Leverage change Windows7 sticky key vulnerability hack login password

Source: Internet
Author: User

take advantage of changes Windows7 sticky key Vulnerability hack login password

Experiment Introduction :

 The main content of this experiment is to changeWindows7administrator permissions in the kernel, and then use the"Command Prompt" (Cmd.exe) to override the sticky key (Sethc.exe) vulnerability, to crackWin7System login Password.


get down to the chase. :

1. go to the computer, open C - plate .

650) this.width=650; "Src=" Http://s2.51cto.com/wyfs02/M00/84/16/wKioL1eFoxeyO8gGAAKKaWasSz0788.png-wh_500x0-wm_3 -wmp_4-s_2129440684.png "style=" Float:none; "title=" 1.png "alt=" Wkiol1efoxeyo8ggaakkawassz0788.png-wh_50 "/>

2. Open the Windows folder.

650) this.width=650; "Src=" Http://s4.51cto.com/wyfs02/M00/84/17/wKiom1eFoxyxPyZFAAJv-kjdbvY527.png-wh_500x0-wm_3 -wmp_4-s_2378869641.png "style=" Float:none; "title=" 2.png "alt=" Wkiom1efoxyxpyzfaajv-kjdbvy527.png-wh_50 "/>

3 , right-click Windows in the folder System32 folder , select Properties

650) this.width=650; "Src=" Http://s1.51cto.com/wyfs02/M01/84/16/wKioL1eFox2B1MeeAACfo_DEnYs269.png-wh_500x0-wm_3 -wmp_4-s_4252366129.png "style=" Float:none; "title=" 3.png "alt=" Wkiol1efox2b1meeaacfo_denys269.png-wh_50 "/>

650) this.width=650; "Src=" Http://s3.51cto.com/wyfs02/M01/84/17/wKiom1eFox7xQdmCAAF2gzZS5gM257.png-wh_500x0-wm_3 -wmp_4-s_4037524226.png "style=" Float:none; "title=" 4.png "alt=" Wkiom1efox7xqdmcaaf2gzzs5gm257.png-wh_50 "/>

4. Click "Advanced"in the dialog box.

650) this.width=650; "Src=" Http://s2.51cto.com/wyfs02/M02/84/17/wKioL1eFoyDAg1r9AAJ_WU1F4UQ996.png-wh_500x0-wm_3 -wmp_4-s_145070734.png "style=" Float:none; "title=" 5.png "alt=" Wkiol1efoydag1r9aaj_wu1f4uq996.png-wh_50 "/>

5. Click on "owner" in the Pop-up dialog and click Edit.


650) this.width=650; "Src=" Http://s2.51cto.com/wyfs02/M01/84/17/wKioL1eFoyLg37phAAILmAOXbzg457.png-wh_500x0-wm_3 -wmp_4-s_2432240745.png "style=" Float:none; "title=" 6.png "alt=" Wkiol1efoylg37phaailmaoxbzg457.png-wh_50 "/>

5. Select the Management group and click "OK". The intent here is to change the hidden primary administrator in the WIN7 system to an existing computer administrator.

650) this.width=650; "Src=" Http://s1.51cto.com/wyfs02/M02/84/17/wKiom1eFoy6zER4sAAOijqXapqI777.png-wh_500x0-wm_3 -wmp_4-s_372387507.png "style=" Float:none; "title=" 7.png "alt=" Wkiom1efoy6zer4saaoijqxapqi777.png-wh_50 "/>

6. go back to the parent dialog, click the "Permissions" option, select the Admin user group, and then click on the "Change Permissions" button.

650) this.width=650; "Src=" Http://s5.51cto.com/wyfs02/M00/84/17/wKioL1eFozDROnTeAAJvVIJ2q9E571.png-wh_500x0-wm_3 -wmp_4-s_202163311.png "style=" Float:none; "title=" 8.png "alt=" Wkiol1efozdronteaajvvij2q9e571.png-wh_50 "/>

7. in the dialog box, select the Administrators group, and then tick " Replace all child object permissions with permissions that can be inherited from this object " , then click "OK" button.


