[Windows 7] Exploitation Of Windows 7 Start Up Repair and Sticky Keys

Discussion in 'Computer Tutorials' started by Luglige, May 29, 2016.

  1. Luglige
    OP

    Member Luglige Modest Mouse Fan

    Joined:
    Jan 24, 2016
    Messages:
    1,168
    Location:
    Can I Leave This Blank?
    Country:
    Antarctica
    <!--Not Liable for Damages To System or Any Misuse Of Info-->
    <!--Please read the comments in the "Source Of Info" May not work and can mess up your system->


    Exploitation of Windows Startup Repair and Sticky Keys:

    Boot windows when you see "Starting Windows" Turn off system.

    [​IMG]

    Turn on system than boot into windows this should pop up:

    [​IMG]

    Click "Launch Startup Repair (recommended)
    Let it do it's stuff. When you get this screen push "Cancel" (MUST DO THIS DO NOT CLICK "Restore")

    [​IMG]

    After pushing cancel it should pop up this Screen:

    [​IMG]

    Click on "Show problem details" then scroll down to the bottom and click the link on the very bottom. Notepad should open up. In notepad click File/Open then double click your Local Disk (The below picture is D: because of virtual box but your's should be C: if not using virtual box.)

    [​IMG]

    Once in your "Local Disk" click "Windows" then "System32" DO EVERYTHING I DO FROM THIS POINT! IF NOT YOU MAY BREAK YOUR COMPUTER! Scroll down and find "cmd," then make a copy of it in the same folder (Ctrl-C, Ctrl-V). You should get a file named "cmd - Copy" or something like that. :

    [​IMG]

    Then find "sethc" in the same folder. This file runs Sticky Keys (That thing when you click shift to many times.) Rename it to "sethc 1":

    [​IMG]

    Then rename your copy of cmd ("cmd - Copy") to "sethc"

    [​IMG]

    Now exit Notepad and turn off your computer either by clicking "Finish" or Restart it manually. Now it should boot up to the login screen:

    [​IMG]

    Click shift 5 times to open up cmd (As seen as above)
    Next, we need to find out your local administrator is. To do this type in (To the cmd) "net localgroup Administrators" This will show all the admins on your PC look for an administrator account that does not have your school/work domain in front of it followed by "./" As you can see, one of the admins is named "qwaszx." This is common for schools to use random strings to ward off evil spirits (Kids).

    [​IMG]

    Now we need to change the admin password to do so type (Into cmd) "net user <ACCOUNT NAME HERE> *" Then type in your new password twice (Into cmd) Now you can log on to the admin account! But some schools/workplaces like to disable this account if so just go and do the following things:

    [​IMG]

    If admin disabled type "net user <ACCOUNT NAME HERE> /active:yes" This will allow you to access the admin account.

    [​IMG]

    (SOURCE OF INFO)
     
    Last edited by Luglige, Jun 16, 2016


  2. Luglige
    OP

    Member Luglige Modest Mouse Fan

    Joined:
    Jan 24, 2016
    Messages:
    1,168
    Location:
    Can I Leave This Blank?
    Country:
    Antarctica
    <Reserved>
    </Reserved>
     
  3. Luglige
    OP

    Member Luglige Modest Mouse Fan

    Joined:
    Jan 24, 2016
    Messages:
    1,168
    Location:
    Can I Leave This Blank?
    Country:
    Antarctica
    xD
     
  4. ih8ih8sn0w

    Member ih8ih8sn0w Koreaboo

    Joined:
    Aug 22, 2015
    Messages:
    1,608
    Location:
    Hell
    Country:
    United States
    This reminds me of a thing I saw a while back where you replaced the assistive controls thing (the thing at one of the bottom corners that has high contrast, on screen keyboard, etc.) with CMD to change the admin password. Either way, great guide. The lack of some guy with a mic making background noise and at the same time using notepad to say everything, or windows movie maker blue text screens is always a plus. You might want to include to change the files back later on (because sticky keys is the single most important program on windows) so they don't end up opening cmd when pressing shift 5 times...
     
  5. Luglige
    OP

    Member Luglige Modest Mouse Fan

    Joined:
    Jan 24, 2016
    Messages:
    1,168
    Location:
    Can I Leave This Blank?
    Country:
    Antarctica
    Ok. Thx for enjoying the guide!
     
  6. Luglige
    OP

    Member Luglige Modest Mouse Fan

    Joined:
    Jan 24, 2016
    Messages:
    1,168
    Location:
    Can I Leave This Blank?
    Country:
    Antarctica
    The IT at my old school was really bad! Even funnier is that the internet went out every 5 minutes.
     
  7. Luglige
    OP

    Member Luglige Modest Mouse Fan

    Joined:
    Jan 24, 2016
    Messages:
    1,168
    Location:
    Can I Leave This Blank?
    Country:
    Antarctica
    -sigh- My moms password to her computer is my dad's birthday...

