none
Sticky Keys Exploit

    Question

  • Sticky keys (sethc.exe) within C:\Windows\System32 is too commonly replaced by a re-named copy of CMD.exe (to sethc.exe), and, placed into the System32 directory.

    From the login screen, the shift key is then quickly tapped 5 times which allows winlogon.exe to run CMD presenting a CLI at Administrator level - this happens pre-logon...

    From this elevated CLI, commands may be entered to enable the Administrator account (e.g., "Net User Administrator/Active:yes"), and upon reboot, the administrator account is now accessible with no password. Also, from this CLI at next login, the activated Administrator account may be given personal security (e.g., "Net User Administrator newpassword" which equates to a new Administrator password being set. I have even seen iexplore.exe run from this CLI at YouTube before logon.

    This exploit will surely damage the Microsoft brand if not addressed!

    I am hoping to gather ideas on how Windows can be made to ENSURE this exploit does not continue. Thanks in advance!

    Monday, March 11, 2013 9:32 AM

Answers

  • You can turn off Keyboard Sticky from All Control Panel Items\Ease of Access Center\Set up Sticky Keys

    Niki Han
    TechNet Community Support

    Wednesday, March 13, 2013 2:46 AM
    Moderator

All replies

  • You can turn off Keyboard Sticky from All Control Panel Items\Ease of Access Center\Set up Sticky Keys

    Niki Han
    TechNet Community Support

    Wednesday, March 13, 2013 2:46 AM
    Moderator
  • No it's not answered when it's a f*cking vulnerability still you POS OS.  You're a piece of sh*t windows.  Die already.
    Sunday, December 28, 2014 7:34 AM
  • This is not so....

    when accessing the hack.

    on the logon screen, at the bottom left hand side there is a bar you can click on, when the widow pops open, you are able to turn sticky keys on and off by free will.

    this hack/exploit can not be stopped, unless making sure no one can access your account (which can be easily done using konboot)

    Tuesday, January 13, 2015 11:54 PM