650) this.width=650; "Src=" Http://s3.51cto.com/wyfs02/M01/84/17/wKiom1eFozPBDOpcAAGCslh0jRo306.png-wh_500x0-wm_3 -wmp_4-s_3011883870.png "style=" Float:none; "title=" 9.png "alt=" Wkiom1efozpbdopcaagcslh0jro306.png-wh_50 "/>

8. Then it will pop up two dialog boxes and click "Yes"all the time.


650) this.width=650; "Src=" Http://s3.51cto.com/wyfs02/M00/84/17/wKiom1eFozjBJCg7AANBymH9-kE834.png-wh_500x0-wm_3 -wmp_4-s_1026488993.png "style=" Float:none; "title=" 10.png "alt=" Wkiom1efozjbjcg7aanbymh9-ke834.png-wh_50 "/>

650) this.width=650; "Src=" Http://s2.51cto.com/wyfs02/M00/84/17/wKioL1eFozuik_nHAAM2HMaFqRM444.png-wh_500x0-wm_3 -wmp_4-s_2278247663.png "style=" Float:none; "title=" 11.png "alt=" Wkiol1efozuik_nhaam2hmafqrm444.png-wh_50 "/>

9. wait for the permission file to be imported into the "Administrator" Administrator group account.


650) this.width=650; "Src=" Http://s3.51cto.com/wyfs02/M01/84/17/wKiom1eFoz7B0ls8AALoEYvicf8435.png-wh_500x0-wm_3 -wmp_4-s_1358935118.png "style=" Float:none; "title=" 12.png "alt=" Wkiom1efoz7b0ls8aaloeyvicf8435.png-wh_50 "/>


After the file import is successful, click the "OK" button to return to the parent menu.

650) this.width=650; "Src=" Http://s1.51cto.com/wyfs02/M02/84/17/wKioL1eFo0HypfNVAAIH7End8eo690.png-wh_500x0-wm_3 -wmp_4-s_2223274700.png "style=" Float:none; "title=" 13.png "alt=" Wkiol1efo0hypfnvaaih7end8eo690.png-wh_50 "/>


once again, go back to the System32 Property interface and click on the "edit" button.

650) this.width=650; "Src=" Http://s4.51cto.com/wyfs02/M00/84/17/wKiom1eFo0HRL4USAAC5Lm5ld6Y063.png-wh_500x0-wm_3 -wmp_4-s_3928370611.png "style=" Float:none; "title=" 14.png "alt=" Wkiom1efo0hrl4usaac5lm5ld6y063.png-wh_50 "/>

Select "Administrators"in the popup screen and tick "Full Control" in the permission bar option, all permissions are checked, then click "OK" button.


650) this.width=650; "Src=" Http://s5.51cto.com/wyfs02/M01/84/17/wKioL1eFo0WhMM-mAAHGdNvzFQ0246.png-wh_500x0-wm_3 -wmp_4-s_3715624645.png "style=" Float:none; "title=" 15.png "alt=" Wkiol1efo0whmm-maahgdnvzfq0246.png-wh_50 "/>


back to the property interface, click the "OK" button to save the exit. (As of this step, the system administrator group permissions have all been opened and the kernel files can be edited and changed.) )

650) this.width=650; "Src=" Http://s2.51cto.com/wyfs02/M02/84/17/wKiom1eFo0aA9rk9AAFYN81HyLs187.png-wh_500x0-wm_3 -wmp_4-s_1014611987.png "style=" Float:none; "title=" 16.png "alt=" Wkiom1efo0aa9rk9aafyn81hyls187.png-wh_50 "/>



Start Menu input "cmd", find cmd command Prompt program, right click on the program select " Run as administrator (if you are not running as an administrator, you will need to type "cd system32" in the cmd dialog boxto enter the System32 folder, and then perform the next steps).



