1
00:00:00,990 --> 00:00:06,260
All right, it's time for our first hands on practical, real world ethical hacking problem.

2
00:00:06,480 --> 00:00:11,160
I have my old Windows seven laptop here from work that I showed you in the previous video.

3
00:00:11,370 --> 00:00:15,180
And I do not remember my old username or my old password.

4
00:00:15,190 --> 00:00:20,430
Well, I can find my old username just by rebooting, but I don't know what my password was years ago

5
00:00:20,640 --> 00:00:26,360
when this was my primary workstation or my primary computer so I could switch users.

6
00:00:26,370 --> 00:00:29,670
I certainly don't remember the administrator password for this machine.

7
00:00:29,670 --> 00:00:31,170
In fact, I might have never had it.

8
00:00:31,560 --> 00:00:35,370
Can't log in as an IT admin because I don't know their password.

9
00:00:35,640 --> 00:00:40,830
And if I log in as a guest, which I might be able to do, I still won't be able to see any of my old

10
00:00:40,830 --> 00:00:41,280
files.

11
00:00:41,280 --> 00:00:45,110
And that's what I really need off of this old laptop computer.

12
00:00:45,450 --> 00:00:51,330
So what I'm going to do is show you how to use to reboot to spatial key combinations and four commands

13
00:00:51,330 --> 00:00:57,390
that will enter in at the command prompt, along with this Windows 10 DVD that we burned legally in

14
00:00:57,390 --> 00:00:58,800
the previous episode.

15
00:00:59,040 --> 00:01:05,070
We're going to see how to set up not just a user account, but an administrative user account that'll

16
00:01:05,070 --> 00:01:09,210
be able to see into all these other accounts on this Windows seven computer.

17
00:01:09,390 --> 00:01:15,260
I can even reset my password for my old account if it's a regular account on this desktop computer.

18
00:01:15,570 --> 00:01:17,130
So we're going to see how to do both of those.

19
00:01:17,160 --> 00:01:20,760
This will take our first reboot and our first special key combination.

20
00:01:20,760 --> 00:01:23,430
That's probably going to be an F2, F2 or delete.

21
00:01:23,640 --> 00:01:30,000
I may not be able to show you the BIOS screen, but you should be able to see really quickly the a prompt

22
00:01:30,000 --> 00:01:34,470
for us to press any key to boot from that DVD once we put it in.

23
00:01:34,710 --> 00:01:40,230
So I'm going to pause just for a second, put this DVD in my old laptop and then we will boot up from

24
00:01:40,380 --> 00:01:45,270
Windows 10 disk with our first special key combination F to twelve.

25
00:01:45,270 --> 00:01:51,960
Delete whatever it may be on your boss to change the boot sequence to boot from that Windows Ten DVD.

26
00:01:53,080 --> 00:02:00,640
So I've put the disk in my computer now I am going to restart the computer and as it comes up through

27
00:02:00,640 --> 00:02:05,200
by us, it's probably going to flicker away from this screen where I'm capturing, but I'm going to

28
00:02:05,200 --> 00:02:11,680
press photograph 12 to change the options so that I can boot from that CD or DVD drive.

29
00:02:13,290 --> 00:02:19,680
I'm showing you a simulated view right now of my F 12 that I used for this next step, but you see,

30
00:02:19,680 --> 00:02:23,510
I have hit F to 12 or delete on my computer.

31
00:02:23,520 --> 00:02:28,770
It's a tiny little dot screen on here, but it's asking me or by a screen, but it's asking me where

32
00:02:28,770 --> 00:02:29,730
I want to boot from.

33
00:02:29,730 --> 00:02:34,470
I'm going to choose that CD rom or DVD rom that option C.

34
00:02:35,560 --> 00:02:38,480
And now says any key to boot from the CD or DVD.

35
00:02:38,890 --> 00:02:40,930
That's where I went to press the key.

36
00:02:41,230 --> 00:02:46,570
So we've used our first special key combination, either for two or of 12, got us into that location,

37
00:02:46,900 --> 00:02:51,610
and now it'll take just a couple of minutes probably for this Windows 10 DVD to boot.

38
00:02:52,510 --> 00:02:56,560
I'll pause just for a second to give this time to boot on an older laptop.

39
00:02:56,560 --> 00:03:01,820
It'll definitely take you some time for it to come up to the Start-Up screen for the Windows 10 installation.

40
00:03:01,850 --> 00:03:04,280
We're not going to install Windows 10.

41
00:03:04,570 --> 00:03:10,570
We are going to repair our computer using this Windows 10 DVD and we'll see how that works.

42
00:03:12,120 --> 00:03:17,310
All right, it took a couple of moments on this old Windows seven laptop for this to come up, but we

43
00:03:17,310 --> 00:03:22,050
have our Windows 10 start up and it's going to ask us for a language first.

44
00:03:22,050 --> 00:03:24,480
So let's just come down to the next.

45
00:03:24,480 --> 00:03:25,710
English is fine for me.

