this post was submitted on 19 Jul 2024
502 points (97.4% liked)
Greentext
4278 readers
2203 users here now
This is a place to share greentexts and witness the confounding life of Anon. If you're new to the Greentext community, think of it as a sort of zoo with Anon as the main attraction.
Be warned:
- Anon is often crazy.
- Anon is often depressed.
- Anon frequently shares thoughts that are immature, offensive, or incomprehensible.
If you find yourself getting angry (or god forbid, agreeing) with something Anon has said, you might be doing it wrong.
founded 1 year ago
MODERATORS
you are viewing a single comment's thread
view the rest of the comments
view the rest of the comments
Does the sethc workaround work in windows 11?
Anyway, here is a quick explanation of how you do it:
Use a separate boot device to boot up your computer, it is probably easiest to use a Linux live environment with a GUI, like Linux Mint.
You need to make sure that the local drive is mounted to the live environment, it was a while since I last ran the Linux Mint live environment, but it should auto mount the local drive and put a shortcut on the desktop.
Go to Windows -> System32 on the local drive.
Rename the file sethc.exe to sethc.exe.backup then copy cmd.exe file to sethc.exe
Reboot back into windows.
You have now created a backdoor into the machine.
At the logon screen, press the Shift key five times, this normally opens a dialog box about enabling sticky keys, but since we replaced the normal sethc.exe file with a copy of cmd.exe, we will get a command line window, running as administrator, giving us unlimited access to make changes to the computer!
Now, to reset the admin password we need to use the net user command.
The syntax is this:
So, if you want to set the password for the default Administrator account to "LemmyTest123", you enter the following:
And press enter.
The password is now changed.
However, in some cases this may not be enough to get in as the default Administrator account is disabled.
Then you also need to enter this command:
Done, you should now be able to logon as the default admin user.
Remember, to restore this loophole, you need to boot thw Linux live environment again, go to Windows -> System32, delete the file called sethc.exe and rename the file sethc.exe.backup to sethc.exe
It does still work, and my gut says it's going to work for a long time. Unless they majorly re-kajigger the way windows works in future versions
Its only possible if the machine doesnt have bitlocker enabled which requires a tpm and i believe its a feature only available on windows pro not windows home iirc.