650) this.width=650; "Src=" Http://s2.51cto.com/wyfs02/M00/84/17/wKioL1eFo0fj6OipAAD9JsUYxqk026.png-wh_500x0-wm_3 -wmp_4-s_2460811728.png "style=" Float:none; "title=" 17.png "alt=" Wkiol1efo0fj6oipaad9jsuyxqk026.png-wh_50 "/>




in the dialog box, type "copy cmd.exe sethc.exe "(meaning to replace the sticky key program file with cmd command file), then tap Enter, follow the prompts for "Y", show copied, and replace the file successfully.



650) this.width=650; "Src=" Http://s4.51cto.com/wyfs02/M02/84/17/wKioL1eFpXzhiDMPAAUSVjIxOq8383.png-wh_500x0-wm_3 -wmp_4-s_296797496.png "style=" Float:none; "title=" 18.png "alt=" Wkiol1efpxzhidmpaausvjixoq8383.png-wh_50 "/>



.logout System, continuous press5TimesShiftKey (the original is to bring up the sticky key, but we have replaced the program file with thecmdcommand Prompt program, so it pops upcmdProgram dialog box). In the dialog box, type the change administrator login password command "net user Administrator 123456" .



650) this.width=650; "Src=" Http://s3.51cto.com/wyfs02/M02/84/17/wKioL1eFpYbApp5wAAWkLEfB6VU386.png-wh_500x0-wm_3 -wmp_4-s_576745333.png "style=" Float:none; "title=" 19.png "alt=" Wkiol1efpybapp5waawklefb6vu386.png-wh_50 "/>


to hit enter, the dialog prompts the command to complete successfully and the login password is successfully replaced.



650) this.width=650; "Src=" Http://s3.51cto.com/wyfs02/M01/84/18/wKiom1eFpZPBem1FAAYQ-3LqJU8190.png-wh_500x0-wm_3 -wmp_4-s_1396238496.png "style=" Float:none; "title=" 20.png "alt=" Wkiom1efpzpbem1faayq-3lqju8190.png-wh_50 "/>


in the User Login password box, enter the password "123456"that you just changed, and tap enter to log in.



650) this.width=650; "Src=" Http://s5.51cto.com/wyfs02/M02/84/18/wKiom1eFpaLgqCZ9AAgoImJ1fQ0855.png-wh_500x0-wm_3 -wmp_4-s_2179369184.png "style=" Float:none; "title=" 21.png "alt=" Wkiom1efpalgqcz9aagoimj1fq0855.png-wh_50 "/>


The successful completion of this experiment.



650) this.width=650; "Src=" Http://s3.51cto.com/wyfs02/M00/84/17/wKioL1eFpbSxP4xyAAcdDEdB8ng674.png-wh_500x0-wm_3 -wmp_4-s_1152819239.png "style=" Float:none; "title=" 22.png "alt=" Wkiol1efpbsxp4xyaacddedb8ng674.png-wh_50 "/>




This article from the "11776927" blog, reproduced please contact the author!

Use change Windows7 sticky key to crack login password

Contact Us

The content source of this page is from Internet, which doesn't represent Alibaba Cloud's opinion; products and services mentioned on that page don't have any relationship with Alibaba Cloud. If the content of the page makes you feel confusing, please write us an email, we will handle the problem within 5 days after receiving your email.

If you find any instances of plagiarism from the community, please send an email to: info-contact@alibabacloud.com and provide relevant evidence. A staff member will contact you within 5 working days.

A Free Trial That Lets You Build Big!

Start building with 50+ products and up to 12 months usage for Elastic Compute Service

  • Sales Support

    1 on 1 presale consultation

  • After-Sales Support

    24/7 Technical Support 6 Free Tickets per Quarter Faster Response

  • Alibaba Cloud offers highly flexible support services tailored to meet your exact needs.