Hack the Sticky Keys Feature to Reset a Forgotten Windows Password

Blog

Necessities

  • Drive letter of your Home windows set up. For example, it’s C in my case.
  • Home windows set up disk or Home windows restore disk.
  • Crucial, you shouldn’t be capable of recall your Home windows password.

Video

However how does the exploit work?

Nicely, there are some variations to this, however the commonest begins with a Home windows Startup Restore, be it from the host OS or an set up machine. From there you’ll get a Cmd window, and if all goes effectively, you need to have sufficient privileges to make modifications contained in the System32 folder.

All it’s important to do then is to exchange the Cmd (cmd.exe) executable with the Sticky Keys () one (all in the identical folder). You may then boot usually into the OS and from the lock display screen, when you press shift key 5 instances, a Cmd window pops up. From there you may change the person password, or exploit the machine in some other approach you needed.

Sounds good? It in all probability does, however it's so outdated that it makes you marvel:

Does it actually nonetheless work? Have been there any efforts to repair the "vulnerability"?

Nicely, first mistake. Sticky Keys shouldn’t be a vulnerability.

One definition of vulnerability, given by NIST:

“Weak spot in an info system, system safety procedures, inside controls, or implementation that may very well be exploited or triggered by a menace supply.”

On this case, it's not a system vulnerability that’s being exploited, however the exploit itself. It may be exploited by the person’s lack of safety measures, so it ends being a person accountability. And it's extra like an OS native attribute.

Now you can ask: however the exploit nonetheless works with out the necessity for person improper configuration, proper?

Definitely! However maybe it falls in need of significance for the actual fact it requires bodily entry to make use of it. 

So, again to the query, I believe that to some extent, there’s an opportunity that Home windows doesn’t need to totally repair this drawback.

First, the truth that it's not a vulnerability breaks the necessity for fixes.

However there's additionally an opportunity that this was left on objective as a approach to break into the machine when wanted. In spite of everything, there are another instruments able to attaining the very same factor.

The reality is, I've been following this vulnerability for a while, and when you did it too, you’ll inform that little or no modifications had been made for lengthy durations. 

I discovered and hold discovering numerous materials on this vulnerability, from weblog posts to YouTube tutorials instructing methods to use the exploit. I additionally discovered that individuals hold asking for methods to guard in opposition to this, and so they even use Microsoft boards. 

Furthermore, you can even discover some old tutorials telling how this vulnerability has been “documented throughout” or old posts the place folks even then had been asking for an answer.

However in any case, it seems Microsoft has taken a couple of measures to guard customers in opposition to this exploit. I gathered some (there could also be others):

  • Home windows firewall stopping sethc.exe to run Cmd.
  • SFC restoring sethc.exe file again to it’s unique.
  • Forbidding file modifications on the “System32” folder.
  • Eradicating "sethc" from the “System32” folder when accessing by the restoration mode.
  • Password defending Cmd entry within the troubleshooting mode.

Given these measures and since I didn't discover any current submit, I needed to make certain that this vulnerability was nonetheless exploitable on the most recent Home windows 10 model.

Let me present you the way it went as a result of everybody likes demonstrations. And earlier than you inform me you noticed this 100 instances, I inform you that this one had sudden turns…

How one can revert what youve finished?

Now, you may have efficiently modified your password however you don’t need another individual to do the identical. You possibly can simply revert the modifications you’ve made:

  1. Observe the method as described earlier until step no. 4.
  2. Within the command immediate window, sort the next command:

    copy /y c:sethc.exe c:windowssystem32sethc.exe

  3. Press Enter and restart your machine.
  4. Now, on the login display screen, when you press Shift key for five instances the sticky keys possibility will present up as an alternative of the command line.

This manner, you may reset Home windows password and have a way of relieve. In case you are involved that somebody can sort these instructions and achieve entry to your machine, you disable the USB ports in your machine.

When you’ve got one thing so as to add, inform us within the feedback beneath.

Additionally Learn: 3 Simple Commands To Disable Forced Windows 10 Updates

Tags