Shulou(Shulou.com)06/01 Report--

This article mainly introduces "how to bypass the authority barrier of the Vista system". In the daily operation, I believe that many people have doubts about how to bypass the authority barrier of the Vista system. The editor consulted all kinds of materials and sorted out simple and easy-to-use operation methods. I hope it will be helpful to answer the doubts of "how to bypass the authority barrier of the Vista system". Next, please follow the editor to study!

Rumor: first install another operating system on Vista, then rename the Windows\ System32\ cmd.exe of the Vista partition to Utilman.Exe, re-login to Vista, press the "Win+U" key combination in the login interface will appear the command line, type explorer to enter the system.

According to the analysis of the principle of this method, we think that the corresponding purpose can be achieved by using WinPE disk. First, delete the Utilman.Exe file in the System32 directory of the Vista system. Due to the unique protection measures of the Vista system, we use two deletion methods here.

The first is to use the "File violence deletion tool (download)" launched by the super patrol police. After running the program, click the "add file" button to select Utilman.Exe, and then click the "brute force delete" button to complete the delete operation (figure 1). The second is to find the Utilman.Exe file and delete the Utilman.Exe file by using the WinPE system resource manager command after starting the system with WinPE disk.

Figure 1

Then copy a command prompt file (CMD.exe in the C:\ Windows\ system32 folder) and rename it to Utilman.exe directly in the C:\ Windows\ System32 directory. Restart the Vista system. After the login interface of the Vista system appears, pressing the "Win+U" key combination will bring up a command prompt window (figure 2).

Figure 2

Now, you can enter the Vista system by typing explorer in the command prompt window, which also gives you the highest control rights. Through the test, it is found that at this time, we can directly control the programs in the menu, open all kinds of files, and run all kinds of programs, which is almost the same as using the computer normally. The only difference is that we do not have storage permissions. Cannot save the modified file (figure 3). However, in the command prompt window, a new system administrator account can be created using the net user command, and you can log in to the Vista desktop to do everything with the new administrator account.

Figure 3

Analysis of loophole principle

We can see that the whole operation was successful because the Utilman.exe file was replaced. We know that in Microsoft's system, there are many functions that help people with disabilities to operate, such as magnifying glass, sticky keys, readers and so on, and UtilMan.Exe happens to be the manager of these aids.

These functions can be activated with special keyboard shortcuts. When the files of these auxiliary functions are replaced, the Windows system will still activate the specified files according to the default settings, so the replaced files will be activated successfully. Because these auxiliary functions can be called before the user logs in, this causes the user to successfully log in to the Vista system by bypassing the login password verification in the login interface.

Temporary solution to loophole prevention

How should we guard against this loophole? At this point, we can use the image hijacking method commonly used by viruses. Hijack the Utilman.exe file directly. As long as the user uses this file or a file with this name in the future, the program we specified will run.

There are many ways to operate image hijacking. in order to take care of the needs of ordinary users, we can download a "Windows image hijacking exploiting program" from the Internet (note that this program will be diagnosed as a virus by antivirus software). After the program runs, follow the prompts of the program to enter option 1, and then you can set it according to the wizard.

After setting option 1, first enter the file name Utilman.Exe that needs to be hijacked. Then enter the path of the image hijacking, you'd better set it to an insignificant software, what we set here is the path of notepad. Finally, enter can complete the corresponding operation.

In the future, when the user presses the "Win+U" key combination again, he or she is ready to launch the file named Utilman.Exe. The system will start with the file of the hijacking path instead of the Utilman.Exe file according to the setting of image hijacking. Because other programs cannot load explorer, they cannot log in to the desktop of the system.

Summary

The permission barrier of the Vista system has been successfully bypassed, but we have also seen the security measures of Vista itself, so that users can only open files and do not have storage rights to files during illegal use. But there are always such low-level vulnerabilities in the Vista system, which can't help but scare users. Of course, for ordinary users, this loophole is not completely worthless. This method can be regarded as a temporary solution if the user forgets his password.

At this point, the study on "how to bypass the permission barrier of the Vista system" is over. I hope to be able to solve your doubts. The collocation of theory and practice can better help you learn, go and try it! If you want to continue to learn more related knowledge, please continue to follow the website, the editor will continue to work hard to bring you more practical articles!

Welcome to subscribe "Shulou Technology Information " to get latest news, interesting things and hot topics in the IT industry, and controls the hottest and latest Internet news, technology news and IT industry trends.