol1epleagadydaam9sx-om-0915.png-wh_50 "/>

Below we can click on the administration account to enter the password just set "123123" can enter the system. This tutorial is now over, and you can use the Windows Sticky Key vulnerability to change the password to invade your computer.

This article is from the "11777008" blog, please be sure to keep this source http://11787008.blog.51cto.com/11777008/1828114

Change Windows administrator password with win7 operating system sticky key vulnerability

This article is an English version of an article which is originally in the Chinese language on aliyun.com and is provided for information purposes only. This website makes no representation or warranty of any kind, either expressed or implied, as to the accuracy, completeness ownership or reliability of the article or any translations thereof. If you have any concerns or complaints relating to the article, please send an email, providing a detailed description of the concern or complaint, to info-contact@alibabacloud.com. A staff member will contact you within 5 working days. Once verified, infringing content will be removed immediately.

A Free Trial That Lets You Build Big!

Start building with 50+ products and up to 12 months usage for Elastic Compute Service

Get Started for Free

Sales Support

1 on 1 presale consultation

Chat Contact Sales
After-Sales Support

24/7 Technical Support 6 Free Tickets per Quarter Faster Response

Open a Ticket
Alibaba Cloud offers highly flexible support services tailored to meet your exact needs.

Learn More