just a question for ebola himself

So i found out that you can bypass admin by using the bootable media of windows installation or the iso file itself and boot into the drive using the bluescreen and use shift+f10 to open up cmd on the windows installation bluescreen and rename utilman.exe into utilman2.exe and cmd.exe into utilman.exe in system32 using "C: > cd Windows > cd system32 > ren utilman.exe utilman2.exe > copy cmd.exe utilman.exe" and boot up into the main OS and press the utility icon (little man doing star pose) and you can have the admin cmd and do whatever u want like opening up sessionexploit and hijack the accounts and grant admin or just add an admin account. If you need me to show you what I mean you can tell me but i think its weird that microsoft can leave something like this, so is it a 100% garenteed admin bypass method without phishing or bruteforcing? or is it just a thing that can be easily prevented by the windows OS itself? is this method another method to consider for admin bypassing? bc idk the full thing behind it (like the full operation and how it can be prevented or how its useful/useless)

8 comments