46
00:03:26,790 --> 00:03:33,570
And now instead of installing windows, we're going to repair your computer, make sure you choose the

47
00:03:33,570 --> 00:03:39,720
repair your computer, you do not want to install this Windows 10 over your old device if you're trying

48
00:03:39,720 --> 00:03:40,860
to get files off there.

49
00:03:41,160 --> 00:03:43,560
So we're going to click repair your computer.

50
00:03:44,250 --> 00:03:48,510
Next will choose, troubleshoot and advanced options.

51
00:03:49,020 --> 00:03:52,740
And notice here we have the option for the command prompt.

52
00:03:53,010 --> 00:03:57,600
This command prompt is where we're going to enter the first two of those four commands that we need

53
00:03:57,600 --> 00:04:04,140
to set up a new account, a new administrative account on this old laptop or any Windows computer from

54
00:04:04,140 --> 00:04:09,390
Windows XP, Windows 95, all the way through the newest Windows 10.

55
00:04:10,200 --> 00:04:12,590
And there we can see the command prompt.

56
00:04:12,600 --> 00:04:16,320
So we have a Windows 10 command prompt running.

57
00:04:16,320 --> 00:04:22,590
And remember, this is running only from this DVD, but it's running on this computer so we can surf

58
00:04:22,590 --> 00:04:25,200
to the computer from the DVD.

59
00:04:25,200 --> 00:04:28,500
So we're on our sex drive is what this DVD is mounted as.

60
00:04:28,770 --> 00:04:33,330
But if we do a C colon and then do a directory.

61
00:04:34,350 --> 00:04:39,720
We can see Windows is right there, depending on your operating system or whether it's a new or old

62
00:04:39,720 --> 00:04:42,620
computer, you may have to go to a drive.

63
00:04:42,630 --> 00:04:49,800
And you do that with just DeCola and Dya, but we can see no, that is actually our CD-ROM drive.

64
00:04:49,800 --> 00:04:51,000
So we're back to Seacombe.

65
00:04:52,550 --> 00:04:58,670
Just showing you a couple of options for how this may work, so we want to do a deal to make sure that

66
00:04:58,670 --> 00:05:03,740
we have a windows we're going to see into the Windows System 32 folder.

67
00:05:03,740 --> 00:05:05,790
That's where that Sticky Keys program is.

68
00:05:05,810 --> 00:05:09,050
It's also where the command prompt program is on Windows.

69
00:05:09,320 --> 00:05:18,530
So CD Space C Colon Backslash Windows Backslash System.

70
00:05:19,890 --> 00:05:25,770
Thirty two, and so now we've just changed directories into the Windows System 32, this is where those

71
00:05:25,770 --> 00:05:28,250
two important files are the sit eight.

72
00:05:28,280 --> 00:05:34,230
See, that's our sticky keys or set high contrast that and what we're going to do.

73
00:05:34,230 --> 00:05:39,480
And the second file is command of what we're going to do is, first of all, make a backup of the sticky

74
00:05:39,480 --> 00:05:41,720
keys so that we can have that later.

75
00:05:41,730 --> 00:05:47,640
Sometimes we may want to turn on sticky keys or we may just want to cover our tracks after we've created

76
00:05:47,640 --> 00:05:48,390
an account.

77
00:05:48,660 --> 00:05:53,490
So I'm going to clear the screen first to make this a little easier to see if you're wondering, the

78
00:05:53,490 --> 00:06:00,630
command CLX will clear the screen and my first command is to copy set HHC.

79
00:06:01,410 --> 00:06:12,390
We're going to copy set h, c to set H, C underscore helda that vecsey.

80
00:06:14,170 --> 00:06:20,350
And all we're doing is copying CDC over to some other filename that we can use later, like the old

81
00:06:20,890 --> 00:06:23,440
next, we actually want to fire our exploit off.

82
00:06:23,440 --> 00:06:28,250
We're going to copy CMPD, that XY.

83
00:06:29,260 --> 00:06:31,030
Over the set H.

84
00:06:31,030 --> 00:06:37,090
Seada XY file, so from now on, whenever someone presses the shift key five times, they're not going

85
00:06:37,090 --> 00:06:40,930
to get set, HHC, they're going to get a Windows command prompt.

86
00:06:40,930 --> 00:06:43,960
And that's how we're going to launch our compromise in the next video.

87
00:06:44,530 --> 00:06:47,310
When we press enter, we're going to see overwrite this.

88
00:06:47,330 --> 00:06:49,580
Yes, that's the whole idea of this exploit.

89
00:06:50,170 --> 00:06:56,740
So now if I reboot my computer on my local C drive, not on the DVD, I can even pull the DVD out of

90
00:06:56,740 --> 00:06:57,850
the computer when I reboot.

91
00:06:58,150 --> 00:06:59,620
In fact, that's a smart idea.

92
00:07:00,220 --> 00:07:07,060
When I come to the login screen, if I press the shift key five times, I will now see the command prompt

93
00:07:07,060 --> 00:07:11,110
pop up and I'll be running as the administrator on that computer.

94
00:07:11,350 --> 00:07:13,600
So we'll see how to do that in the next lesson.