Microsoft recently released preview evaluation versions of Windows 8.1 and their Server 2012 R2 Datacenter software. Nice to know that the old Utilman login bypass that has worked since Windows 95ish still works even on the latest and greatest.
A quick Linux boot and a simple rename of the original Utilman.exe out of the way. Make a duplicate copy of cmd.exe and rename it to Utilman.exe.
Then just boot the system up and at the login screen press the Windows and “u” key.
And up pops a system level command prompt.
Easy peasy…
Here is a login screen for Server 2012 R2 Datacenter. Notice the “Press Control-Alt-Delete to sign in” message.
And notice the command prompt open with System level rights…
Why hasn’t this been patched yet? Well, maybe because it is there on purpose. An old Microsoft support forum comment mentions that it is the recommended way to get into a server that you have lost credentials for.
And… It still works today on the latest software.
Didn’t try the sticky keys one, where if you rename another file you just hold down the “Shift” key for a few seconds and a command prompt opens. But I would assume that one still works too.
Note to admins – Physical access for the most part equals total access. Secure your data centers!
nothing to patch here… you can do more or less the same to with each operating system, as long as you have physical access. if you want to harden your systems, use bitlocker/tpm.
imp
Very true, physical access almost always means total access. Bitlocker is okay, but if you can get a remote shell after the system is booted, bitlocker does not help at all. š