Vista/Win 7 Backdoor

  1. Boot with any live cd (Ubuntu/WinPE etc) to get access to windows file system
  2. rename c:\windows\system32\magnify.exe to magnify.exe.bak
  3. make a copy of c:\windows\system32\cmd.exe and rename that to magnify.exe
  4. reboot the machine, boot normally to windows by removing the live cd.
  5. once you see the “press ctrl alt del to login”, press “winkey + U”, this will bring up the Ease if Access window.
  6. Choose magnifyand hit ok, this will lauch that cmd.exe we placed before. this cmd.exe has full access to the system, you can call any program from here like compmgmt.msc and actually reset the admin password or create a new admin account.

Note: the following are the list of usefull mmc files

Certificates certmgr.msc
Indexing Service ciadv.msc
Computer Management compmgmt.msc
Device Manager devmgmt.msc
Disk Defragmenter dfrg.msc
Disk Management diskmgmt.msc
Event Viewer eventvwr.msc
Shared Folders fsmgmt.msc
Group Policy gpedit.msc
Local Users and Groups lusrmgr.msc
Removable Storage ntmsmgr.msc
Removable Storage Operator Requests ntmsoprq.msc
Performance perfmon.msc
Resultant Set of Policy rsop.msc
Local Security Settings secpol.msc
Services services.msc
Windows Management Infrastructure (WMI) wmimgmt.msc
Component Services comexp.msc

One thought on “Vista/Win 7 Backdoor

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s