My site has been moved!

You should be automatically redirected in 6 seconds. If not, visit
http://www.hackagenius.co.cc
and update your bookmarks.

Subscribe to web2feel.com
Subscribe to web2feel.com



Windows Vista – Backdoor Logon

Posted by smit sanghvi Tuesday, December 1, 2009

You would not expect it to be easy to create a backdoor logon.  Indeed, the technique described on this page does not threaten Vista security, unless someone has a Trojan horse program to prepare the way.  Whatever you make of this technique, you have to smile at Microsoft’s unintended meaning of ‘Ease of access’.

Windows Vista Backdoor logon
You might have seen this..

How the Vista Backdoor Logon Works

This back door method exploits the ‘Ease of Access’ menu at the bottom of a regular Windows Vista Logon.  Normally, if you click the Icon then you get a choice of help from Narrator, Magnifier and High Contrast.  The trick is to replace the file called Magnify.exe, with a file which is really cmd.exe.
Once you make the change, then when you select Magnifier from the Ease of Access dialog box, you enter the operating system at the command prompt.  The result is you can logon as the System account, without the need of a password.  One limitation is that your shell program is cmd.exe rather than explorer.  A more serious limitation is that in order to enter via this backdoor, you would need to install a Trojan horse program.  Another possibility is that you have logged on previously, and manually made the changes described below.
Rename Magnify backdoor logon

Mission to Create an Impostor instead of Magnify.exe

The idea is to change the programme names so that the hyperlink link called ‘Make items on the screen larger (Magnify)’, actually points to cmd.exe.  The result is that you open a back door logon to Vista.

Preliminary Step – Deal with Permissions

Problem: You cannot rename or delete the original Magnify.exe in Windows \system32.  Even though you are an administrator, even though UAC is enabled, all you get is this message:
‘You need permission to perform this action’
Solution: Take ownership of the file Magnify.exe, then change the permission for the Administrator’s group to Full control.  Then rename Maginify.exe to MagnifyOld.exe.
Vista Take Ownership Windows\system32


Main Step – Create the Impostor Magnify.exe

  1. Create a new folder called Ease
  2. Copy CMD.exe —> \Ease \cmd.exe
  3. Rename \Ease \cmd.exe —> Magnify.exe
  4. Copy \Ease \Magnify.exe —> Windows \system32\Magnify.exe
What you have achieved is that the old, relatively harmless, ‘Magnify’ becomes the more versatile cmd.exe.

Test Your ‘Ease of access’ Backdoor MethodVista Backdoor logon - Ease of access

  1. At the Vista Logon screen, click on Ease of access
  2. Check the box next to: Make Items on the screen Larger (Magnifier)
  3. Click ‘OK’
  4. You should now find yourself at the Command Prompt
  5. Try whoami  (System account)
  6. Try regedit

| edit post

0 comments

Post a Comment

Visit our new website

Our Newsletter

Enter your email address To Subscribe Us Via Email:

Our SMS Updates