Vista/Win 7 Backdoor

  1. Boot with any live cd (Ubuntu/WinPE etc) to get access to windows file system
  2. rename c:\windows\system32\magnify.exe to magnify.exe.bak
  3. make a copy of c:\windows\system32\cmd.exe and rename that to magnify.exe
  4. reboot the machine, boot normally to windows by removing the live cd.
  5. once you see the “press ctrl alt del to login”, press “winkey + U”, this will bring up the Ease if Access window.
  6. Choose magnifyand hit ok, this will lauch that cmd.exe we placed before. this cmd.exe has full access to the system, you can call any program from here like compmgmt.msc and actually reset the admin password or create a new admin account.

Note: the following are the list of usefull mmc files

Certificates certmgr.msc
Indexing Service ciadv.msc
Computer Management compmgmt.msc
Device Manager devmgmt.msc
Disk Defragmenter dfrg.msc
Disk Management diskmgmt.msc
Event Viewer eventvwr.msc
Shared Folders fsmgmt.msc
Group Policy gpedit.msc
Local Users and Groups lusrmgr.msc
Removable Storage ntmsmgr.msc
Removable Storage Operator Requests ntmsoprq.msc
Performance perfmon.msc
Resultant Set of Policy rsop.msc
Local Security Settings secpol.msc
Services services.msc
Windows Management Infrastructure (WMI) wmimgmt.msc
Component Services comexp.msc