1
00:00:01,030 --> 00:00:08,110
And the previous lesson we saw how to exploit this vulnerability, the sticky keys command and replace

2
00:00:08,110 --> 00:00:15,190
it with the command prompt and this lesson, we have removed our DVD from the computer after running

3
00:00:15,190 --> 00:00:16,030
this exploit.

4
00:00:16,240 --> 00:00:23,780
And now we're going to compromise this Windows seven laptop with our command prompt, sticky, key hack.

5
00:00:24,130 --> 00:00:27,070
So all I'm going to do is reboot this computer.

6
00:00:28,100 --> 00:00:32,570
And you can see this time we're booting into the regular Windows seven Bhoot.

7
00:00:33,630 --> 00:00:41,250
And now we're back to the booted Windows seven laptop, I still don't know the username be Paines password

8
00:00:41,250 --> 00:00:43,850
from several years ago, though, when I use this laptop.

9
00:00:44,190 --> 00:00:46,710
So let me show you how we run the sticky keys hack.

10
00:00:46,710 --> 00:00:50,150
All we need to do is our second special key combination.

11
00:00:50,460 --> 00:00:53,550
We're going to hit the shift key five times.

12
00:00:53,550 --> 00:00:57,420
One, two, three, four, five.

13
00:00:58,660 --> 00:01:04,480
And you know what that is there, that is a Windows command prompt, I'm going to make a little bigger

14
00:01:04,480 --> 00:01:05,470
so you can see it better.

15
00:01:06,250 --> 00:01:06,910
There we go.

16
00:01:06,910 --> 00:01:07,800
That's a little better.

17
00:01:07,810 --> 00:01:11,550
And now let's find out what user I'm running ads.

18
00:01:11,650 --> 00:01:12,990
Who am I?

19
00:01:14,810 --> 00:01:23,060
T a thought system, I am the system level or route user on this Windows seven laptop, and remember,

20
00:01:23,060 --> 00:01:29,330
this works for any Windows computer from Windows 95 XP all the way to the latest Windows Point one.

21
00:01:29,840 --> 00:01:37,970
I am now able to run administrative level commands on this computer, including changing my old password.

22
00:01:38,300 --> 00:01:44,030
So if you just want to change your password on the machine, remember I had a user on here called Beat

23
00:01:44,030 --> 00:01:48,280
Pain because I was the user of this computer several years ago.

24
00:01:49,010 --> 00:01:58,370
I can enter just one more command that is net user and my username beeping and a new password.

25
00:01:58,370 --> 00:02:02,150
Well, I could set a simple password to just be paying for this time.

26
00:02:02,750 --> 00:02:11,000
And notice now my old username from several years ago that I could not remember anymore has a new password

27
00:02:11,000 --> 00:02:14,450
of beeping so I can log in now is beeping and B pain.

28
00:02:14,900 --> 00:02:17,410
But I want to do one extra step.

29
00:02:17,960 --> 00:02:22,730
We mentioned that we could create new user accounts and even make them administrators.

30
00:02:22,970 --> 00:02:31,790
I'm going to create a new user with the same net user command and I will set a username of Iron Man

31
00:02:33,740 --> 00:02:35,210
with a password of Jarvis.

32
00:02:36,860 --> 00:02:46,160
And all I need to do is add the HDD or the add command, and what this will do is create a new user

33
00:02:46,160 --> 00:02:49,010
called Ironmen with the password.

34
00:02:49,130 --> 00:02:52,610
Jarvis, notice the command completed successfully.

35
00:02:52,970 --> 00:02:58,100
Well, if I log in now as Iron Man and Jarvis, I'm going to be a regular user, just like Depayin may

36
00:02:58,100 --> 00:02:59,870
have been a regular user on this computer.

37
00:03:00,110 --> 00:03:05,200
If I want to make those users administrators, I need to use one more command.

38
00:03:05,210 --> 00:03:07,090
And this is our fourth total command.

39
00:03:07,400 --> 00:03:14,930
We used our first two to copy over the set H.S. to back up the CMC to our set H.S. and now we've done

40
00:03:14,930 --> 00:03:16,760
a net user Ironman ad.

41
00:03:17,060 --> 00:03:18,470
We're going to do a net.

42
00:03:21,880 --> 00:03:25,630
Local group administrators.

43
00:03:27,550 --> 00:03:32,650
And we tell the user that we want to add to administrators ironmen.

44
00:03:34,350 --> 00:03:38,910
You can even add your own username, I could also add be paying up here, but I'm just adding a new

45
00:03:38,910 --> 00:03:41,160
user, Iron Man, with a password of Jarvis.

46
00:03:41,640 --> 00:03:44,750
Then I'm adding to the local group of administrators.

47
00:03:44,760 --> 00:03:51,600
In other words, the administrators on this computer, the admins, the super users on this Windows

48
00:03:51,600 --> 00:03:53,490
seven computer that I used to own.

49
00:03:54,060 --> 00:04:01,170
And I finished the command with add net local group administrators and the username and the command

50
00:04:01,170 --> 00:04:02,760
completed successfully.

51
00:04:03,300 --> 00:04:07,950
Well, that means now I should be able to log on as ironmen.

52
00:04:09,510 --> 00:04:14,660
Using a password of Jarvis, I should also be able to log in as my old user, be paying and be paying.

53
00:04:15,480 --> 00:04:21,930
So when we come back, we're going to see how to log in as beeping with my username that I just reset

54
00:04:21,930 --> 00:04:22,650
to be paying.

55
00:04:22,890 --> 00:04:28,050
And we'll see how to log in as this new administrator, Iron Man, who's going to have a password of

56
00:04:28,050 --> 00:04:28,650
Jarvis.

57
00:04:28,650 --> 00:04:32,940
And we'll have full access to all the files on the computer that are not encrypted.

58
00:04:33,150 --> 00:04:35,790
Will see the hack finale in the next lesson.