    — Posts automatically merged - Please don't double post! —

    Yah it's gone.
     
    RyDog likes this.
  8. FireEmblemGuy

    Member FireEmblemGuy Finally hit 1000 posts

    Joined:
    Jul 6, 2007
    Messages:
    2,307
    Location:
    Michigan, USA
    Country:
    United States
    You want to hear a story about lazy school IT? It's a bit long-winded and there's no huge payoff, but I figure I might as well share.

    Back in my senior year of high school, our Advanced Math II class (basically an entry-level college trig/pre-calc class) got the dubious honor of being the pilot program for an online course system (our school's first, anyways; seems like their provider had been around a few years already) as none of the teachers could really teach it; in previous years students were technically under the supervision of the Advance Math I teacher in the same hour he taught that class (which was only one hour of the day as he was also the gym teacher - it wasn't a large school by any means), but after checking in for attendance they'd go off to the cafeteria and do self-study/group study with the guidance councilor or office aides checking in every once in a while.

    Anyways, since a local computer reseller/ISP had donated a bunch of new machines a year or two prior, this didn't seem like such a bad deal. Unfortunately, those were all in the main computer lab; the dozen of us taking the course got stuck in the library's research/printing room. We got a box of ratty 99 cent headsets that likely never got cleaned and a bunch of turn-of-the-century Dells designed for Windows 98, somehow limping along with the rest of the network's XP upgrade (although trying to enable standard desktop features instead of Classic mode would basically render the machine unusable until reboot). We all had network accounts with a decent amount of storage space, and had since at least as far back as '98-'99, so using the machines wasn't an issue, but following the directions for the online course proved impossible: the lecture videos wouldn't play at all on the horribly outdated version of IE installed on our machines.

    So on the third or fourth day of the semester, after pretty much all of us complained to the office or our 'teacher' that we couldn't actually take our course, the IT guys came in at the beginning with a solution: "So you're gonna look in your network folder and there'll be an orange-and-blue icon called 'Firefox'..."

    And of course this didn't really solve the issue: all they gave us was an installer for Firefox, instead of installing it themselves. Our user accounts could install Firefox locally, but any changes would be undone at logout; even if we used the same machine every day, we'd still have to waste 5-10 minutes of our 55-minute class period installing Firefox. We could work ahead if we were fast enough, or even work from home, but at least half of us lived outside of town, so the options were dial-up or a very terrible 3mb/s wireless service that felt like they were leeching off AT&T's 3G towers and throttling down every time they got nervous someone might notice.

    By the end of the first month more than half the class had dropped; of the five or six of us that stayed I think only half actually passed the class. Somehow the whole fiasco wasn't enough to turn them off from the program; by the second semester they were using it for certain remedial/special ed classes, and by the time my brother graduated four years later I know they'd switched over at least their Spanish program.

    Anyways, tl;dr version: decent system administrators for generally low-tech areas that don't feel they need one in the first place are hard to come by.

    I can't even count the amount of hours I wasted having to remove shady malware from the family computer after my brothers or mom would download totally-legit-I-swear movies/music/porn (at least clear the download history, guys) off of Limewire or Frostwire. The irony is that I got bitched out the first time I installed Firefox on that machine because they thought it would make the machine more susceptible to viruses.

    Even now, I'll end up having to bang my head into a wall trying to do IT for my parents. My mom called a few weeks ago freaking out because the trackpad on her laptop stopped working after my dad turned it off. Turns out one of them accidentally pressed the Fn combo that disabled the built-in trackpad and buttons. She's been using computers regularly for twenty years and my dad used to be a software engineer. Go figure.
     
    Last edited by FireEmblemGuy, May 30, 2016
    Luglige and RyDog like this.
  9. Luglige
    OP

    Member Luglige Modest Mouse Fan

    Joined:
    Jan 24, 2016
    Messages:
    1,168
    Location:
    Can I Leave This Blank?
    Country:
    Antarctica
    Reminds me how I would get more "Game Time" on a school website.
     
  10. Luglige
    OP

    Member Luglige Modest Mouse Fan

    Joined:
    Jan 24, 2016
    Messages:
    1,168
    Location:
    Can I Leave This Blank?
    Country:
    Antarctica
    Lol. Stick in there.
     
    Last edited by Luglige, May 30, 2016
  11. FireEmblemGuy

    Member FireEmblemGuy Finally hit 1000 posts

    Joined:
    Jul 6, 2007
    Messages:
    2,307
    Location:
    Michigan, USA
    Country:
    United States
    Yeah, I don't know what the media program's like these days, but at least we had modern iMacs for our media class, and even then all we did with them was browser-based yearbook editing, light A/V editing for Class of 20xx grad videos, occasional film assignments, etc.; we were never expected to do more than basic Office and research stuff on the other computers either.

