Thursday, June 19, 2008

Backdooring Windows (XP, Vista) Authentication

From the Windows login screen there is one accessible application, the Utility Manager (c:\windows\system32\utilman.exe). You can access this by pressing win key + U. To add a backdoor to the windows login screen boot into a live distro (BackTrack, BartPE etc) so the disk can be mounted. Simply replace utilman.exe with a copy of cmd.exe. When presented with the login screen pressing the win key + U will present you with a console with the highest privileges; SYSTEM. Running "explorer" from the console will present the taskbar leaving the login screen as a backdrop. This is a great backdoor for a system as it will most likely go undetected. It will certainly not be picked up by any AV system.