Windows Login bypass

Only for Educational Purposes

Utilize physical access to the console of a Windows computer that is unlocked or without a password. Attackers can exploit the feature of Microsoft Windows utilities to plant a backdoor in a fraction of a second; however, the caveat is you will need to have administrator privileges to place the executable. But when the system is booted through Bootable devices, the attackers can place the files without any restrictions.

The following is a list of Windows utilities that can be utilized by attackers to replace utility executables with cmd.exe or powershell.exe:

sethc.exe

utilman.exe

osk.exe

narrator.exe

magnify.exe

displayswitch.exe

Attacker replaces utilman.exe with cmd.exe: