Computer Performance, Microsoft Windows Vista


 

Windows Vista - Backdoor Logon

Windows Vista - Backdoor LogonWindows Vista Backdoor logon

You would not expect it to be easy to create a backdoor logon.  Indeed, the technique described on this page does not threaten Vista security, unless someone has a Trojan horse program to prepare the way.  Whatever you make of this technique, you have to smile at Microsoft's unintended meaning of 'Ease of access'.

How the Vista Backdoor Logon Works

This back door method exploits the 'Ease of Access' menu at the bottom of a regular Windows Vista Logon.  Normally, if you click the Icon then you get a choice of help from Narrator, Magnifier and High Contrast.  The trick is to replace the file called Magnify.exe, with a file which is really cmd.exe.

Once you make the change, then when you select Magnifier from the Ease of Access dialog box, you enter the operating system at the command prompt.  The result is you can logon as the System account, without the need of a password.  One limitation is that your shell program is cmd.exe rather than explorer.  A more serious limitation is that in order to enter via this backdoor, you would need to install a Trojan horse program.  Another possibility is that you have logged on previously, and manually made the changes described below.

Rename Magnify backdoor logon

 ♦

Mission to Create an Impostor instead of Magnify.exe

The idea is to change the programme names so that the hyperlink link called 'Make items on the screen larger (Magnify)', actually points to cmd.exe.  The result is that you open a back door logon to Vista.

Preliminary Step - Deal with Permissions

Problem: You cannot rename or delete the original Magnify.exe in Windows \system32.  Even though you are an administrator, even though UAC is enabled, all you get is this message:

'You need permission to perform this action'

Solution: Take ownership of the file Magnify.exe, then change the permission for the Administrator's group to Full control.  Then rename Maginify.exe to MagnifyOld.exe.

Vista Take Ownership Windows\system32

Main Step - Create the Impostor Magnify.exe

  1. Create a new folder called Ease
  2. Copy CMD.exe ---> \Ease \cmd.exe
  3. Rename \Ease \cmd.exe ---> Magnify.exe
  4. Copy \Ease \Magnify.exe ---> Windows \system32\Magnify.exe

What you have achieved is that the old, relatively harmless, 'Magnify' becomes the more versatile cmd.exe.

Test Your 'Ease of access' Backdoor MethodVista Backdoor logon - Ease of access

  1. At the Vista Logon screen, click on Ease of access
  2. Check the box next to: Make Items on the screen Larger (Magnifier)
  3. Click 'OK'
  4. You should now find yourself at the Command Prompt
  5. Try whoami  (System account)
  6. Try regedit
  7. Feel the power!

Guy Recommends: SolarWinds Engineer's Toolset v10Engineer's Toolset v10

The Engineer's Toolset v10 provides a comprehensive console of utilities for troubleshooting computer problems.  Guy says it helps me monitor what's occurring on the network, and the tools teaches me more about how the system literally operates.

There are so many good gadgets, it's like having free rein of a sweetshop. Thankfully the utilities are displayed logically: monitoring, discovery, diagnostic, and Cisco tools.  Download your copy of the Engineer's Toolset v 10

Modifications to the 'Ease of Access' backdoor

You could apply the same back door technique that I suggested for Magnify.exe to Narrator.exe.  Another modification is to substitute other programs for cmd.exe.  I tried explorer.exe, but that did not work for me.  However, a reader wrote in suggesting this neat technique:

After you replace magnify.exe with a copy of cmd.exe, you can get an explorer window. In the DOS windows type "explorer"
This will give you a start menu at the bottom edge of the screen. Now alt-tab to the "Desktop" and you'll see system user's desktop.

Winlogon will go full screen each time it gets focus, but alt-tabbing to "Desktop" will get you back to explorer's desktop.  If your active program loses focus and the login screen takes over, just alt-tab back to your previous app.

Summary of Vista Backdoor Logon

The idea behind this Vista backdoor logon is to re-program the Magnify or Narrator.  As a result, if you call for 'Ease of access', then you can logon by pressing Narrator or Magnifier.  With this technique, you logon as the System account without the need to supply a password.  One limitation, that I have yet to overcome, is that you have a command prompt shell rather than an explorer shell.

Windows Vista Training

TrainSignal - Recommended Vista Training VideosTrain Signal have an excellent Windows Vista Training Course.  As an MCT trainer, I am a huge advocate of Train Signal’s products.  What impresses is me is that they demonstrate everything that they teach and they stay away from traditional 'lecture-style' training.  If you are looking for a complete DETAILED coverage of Windows Vista, then I highly recommend that you give this course a try.  I have reviewed their 18 hours of videos myself, and I guarantee that you will not be disappointed!

Watch a Vista Training Video Demo.

Windows Vista Security:

 

Other Sections

 *


Google

Web  This website

Review of Orion NPMGuy Recommends: Orion's NPM - Network Performance Monitor

Orion's performance monitor is designed for detecting network outages. A network-centric view make it easy to see what's working, and what needs your attention.

This utility guides you through troubleshooting by indicating whether the root cause is faulty equipment or resource overload.

Download a free trial of the Network Performance Monitor

 

Home Copyright © 1999-2010 Computer Performance LTD All rights reserved

Please report a broken link, or an error.