There is another method to access a CMD prompt in LocalSystem context.

“In the Windows login screen, you are allowed to turn on sticky keys or high contrast using the hotkeys (Shift x 5 OR Alt+Shift+PrintScreen). Attempting to turn on either one with launch the sethc.exe file. Adding the provided registry will tell Windows that you want to run cmd.exe as a debugger for sethc.exe but the problem is Windows does not check if it is a valid debugger. So whenever you try to launch sticky keys or high contrast in the Windows 7 login screen, you will run the command prompt instead.”

Read More: https://www.raymond.cc/blog/backdoor-reset-administrator-password-add-new-user-windows-7/


.

The setup is very easy.

Open a CMD prompt as Administrator.

C:\>REG ADD "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\sethc.exe" /v Debugger /t REG_SZ /d "C:\windows\system32\cmd.exe"

Now when you go into the Windows login screen, you can either press Shift five times or press Shift+Alt+Print Screen to open the CMD prompt in LocalSystem context.

Advertisements