Hacking Windows Login with Sticky Keys, from Starry Sky



Starry keeps cranking out videos for School for Hackers, and we keep working to build some video production expertise. In this short tutorial on hacking Windows login, Starry demonstrates using a bootable CD to get around file system protections, so he can replace the utilman file with cmd.exe.

The hack is a classic Windows Sticky Keys Exploit. Here’s how it works: when you boot and arrive at the Windows login screen, you have a limited group of choices. You can click on your user icon to start the login process. Or you can power down using the icon in the bottom right corner of the screen. Or, look at the bottom left corner. If you use any of Windows’ enhancements for users with limited vision or other issues, you’ve used clicked this button before. But it’s likely you haven’t.

This button provides tools – like large-font, high-contrast visual themes, for one example – are collectively known as “Sticky Keys,” because the keyboard ease-of-use setting actually called “sticky keys” is the core of these tools.

In any case, low-vision and other users are used to clicking the Sticky Keys button and getting an easier-to-use Windows login, provided by a file called utilman. If you somehow get administrative access to a Windows computer, you can replace the OEM utilman with cmd.exe, cleverly renamed – you guessed it – utilman. Now when you click the Sticky Keys button, voila! You get a command prompt – as Administrator!

Depending on restrictions, you may not be able to pull this switch off while a system is live. But if you have physical access to it … the game changes. Starry shows us exactly how this works. Thanks, Starry Sky!

Download S4H Linux for Raspberry Pi 2 & 3

School for Hackers Linux

We maintain a special build of Fedora Linux for Raspberry Pi with the Security Spin packages pre-installed, plus some accessories and services already set up, to make using your Pi as a hacking and security-testing platform easy. It’s a great OS for students and teachers of hacking and security, and saves both a lot of time building a stable, updateable toolset.

These OS images (and a growing heap of goodies) are available to registered students of School for Hackers. Use the Register link at the top of the page to create an account, then log in to see extra menu items and pages. Then visit our Setup page for instructions on how to load the image, change passwords, connect via VNC or SSH and get started with the Security Lab tools: https://schoolforhackers.com/set-up-your-fedora-pi-card/.

You can use our School for Hackers Linux on a Raspberry Pi, as a Virtual Machine or directly installed onto your laptop. We’re building our hacking lessons for exactly this platform, so for the most part you’ll find everything pre-installed (except where we need to teach you how installation works). We recommend it as the best OS for our School for Hackers students.

Raspberry Pi Fedora 24 Security Spin OS Images for Raspberry Pi

It has been a very interesting week, wrestling with uploading Raspberry Pi OS images and trying to tame the bugs in Fedora 25 for Pi. But we’ve got downloadable images here!

To keep the numbers manageable, I’ve set this up so that you can sign up as a student here (use the Register link above), then you’ll get access to the link and instructions.

Our School for Hackers Linux running Fedora 24 with the Security Spin (or Security Lab), on the other hand, is stable and highly useful for teaching security testing. I started using the FSS quite a while back rather than turning students loose with the bazooka that is Kali, and at this point I’m building my lessons for use on School for Hackers Linux.

Let me say for the record that at the moment, Fedora 25 for Pi is “beta” in the strictest sense: It will boot. Almost everything else takes manual bashing as root, from networking to shutting down. I made it run, and got it stable, but I can’t in good conscience turn this OS image loose in the wild. People could get killed.

Compressed, the S4H Linux F24 images are 3.7GB and 4.6GB, but that still makes for some ugly uploading from my end. Downloading, on the other hand, might be slick.Comment here on your experience: downloading it, imaging it, and using it. Let’s make this a sweet cyber security teaching OS. Thanks –

[ Hacker Night School ] :: [ Hiding Your Ass ] :: [ Using a VPN ]

Starry Sky (Htet Aung)

Starry Sky and Glenn Norman discuss using a VPN or proxy server

Now take the Quiz:

1. What of these statements is the most accurate description of a proxy.

a. Hides your IP address
b. Makes it look like you’re coming from a different IP address
c. Makes your web traffic (ports 80 and 443) look like it’s coming from a different IP address
d. Makes ALL your network traffic look like it’s coming from a different IP address

2. What exactly does a VPN do?

a. Hides your IP address
b. Makes it look like you’re coming from a different IP address
c. Makes your web traffic (ports 80 and 443) look like it’s coming from a different IP address
d. Makes ALL your network traffic look like it’s coming from a different IP address

3. Will a proxy hide your IP if you are:

Yes    No    Streaming video
Yes    No    Downloading a torrent
Yes    No    Using instant messaging
Yes    No    Watching Flash

4. Will a VPN hide your IP if you are:

Yes    No    Streaming video
Yes    No    Downloading a torrent
Yes    No    Using instant messaging
Yes    No    Watching Flash

5. Suppose you have been given a penetration testing contract to test the security of a company’s web applications. Which type of service would give you sufficient privacy, usually at no cost, and sometimes with superior speed?

a. Proxy server
b. VPN
c. macchanger
d. Burp Suite

6. Your next pen testing contract has you scanning your client’s internal and external networks and computer systems. You’ll be using lots of non-web tools like nmap and hping3. Which type of service will give you the level of concealment you’ll need when using any networking protocol?

a. Proxy server
b. VPN server
c. Working from the nearby Starbucks
d. Kali Linux

7. How should you check to see if your proxy or VPN is working?

a. Check your external IP address after starting the VPN
b. Check your external IP address before starting the VPN
c. Both, and make sure they’re the same!
d. Both, and make sure they’re different!

8. Which would be the safest country for you to get your VPN from?

a. USA
b. Switzerland
c. China
d. Russia

Answer Key:

1: c
2: d
3: No, no, no, no
4: Yes, yes, yes, yes
5: a
6: b
7: d
8: b

[ Bash Scripting How-to ] :: BASH Programming Course: Master the Linux Command Line! on Udemy

Glenn Norman

As I write, this course is on sale for $10 on Udemy, though that’s likely to change. In fact, I’ve bought courses on Udemy that later disappeared, so there’s no guarantee that courses like this on commercial sites like Udemy etc. will even exist years down the road. On the plus side, this one offers a very good list of topics covered. Take a look while you have the chance.


[ Bash Scripting How-to ] :: Advanced Bash-Scripting Guide at TLDP.org

Glenn Norman

Bash scripting (shell scripting using bash) is one of the most critical skills a hacker can cultivate. Everybody and his brother (including me, Glenn) has written bash scripting guides and tutorials, but few of them go as in-depth as this one.

I’ll be listing other bash tutorial sites here at School for Hackers, and I hope eventually to put together a course and cert in bash scripting for hackers. Drop me a line if you’re interested in working on that project. In the mean time, see this: