Press shift 5 times to change the CMD and password and restart the computer. You can’t help but know this vulnerability!

This article will introduce the windows system vulnerability, through 5 times of shift vulnerability to change the CMD, and finally change the computer password and start the computer, the idea is still very interesting, share with you. < / P > < p > the program name is“ esthc.exe ”, whose path is “C: windows system32″\ sethc.exe ”。 The vulnerability of this system is that some win7 and win10 can be popped up by pressing the shift key five times continuously when they are not in the system sethc.exe Application program, and then in-depth use to call out the CMD window, through the instructions to modify or delete the user password, so as to log in to the computer that does not know the password. < / P > < p > first, when you are not logged in to the system, press the shift key five times in a row, and the program “C: windows system32” will pop up\ sethc.exe ”。 Secondly, forced shutdown to enter the “startup and repair” interface. There is a vulnerability in this interface, which can open a local error TXT file. Thirdly, through the open option of TXT file, open disk C before entering the system“ sethc.exe ”And then cmd.exe Make a copy of the program and name it“ sethc.exe ”。 Finally, restart the computer and press the shift key five times again, the CMD interface will pop up, and then enter the command to modify the login password. < / P > < p > note: some win7 and win10 systems have been patched, so system version update and patching are very important means for us to defend. < / P > < p > SAM file stores the account and password of windows. It is encrypted by hash algorithm, which is irreversible. The treatment method is blasting, but it takes time. Here we first add the common command to modify the password in CMD, and modify the password through this method. < / P > < p > restart the computer. When the “starting windows” interface appears, the computer is forced to shut down immediately. This is to simulate the scene of sudden power failure or abnormal shutdown in real life, so as to pop up the “repair mode”. It is recommended that you try not to try it in a real computer. < / P > < p > at this time, it cannot be automatically repaired, and a new dialog box will pop up, as shown in the figure below. Usually, we will click “send” or “do not send”. < / P > < p > it should be noted that the vulnerability is hidden here by clicking “view problem details”. We don’t need to understand what it means. It’s a problem report within Microsoft. < / P > < p > when we pull down, we will see two Hyperlinks: one is to access Microsoft remotely online, the other is to access local txt files offline. Click the second one here. < / P > < p > we open the file, as shown in the figure below. It doesn’t matter what its content is, but it has a button to open the file. What can we do with this button? Even in the state of not entering the system. < / P > < p > double click to open “computer”. At this time, although you do not enter the system, you can see the disk partition. The “d” here is the real C disk. < / P > < p > at this time, it will have a local Notepad through which you can open the txt file. Since it has not entered the system, there is no concept of user, so it runs with the highest authority in this state. Then open the “windows” – & gt; “system32” folder, as shown in the following figure: < / P > < p > change the name of “sethc” to “123”, and press the shift key five times next time, and it will no longer be able to find the executable file. < / P > < p > and then find the “CMD” file. Note that the CMD file is also in the directory. Why find it? We want to make a stealthy replacement. Press the shift key five times in a row to call the CMD, and then enter the command to change the boot password. < / P > < p > then rename it to “sethc”. The system will not verify what your content is, just call the executable program according to the program name. < / P > < p > at this time, we can successfully enter the system. Isn’t it amazing that we have successfully entered the system through a series of loopholes. It is better to delete the “sethc” that has been modified to CMD and change the name of “123” back to “sethc” when starting again. < / P > < p > but this method has a disadvantage. If you forget the password of your own computer, it is OK, but if you change the password of someone else’s computer, they will know it next time they log in. After sharing a password does not change the case, with the highest administrator access to the system. At the same time, we can add new users to the system by calling “add / shuap >”. < / P > < p > the vulnerability may have been fixed by win7 and win10, but there are still some systems that have not been updated, so system patch and version update are very important steps. And hackers will also compare different versions of the patch to attack. < / P > < p > turn on win7 virtual machine, power on and set a complex password to shut down and then power on. When the windows boot interface appears again, it is forced to shut down and turn on again, and then “start repair” appears and select this option. If it doesn’t appear, how often and how often does it have to be shut down or changed. When the system restore prompt appears, click Cancel. After waiting for a few minutes, the cause of the problem will appear. Click View Details to open the last link, that is, click open in a notepad, and select to display all files. Find sethc and rename it sethc Bak, then find CMD, copy a copy, rename sethc all shut down, restart the system, press the shift key five times continuously, and the Use the command “net user name new password” to modify the current user password, or create a new user and promote it to an administrator. After logging off, the new user can be deleted. This advantage is that you can log in to the system successfully without modifying the current user password= -posts-wrapper target=_ blank>Skip to content