Vista/Win 7 Backdoor

  1. Boot with any live cd (Ubuntu/WinPE etc) to get access to windows file system
  2. rename c:\windows\system32\magnify.exe to magnify.exe.bak
  3. make a copy of c:\windows\system32\cmd.exe and rename that to magnify.exe
  4. reboot the machine, boot normally to windows by removing the live cd.
  5. once you see the “press ctrl alt del to login”, press “winkey + U”, this will bring up the Ease if Access window.
  6. Choose magnifyand hit ok, this will lauch that cmd.exe we placed before. this cmd.exe has full access to the system, you can call any program from here like compmgmt.msc and actually reset the admin password or create a new admin account.

Note: the following are the list of usefull mmc files

Indexing Serviceciadv.msc
Computer Managementcompmgmt.msc
Device Managerdevmgmt.msc
Disk Defragmenterdfrg.msc
Disk Managementdiskmgmt.msc
Event Viewereventvwr.msc
Shared Foldersfsmgmt.msc
Group Policygpedit.msc
Local Users and Groupslusrmgr.msc
Removable Storagentmsmgr.msc
Removable Storage Operator Requestsntmsoprq.msc
Resultant Set of Policyrsop.msc
Local Security Settingssecpol.msc
Windows Management Infrastructure (WMI)wmimgmt.msc
Component Servicescomexp.msc

Join the Conversation

1 Comment

Leave a comment

Your email address will not be published. Required fields are marked *

WordPress Appliance - Powered by TurnKey Linux