Windows 8 Backdoor Login
This backdoor login method has been around since Vista, I keep looking to see if Microsoft has plugged this security breech, but incredibly when I last looked in Windows 8 it was still possible to access the system without providing a username or password.
Once you have finished building my little Trojan horse you can login by clicking the 'Ease of access' icon situated at the bottom left of the main login screen. Amazingly, this will take you straight to the Windows\System32 folder where you are logged on as the system account. At no stage did you enter a username, never mind a password.
We are going to exploit knowledge that the 'Ease of access' Icon is wired to Utilman.exe. At the heart of my plan is renaming utilman.exe to utilman_orig.exe, then creating a copy of cmd.exe and finally, renaming 'cmd copy.exe' to utilman.exe.
One more fact you should know about our plan, we have to login as an administrator to prepare the ground before we can subsequently make use of this secret entrance.
Minor Setback - File Permissions Problems
Utilman.exe is found in the Window\System32 folder and this location gives the file a measure of protection from any renaming. However, we can outsmart Windows 8's security by taking ownership of the file, giving ourselves full control, then renaming it as planned.
I like the Permissions Analyzer because it enables me to see WHO has permissions to do WHAT at a glance. When you launch this tool it analyzes a users effective NTFS permissions for a specific file or folder, and takes into account network share access, then displays the results in a nifty desktop dashboard!
Think of all the frustration that this free SolarWinds utility saves when you are troubleshooting authorization problems for user's access to a resource. Give this permissions monitor a try - it's free!
Only when you have usurped the TrustedInstaller by taking ownership can you change the permissions - and you will need full control to rename this file.
Once you have completed the above tasks the login is unbelievably easy; at the main login menu click the 'Ease of access icon', see arrow below.
One tiny point, you may need to press enter to get rid of the splash screen and see this symbol at the bottom of the main login screen.
LEM will alert you to problems such as when a key application on a particular server is unavailable. It can also detect when services have stopped, or if there is a network latency problem. Perhaps this log and event management tool's most interesting ability is to take corrective action, for example by restarting services, or isolating the source of a maleware attack.
Yet perhaps the killer reason why people use LEM is for its compliance capability, with a little help from you, it will ensure that your organization complies with industry standards such as CISP or FERPA. LEM is a really smart application that can make correlations between data in different logs, then use its built-in logic to take corrective action, to restart services, or thwart potential security breaches - give LEM a whirl.
One pleasant benefit of this secret second logon is that you can logon with a Remote Desktop Connection at the same time as using the back door login. Regrettably, I have yet to find a way of launching the normal Windows GUI, typing 'Explorer' does not work; still, there is still lots you can do from the cmd or PowerShell interfaces. And when you have finished type 'exit'.
Naively, I used to think you had to logon before it was possible to create this secret trap-door; but then Bruce G, contacted me with techniques to rename cmd.exe to utilman.exe on a locked machines.
Probably the easiest trick is this:
Reboot the machine normally
Another methods would be to remove the hard disk, make it a slave in a machine where you have access, and rename utilman.exe as above.
Whatever you make of these techniques, you have to smile at Microsoft's unintended meaning of 'Ease of access'.
As for other Microsoft operating system back doors, this is what the company says:
"Microsoft has not and will not put 'backdoors' into Windows," a company spokeswoman said, reacting to a Computerworld story Wednesday.
On Monday, Richard Schaeffer, the NSA's information assurance director, told the Senate's Subcommittee on Terrorism and Homeland Security that the agency had partnered with the developer during the creation of Windows 7 "to enhance Microsoft's operating system security guide." See more on backdoor logins.
Summary of Windows 8 Backdoor Login
The idea behind this Windows 8 backdoor login is to re-program Utilman. As a result, if you call for 'Ease of access', then you can login as the System account without the need to supply a password. One limitation, that I have yet to overcome, is that you have a command prompt shell rather than an Windows Explorer GUI.
If you like this page then please share it with your friends
Microsoft Windows 8 Install Related Topics