    College is a whole different ballpark, thankfully, but IT's still sketchy. I moved even further up north thanks to Northern Michigan being surrounded by great forest, cliff, and 'mountain' hiking within walking distance of town, and some nice Lake Superior shoreline, but they're really up on the tech, to the point of issuing students new (leased) laptops every couple years and having a robust free off-campus internet system. When I first enrolled it was bad, with the new machines running Windows 7 on the bare minimum, with probably some of the lowest-quality Thinkpads I'd seen in years. I re-enrolled a couple years ago and it's much better now - ultrabooks well above minimum spec (I can even get decent framerates on MGSV and Tales of Zestiria) and the WiMAX system is being replaced by a free, unlimited LTE system (on a band most US cell phones can't abuse) across the city and a few surrounding towns; I've been able to push around 25mbps everywhere I've used it. Unfortunately the tech team's solution to everything is to reimage your notebook, and they never even made a new image for the new ones - just the ones for the 2013/14 machines, complete with Windows 8 (not 8.1) and driver sets for completely different machines. Even a Windows XP VirtualBox image, even though virtualization technology is turned off without the ability to re-enable it in the BIOS. I had to take mine in to get an LTE card installed, and since I was running Windows 10 they insisted it wouldn't work. I told them that was fine, just install it and I'll figure out the driver issues myself. They refused and reimaged to Windows 8. It shouldn't be a surprise to learn that the LTE works fine with both Windows 10 and Arch Linux.
     
  12. Luglige
    OP

    Member Luglige Modest Mouse Fan

    Joined:
    Jan 24, 2016
    Messages:
    1,168
    Location:
    Can I Leave This Blank?
    Country:
    Antarctica
    But in all seriousness you should get into the IT biz.
     
  13. Dorimori

    Member Dorimori professional lurker

    Joined:
    Mar 17, 2016
    Messages:
    409
    Location:
    possibly in your closet
    Country:
    United States
    I've seen this before, but next week is the last week of school.

    I might try this and get into some deep shit lol
     
  14. mgrev

    Member mgrev Legit Gladiator

    Joined:
    Apr 13, 2015
    Messages:
    1,789
    Location:
    Under Tomato Hentai's stairs
    Country:
    Norway
    you could replace Utilman.exe instead, so you can just click the icon in the lower right to open CMD if sticky keys doesn't work. and imo it's better
     
  15. Luglige
    OP

    Member Luglige Modest Mouse Fan

    Joined:
    Jan 24, 2016
    Messages:
    1,168
    Location:
    Can I Leave This Blank?
    Country:
    Antarctica
    But you want people to not know that you just 'hacked' the persons computer, Oh wait I can't speak un ethical. By a security specialist standpoint it would be a pain in the butt. No one uses sticky keys anyway.

    Also sorry about the pictures, I think Evilzone is offline at the moment as I wrote the guide there and I just copied and pasted the guide over here. I'm gonna try and fix it later.
     
  16. Youkai

    Member Youkai Demon

    Joined:
    Jul 1, 2004
    Messages:
    2,016
    Location:
    Germany , NRW
    Country:
    Germany
    there are enough schools that would kick you out for doing this ....

    Actually you see this tutorial EVERYWHERE ! even though slighty different as you usually replace ultiman.exe with the cmd and than you can just create yourself an admin account and login to the computer (still if the PC is in a domain you could only create and login to a local account)
    With XP you could just boot into the safe mode and could just login as an admin without a password XD no idea if this still works ...
    As we use a Domain at work I usually do not need to crack open any accounts ^^
     
  17. Luglige
    OP

    Member Luglige Modest Mouse Fan

    Joined:
    Jan 24, 2016
    Messages:
    1,168
    Location:
    Can I Leave This Blank?
    Country:
    Antarctica
    That's Cool! My school's IT is pretty bad. I have to fix the stuff around there. The principle even gave me the name "Resident IT"
     
  18. mgrev

    Member mgrev Legit Gladiator

    Joined:
    Apr 13, 2015
    Messages:
    1,789
    Location:
    Under Tomato Hentai's stairs
    Country:
    Norway
    our school has almost no security at all. the BIOS settings doesn't even have a password. no site is blocked here either. (sometimes they block for the students only, but then i'll just spoof my MAC-adress
     
  19. Luglige
    OP

    Member Luglige Modest Mouse Fan

    Joined:
    Jan 24, 2016
    Messages:
    1,168
    Location:
    Can I Leave This Blank?
    Country:
    Antarctica
    xD I was able to boot a certain custom OS on the computers at my school.
     
  20. mgrev

    Member mgrev Legit Gladiator

    Joined:
    Apr 13, 2015
    Messages:
    1,789
    Location:
    Under Tomato Hentai's stairs
    Country:
    Norway
    i use drivedroid on my phone and i might carry a bootable usb with linux mint or something
     

Share This Page