<> one . Principle knowledge

When we use computers , Press continuously 5 second shift Key will pop up a program

Program name is “esthc.exe”, Its path is “c:\windows\system32\sethc.exe”.

The system vulnerability is partly due to Win7 and Win10 When not entering the system , You can press continuously 5 second shift Key pop-up
sethc.exe application program , Then make further use of it CMD window , Modify or delete the user password through instructions , To log in to a computer that does not know the password .

first , When not logged in to the system , Continuous press 5 second shift key , Pop up program “c:\windows\system32\sethc.exe”
Then forcibly shut down and find a way to enter “ Start repair ( recommend )” Interface , This interface exists A loophole , It can open a local error TXT file
adopt TXT Open options for files , Open before entering the system C Disk storage “sethc.exe” Location of , Then cmd.exe Make a copy of the program , And named
Restart the computer and press again 5 second Shift Key time , Will pop up CMD Interface , Then enter the command to modify Login password . Continuous press 5 second shift Key it will go C Called under disk directory sethc.exe program

be careful :Win7 and Win10 The system has patched the vulnerability , Therefore, system version update and patching are necessary One of the most important means of our defense .

<> two . Account password operation

SAM File storage Windows Your account and password , use Hash Algorithmic encryption , Irreversible . Treatment method blasting , But it takes time .

Add here CMD Common commands for modifying passwords in , Change the password through this method .

• CMD Tool path :c:\windows\system32\cmd
• User account password storage location :c:\windows\system32\config\SAM
• Modify account password :net user user name New password
• Create a new user :net user user name New password /add
• delete user :net user user name /del
• Prompt administrator :net localgroup administrators user name /add

<> three . Loophole recurrence

(1) Restart the computer , When appear “ Starting Windows” Interface time , Force the computer to shut down immediately .
This is a scenario that simulates a sudden power failure or abnormal shutdown in real life , To pop up “ Repair mode ”. I suggest you don't try it in a real computer .

(2) Then it will enter when you turn it on again “windows Error recovery ” Interface
(3) choice “ Start repair ( recommend )” option , It starts the repair

(4) Then prompt “ You want to use ‘ System restore ’ Restore computer ?” click “ cancel ”, It will continue Try to repair .

(5) He can't repair it automatically at this time , A new dialog box pops up
(6) It should be noted that , Click here “ View problem details ”, The loophole is hidden here . We don't need to understand its specific meaning , It is an internal problem report of Microsoft .

(7) When we pull down, we will see two hyperlinks , One is online remote access to Microsoft , the other one Is offline access to local TXT file , Click the second item here .

(8) Let's open this file , We don't care what its content is , It has a button to open the file .

(9) click “ file ”->“ open ”, Can see “ computer ”.

(10) Double click to open “ computer ”, At this time, although it does not enter the system , But you can see the disk partition

(11) At this point, it will have a local Notepad , Can be opened through it TXT file . Because it has not entered the system Unified , At present, there is no user concept , Therefore, it runs with the highest permission in this state . next
open “Windows”->“System32” folder

(12) find “sethc” file .

(13) take “sethc” Change the name to “123”, Press next time 5 second shift key , It can't find this again Executable file .

(14) Then find “cmd” file ,CMD The file is also in this directory , We want to make a sneak exchange , Let's press continuously 5 second shift Key call CMD, Then enter the command to modify the boot password .

(15) copy cmd program , Don't be right cmd Cause modification .

(16) Then rename , Change to “sethc”. The system will not verify what your content is , Just according to the procedure Name call executable .

(17) Close Notepad , Then finish starting the computer .

(18) At this point, we press again 5 second Shift key , The dialog box that pops up is cmd

(19) You can set a new password here , You can also set no password , Namely net user shimisi “” . At this point, you can successfully enter the system .

But this method has a disadvantage , It's ok if you forget your password , But if you change it Someone else's computer password , You'll know when others log in next time .

We can call “net paidx0 hahaha /add” Add new users , Log in to the system through a new user .

But just an ordinary user , Then you need to paidx0 Users are authorized to the administrators group . Call command “net localgroup administrators paidx0 /add

After being added as Administrator , Reset computer . paidx0 Entered the system as a system administrator .

After that, we need to delete the user , Eliminate traces . Call command “net user paidx0 /del”.