Using Backtrack to 0wn Windows Vista

In this video, Jesse Varsalone from Offensive Security demonstrates how to hack a Vista box using Backtrack. For this demo physical access to the Vista box will be required. Jesse boots into Backtrack and mounts the Vista drive in write mode. He then replaces the Windows Utility Manager program utilman.exe with cmd.exe ( command shell ). It is important to note that utilman.exe is protected by the Windows File Protection (WPF) feature and thus cannot be replaced while Vista is running. Once utilman.exe has been replaced, Jesse boots into Vista. On coming to the login prompt, he presses the windows key and the "U" key together to launch utilman.exe, which now is our command shell, cmd.exe. This command shell session has system level privileges. We now run the Explorer.exe program to launch the desktop and associated programs.

This demo goes to show, how easy it is to subvert security once you have physical access. The original video is available here.

We hate these ADs as much as you do! Help us stay FREE and CLEAN by making a Generous Donation!

Vivek Ramachandran is a security evangelist and has been working in computer security related fields for the past 7 years. In 2007, Vivek spoke at world renowned conferences Defcon (WEP Cloaking Exposed) and Toorcon (The Caffe Latte Attack). The discovery of the Caffe Latte Attack was covered by CBS5 news, BBC online, Network World etc news agencies.In 2006, Vivek was announced as one of winners of the Microsoft Security Shootout contest held in India among 65,000 participants. He has also been a recipient of a Team Achievement at Cisco Systems for his work on 802.1x and Port Security modules on the Catalyst 6500 switches. Currently he spends all of his time maintaining Security- Freak.Net , SecurityTube.Net and is the co-founder of Axonize. Vivek, is a Bachelor in Electronics and Communications Engineering from the prestigious Indian Institute of Technology, Guwahati.You can contact him at vivek[at]securitytube.net