Skip to content

CYBER ARMS – Computer Security

Cybersecurity News and Business Computer Tips

CYBER ARMS – Computer Security

Tag: Utilman Bypass

Windows 8.1 and Server 2012 R2 – Still allow Login Bypass

Microsoft recently released preview evaluation versions of Windows 8.1 and their Server 2012 R2 Datacenter software. Nice to know that the old Utilman login bypass that has worked since Windows 95ish still works even on the latest and greatest.

A quick Linux boot and a simple rename of the original Utilman.exe out of the way. Make a duplicate copy of cmd.exe and rename it to Utilman.exe.

Utilman rename

Then just boot the system up and at the login screen press the Windows and “u” key.

And up pops a system level command prompt.

Easy peasy…

Here is a login screen for Server 2012 R2 Datacenter. Notice the “Press Control-Alt-Delete to sign in” message.

And notice the command prompt open with System level rights…

Utilman Bypass

Why hasn’t this been patched yet? Well, maybe because it is there on purpose. An old Microsoft support forum comment mentions that it is the recommended way to get into a server that you have lost credentials for.

And… It still works today on the latest software.

Didn’t try the sticky keys one, where if you rename another file you just hold down the “Shift” key for a few seconds and a command prompt opens. But I would assume that one still works too.

Note to admins – Physical access for the most part equals total access. Secure your data centers!

Author DieterlePosted on August 10, 2013August 10, 2013Categories Computer SecurityTags computer, linux boot, Login Bypass, Microsoft Server, microsoft support, Server 2012 R2, Software, Sticky Keys, technology, Utilman Bypass, Windows, Windows 8.1, Windows Security2 Comments on Windows 8.1 and Server 2012 R2 – Still allow Login Bypass

Cyber Arms Pages

  • About
  • Links
  • Site Usage & Disclaimer
  • Videos

NEW – Updated for 2018!

Copyright Notice

Copyright 2019 – Daniel Dieterle
All Rights Reserved

This site and any articles appearing on it may not be copied, published, broadcast or otherwise re-distributed without prior written permission.

RSS Symantec Latest Threats

  • ISB.Downloader!gen303
  • Ransom.Maze
  • CL.Downloader!gen144
  • ISB.Downloader!gen324
  • ISB.Downloader!gen318

RSS US-CERT Security Bulletins

  • Vulnerability Summary for the Week of November 25, 2019
  • Vulnerability Summary for the Week of November 18, 2019
  • Vulnerability Summary for the Week of November 11, 2019
  • Vulnerability Summary for the Week of November 4, 2019

RSS US-CERT Security Alerts

  • AA19-339A: Dridex Malware
  • AA19-290A: Microsoft Ending Support for Windows 7 and Windows Server 2008 R2
  • AA19-168A: Microsoft Operating Systems BlueKeep Vulnerability
  • AA19-122A: New Exploits for Unsecure SAP Systems

Security Magazines

[HACK]IN(SIGHT)

Security Resources

Categories

Cyber Arms Feedburner RSS

Subscribe in a reader

Site Awards

HomeSecuritySystems.net
HomeSecuritySystems.net

Green Gadgets

RSS SANS Institute Security Awareness Tip of the Day

  • Never Give Your Password Over the Phone
  • Never Share Your Passwords
  • Kids and Screenshots
  • Cloud Security
  • Security Technology Cannot Stop All Attacks

Cyberarms Monthly Archives

  • October 2019
  • August 2019
  • July 2019
  • January 2019
  • December 2018
  • October 2018
  • September 2018
  • August 2018
  • July 2018
  • May 2018
  • April 2018
  • March 2018
  • February 2018
  • January 2018
  • December 2017
  • September 2017
  • June 2017
  • March 2017
  • January 2017
  • August 2016
  • May 2016
  • April 2016
  • March 2016
  • February 2016
  • January 2016
  • November 2015
  • October 2015
  • September 2015
  • July 2015
  • June 2015
  • May 2015
  • March 2015
  • February 2015
  • January 2015
  • December 2014
  • November 2014
  • October 2014
  • September 2014
  • August 2014
  • July 2014
  • June 2014
  • May 2014
  • April 2014
  • March 2014
  • February 2014
  • January 2014
  • December 2013
  • November 2013
  • October 2013
  • September 2013
  • August 2013
  • July 2013
  • June 2013
  • May 2013
  • April 2013
  • March 2013
  • February 2013
  • January 2013
  • December 2012
  • November 2012
  • October 2012
  • September 2012
  • August 2012
  • July 2012
  • June 2012
  • May 2012
  • April 2012
  • March 2012
  • February 2012
  • January 2012
  • December 2011
  • November 2011
  • October 2011
  • September 2011
  • August 2011
  • July 2011
  • June 2011
  • May 2011
  • April 2011
  • March 2011
  • February 2011
  • January 2011
  • December 2010
  • November 2010
  • October 2010
  • September 2010
  • August 2010
  • July 2010
  • June 2010
  • May 2010
  • April 2010
  • March 2010
  • February 2010
  • January 2010
CYBER ARMS – Computer Security Create a free website or blog at WordPress.com.
Cancel
Privacy & Cookies: This site uses cookies. By continuing to use this website, you agree to their use.
To find out more, including how to control cookies, see here: Cookie Policy