Delayed startup hp dv6 windows 10

By jldurham6,

Run regedit and search for EnableULPS
Change it’s value from 1 to 0
Close regedit and reboot

Note: ULPS is AMD’s Ultra Low Power State

How to hack a ‘back door’ into Win10, 8, and 7

By jldurham6,

The column below was originally published in the August 18, 2016, Windows Secrets newsletter.

Today, it supplements a new column, scheduled for the March 11, 2019 AskWoody Plus Newsletter, focused on what to do if an error causes you to lose all admin privileges on your own PC. Click on over to read the new column!

(I’m reprinting selected Windows Secrets columns here to help ensure readers can find and access information I’m referencing in new columns; until older Windows Secrets/LangaList columns are moved to their new home at AskWoody.com.)

The original, verbatim, un-updated text follows:

How to hack a ‘back door’ into Win10, 8, and 7

Fred Langa

By Fred Langa on August 18, 2016 in Insider Tricks, Top Story

This unofficial hack can give you full administrator access to Windows, even if a PC’s accounts and passwords are mangled, unknown, or blocked.

It involves a new way to take advantage of an ancient security vulnerability (dating to Windows 95!) that lets you trick the OS into opening a system-level command environment.

Yes, this hack has the potential for misuse — I’ll come back to this later — but it’s also a powerful, last-ditch method that can be used legitimately to repair, recover, or restore systems that are beyond the reach of normal rescue methods. (Any competent hacker already knows about this trick.)

Here are some examples: Say you’re faced with accessing a PC that boots, but whose badly scrambled sign ins make it impossible to access all local user accounts. Or, let’s say a co-worker/friend/family member asks for help with accessing, repairing, or recovering a PC, but they’ve lost the needed account information. Or you acquire a PC of unknown provenance, and you don’t want to access the existing accounts because they might contain malware or other problematic content.

In all these and similar cases, the following hack can usually get you in.

Understanding the hack, and its roots

This method is an updated version of an ancient, very well-known hack that dates back to the early days of Windows. It uses Windows’ Sticky Keys function as a back door to spoof the OS.

Sticky Keys, introduced way back in Windows 95, is an accessibility feature. Some people have trouble with keystroke combinations — take for example, simultaneously pressing CTRL + ALT + DEL to bring up Task Manager or to reboot. Once enabled, Sticky Keys (Wikipedia info) serializes those keystrokes so users can press keys one by one, in succession. The app then stitches them together and sends the key-combination to the OS.

The hack involves replacing the Sticky Keys executable (sethc.exe) with the command window executable (cmd.exe). Invoking Sticky Keys then actually launches a System-level command window, giving you full access to the system.

You used to be able to do this with no tools at all. On any Windows system, you’d start the PC and then power off as Windows was loading. You’d repeat this step (possibly several times) until Windows assumed the system was broken and loaded Startup Repair, which (among other things) would offer to show you the log files from the failed starts. Startup Repair would then show the log in Notepad. Once there, you could use Notepad’s File/Open command to go anywhere in the system.

Microsoft closed this too-easy back door with Windows 7 — the original, super-simple, tool-less hack no longer works. But in Windows 7, 8 and 10, a similar back door still exists; it’s just buried a little deeper.

For the following hack, all you need is a Windows Recovery disk/drive. Some Linux “live” discs will work, too, especially if the PC’s Secure Boot is disabled. But a Windows Recovery disk/drive will work on just about any PC — even those with Secure Boot active — and it’s readily available.

Win7, Win8, and Win10 all have the “Create a recovery disc” tool (RecDisc.exe) built-in. Win8 and 10 also include the “Create a recovery drive” tool (RecoveryDrive.exe). (Recovery media created on a system with generic, retail Windows should work on another machine. You need to match the Windows version and bittedness of the two systems.)

Working through the hack, step by step

Here’s how to gain admin-level access, using a Windows-recovery disc or drive. I used Win10, but Win7/8 are similar.

  • Boot the PC with the Windows Recovery disc/drive and enter the Recovery Environment. (For detailed, step-by-step info, see the June 23 Top Story, “Using Windows’ powerful Recovery Environment.”)
  • The Recovery Environment typically temporarily changes the drive letters of a PC, so explore the PC to find what used to be its C: drive. (The aforementioned Top Story has instructions.)
  • Navigate to the system’s original \Windows\System32 folder — for example, if the Recovery Environment has temporarily labeled the original C: drive as E:, you’ll go to E:\Windows\System32/ (I use E: in the following steps.)
  • Type in ren sethc.exe sethc.bak to rename the Sticky Keys app. (You’ll restore this renamed file later, when you restore the PC to its original configuration.)
  • Still in E:\Windows\System32, enter copy cmd.exe sethc.exe to create a copy of the standard command-window app (cmd.exe) with the name sethc.exe (See Figure 1).
Figure 1. These simple commands are the heart of the hack.
  • Enter Exit to leave the command portion of the Recovery Environment.
  • Reboot or select Exit and continue to Windows 10 to restart the system.
  • Back at the Windows sign-in screen, press the Shift key five times in rapid succession, which normally launches Sticky Keys. This time, however, a command window will open (because sethc.exe is a renamed copy of cmd.exe). You’ll now be inside the system’s \Windows\System32 folder (Figure 2) and signed in as System — the highest-possible privilege level. You now have complete control over everything.
Figure 2. Windows thinks it’s running Sticky Keys (sethc.exe), but it’s actually opening a system-level command window (cmd.exe).
  • Command-line environments can be awkward to use. Entering the following commands will create a new, full-featured, administrator account you can use with a standard Windows screen: net user tempadmin /add net localgroup administrators tempadmin /add net user tempadmin 123456
    The above commands create a new temporary administrator account with the username tempadmin and the password 123456 (see Figure 3). You’re free to substitute any username and (more secure) password you wish. Figure 3. These commands create an unrestricted admin-level account with your choice of username/password (tempadmin/123456, in this example).
Figure 3. These commands create an unrestricted admin-level account with your choice of username/password (tempadmin/123456, in this example).
  • Reboot the system.
  • When Windows starts there’ll be a new account — in this case, called tempadmin — on the sign-in page (see Figure 4). It’s an utterly standard, full-featured, unrestricted administrator-level account that will let you do anything allowed in such accounts.
Figure 4. The newly created, admin-level account can be opened normally, via the Windows sign-in page.
  • Select the new account and sign in with the password you created. Let Windows finish setting up the new account and then carry out your repair/recovery/restoration activity.

When you’re done, clean up. Delete the bogus sethc.exe file you created and rename sethc.bak to sethc.exe — you might also wish to delete the admin account you just created.

For this hack, we’re all on the honor system

Obviously, there’s the potential for misuse and malicious acts with this hack. Windows Secrets debated long and hard on whether we should publish this information.

But this particular horse left the barn long, long ago — back in the days of Windows 95. The basic hack is well known in hacker communities.

And the positive uses are compelling: It lets you gain access to a PC where none of the user accounts or admin accounts is known, accessible, or working.

This is one Windows secret worth sharing!

Permalink: https://langa.com/?p=2159

[seperator]

COMMENT / QUESTION on THIS ITEM? See the Comment box at bottom of this page!

NEW QUESTION? Ask here!

(Want free notification of new content? Click here!)

Share this post via:

Fred Langa: See the ABOUT link or click here for more info: https://langa.com/index.php/about/

2 Replies to “How to hack a ‘back door’ into Win10, 8, and 7”

  1. i saw this used in another approach :

    after getting command prompt run regedit.exe, double click on HKLM, FIle – Load Hive and choose file from windows\system32\config\software. In the new branch go to Software\Microsoft\Windows NT\CurrentVersion\Image FIle Execution Options
    Here create a new key with name sethc.exe. In that key create A string value named Debugger with content cmd.exe

    reboot. press shift five times and the command prompt appear.

    after you had access as admin remember to delete the key from registry 🙂

Utorrent auto open

By jldurham6,

Add this to your registry and it’ll fix the problem instead of having to jump through hoops and install an old version of chrome. That being said — this was changed for a reason so just realize if you do this you’re bypassing chrome security for all magnet links on the internet.

HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Google\Chrome\URLWhitelist
Name = 1 (Can be any number)
Type = String (REG_SZ)
Data = magnet:*

 

 

 

 

 

 

 

 

 

 

 

 

 

This happens on fresh installed windows and chrome too. It looks like Chrome does not save protocol_handler in preferences file if json attribute is empty. Try this:

  1. close chrome

  2. open this file in editor i.e. notepad++: c:\users\[YOUR_WINDOWS_USER_NAME]\AppData\Local\Google\Chrome\User Data\Default\Preferences

or something like:

c:\users\[YOUR_WINDOWS_USER_NAME]\AppData\Local\Google\Chrome\User Data\[YOUR_CHROME_PROFILE]\Preferences

3) search for THE_LAST occurrence of text:

“protocol_handler”

4) replace this text: “protocol_handler”:{}

or

“protocol_handler”:{“excluded_schemes”:{}}

or

“protocol_handler”:{ANYTHING_INSIDE_THOSE_BRACKETS}

with:

“protocol_handler”:{“excluded_schemes”:{“afp”:true,”data”:true,”disk”:true,”disks”:true,”file”:true,”hcp”:true,”javascript”:true,”magnet”:false,”mailto”:false,”ms-help”:true,”news”:false,”nntp”:true,”shell”:true,”snews”:false,”vbscript”:true,”view-source”:true,”vnd”:{“ms”:{“radio”:true}}}}

5) you’re good to go, open chrome, click magnet link, check checkbox, click magnet link again – there should be no popup

Probably there is another solution, because people are reporting that after some time (like 3 months 😉 the problem went away. I’m guessing that they clicked something in settings or clicked another protocol that actually got saved in Chrome Preferences and then magnet link protocol got properly saved too.

Sorry for my English, I’m trying to do my best 😉 I hope this helps in your case, good luck!

Find all the devices on your network

By jldurham6,

Not everything with an IP address is a computer – I found none of these suggestions returned all active IP addresses – in fact most returned very few. My home network has a combination of wired and wireless devices and two routers, mobile phones, TV, PVR, Apple AirPort and probably a few things I have forgotten. I used the following to scan all addresses on the 192.168.1.xxx subnet:

for /L %i in (0,1,255) do ping -n 1 -w 250 192.168.1.%i>>ipaddress.txt

The resulting file ipaddress.txt contains the ping results for all addresses and I looked for those with “Received = 1” – currently 16 addresses returned a result – I only have 4 computers in the house – and they were not all on.

 

 

 

 

https://superuser.com/questions/522296/windows-command-to-display-all-ip-addresses

Disable Creepers

By jldurham6,

You can set the creeper’s “ExplosionRadius” value to 0 to prevent both block damage and heart damage. Example using 1.9 mechanics:

/entitydata @e[type=Creeper,tag=!processed] {ExplosionRadius:0,Tags:["processed"]}

 
If you mean to prevent them from exploding to begin with, then you have several options depending on what you’re looking for. If you want creepers to still track you, you can set their “Fuse” tag to maximum so that it takes ~27 minutes for it to explode (the timer resets when it gets out of explosion range):

/entitydata @e[type=Creeper,tag=!processed] {Fuse:32767,Tags:["processed"]}

 
If you don’t want creepers to track you to begin with, you can set their “generic.followRange” value to 0:

/entitydata @e[type=Creeper,tag=!processed] {Attributes:[{Name:"generic.followRange",Base:0.0}],Tags:["processed"]}

Minecraft Server setup

By jldurham6,

fdisk -l  (to list detected disks)

fdisk /dev/sdb1

mkfs.ext3 /dev/sdb1

Mount /dev/sdb1 /mnt

vi /etc/fstab

/dev/sdb1    /mnt   ext4    defaults     0        2

ln -s /var/games/minecraft/backup /mnt
ln -s /var/games/minecraft/archive /mnt

Doesn't need to be done at command line, do on server itself in global menu settings
 hwclock -u -s
date --set="23 September 2017 14:18:00"
THIS ONE WORKS BEST dpkg-reconfigure tzdata

IPTABLES
iptables -A INPUT -p tcp -m tcp --dport 25566 -j ACCEPT
iptables-save > /etc/iptables-rules

Cronjob tab

0 */60 * * * *

Save all then create archive.

 

 

 

RDIFF RESTORE POINTS

rdiff-backup –force /var/games/minecraft/servers/2012_World/ /var/games/minecraft/backup/2012_World/
rdiff-backup -b /var/games/minecraft/servers/Dredsdomain/ /var/games/minecraft/backup/Dredsdomain/

 

crontab -e (From root command prompt add below to file and save)

*/15 * * * * rdiff-backup -b /var/games/minecraft/servers/Dredsdomain/ /var/games/minecraft/backup/Dredsdomain/ >/dev/null 2>&1

* * */2 * * rdiff-backup –remove-older-than 1D /var/games/minecraft/backup/Dredsdomain/ >/dev/null 2>&1

* * */2 * * rdiff-backup –remove-older-than 1D /var/games/minecraft/archive/Dredsdomain/ >/dev/null 2>&1

* * */1 * * cp -R /var/games/minecraft/archive /mnt/archive/ >/dev/null 2>&1

* * */1 * * cp -R /var/games/minecraft/backup /mnt/backup/ >/dev/null 2>&1

* * */2 * * rdiff-backup –remove-older-than 1D /mnt/archive/ >/dev/null 2>&1

* * */2 * * rdiff-backup –remove-older-than 1D /mnt/backup/ >/dev/null 2>&1

 

 

 

6down vote

By default the cron log in Ubuntu is located at /var/log/syslog. Use the below command to check the cron entries in this file.

grep cron /var/log/syslog

 

 

 

 

TRYING THIS **ACTIVE**

*/15 * * * * rdiff-backup -b /var/games/minecraft/servers/Dredsdomain/ /var/games/minecraft/backup/Dredsdomain/ >/dev/null 2>&1

* * */2 * * rdiff-backup –remove-older-than 1D /var/games/minecraft/backup/Dredsdomain/ >/dev/null 2>&1

* * */2 * * rdiff-backup –remove-older-than 1D /var/games/minecraft/archive/Dredsdomain/ >/dev/null 2>&1

* * */1 * * rdiff-backup -b /var/games/minecraft/archive /mnt/>/dev/null 2>&1

* * */1 * * rdiff-backup -b /var/games/minecraft/backup /mnt/ >/dev/null 2>&1

* * */2 * * rdiff-backup –remove-older-than 1D /mnt/archive/ >/dev/null 2>&1

* * */2 * * rdiff-backup –remove-older-than 1D /mnt/backup/ >/dev/null 2>&1

 

Trendnet Officescan removal

By jldurham6,

HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\TrendMicro\PC-cillinNTCorp\CurrentVersion\Misc.

 

Instead of looking for the ofscan.ini, I searched the registry for the Uninstall_Pwd and I found it in HKEY_LOCAL_MACHINE\SOFTWARE\TrendMicro\PC-cillinNTCorp\CurrentVersion\Misc. I changed the key value to 70.
I also searched for the Allow Uninstall and I found it under the same above path. I changed from 0 to 1.

I also changed the unload password: the Reg Key is Unload_PWD: I set it to 70 as well.

Edge and windows store won’t load INET_E_RESOURCE_NOT_FOUND

By jldurham6,

https://developer.microsoft.com/en-us/microsoft-edge/platform/issues/12304958/

 

INET_E_RESOURCE_NOT_FOUND

 

regfix file

 

@Kevin, glad we got it sorted out and thank you for posting back here.

Here is what we shared with Kevin, and Melinda.

This procedure is for those having the INET_E_RESOURCE_NOT_FOUND  issue
and have incorrect TCP/IP parameter settings as seen by running the following command (posted previously and many have reported back) in
an admin powershell:

Get-Acl HKLM:\System\CurrentControlSet\Services\Tcpip\Parameters | Format-List

You are having the issue that
this script will correct if you DO NOT have the following entries in the output
of the Get-Act command.

APPLICATION PACKAGE
AUTHORITY\ALL APPLICATION PACKAGES Allow  ReadKey

APPLICATION PACKAGE
AUTHORITY\Your Internet connection Allow  ReadKey

APPLICATION PACKAGE
AUTHORITY\Your Internet connection, including incoming connections from the
Internet

 

Here is the fix.  Let
me know if you have questions.

 

 

Save the zip attachment ‘regfix.zip’ to your Downloads
directory.  This is most likely the default location.

 

Go to your Downloads fold and locate the zip
file.

 

Right click the file and unzip it, E.g. Right
click the file and select “Extract All…”  Install 7zip if needed. http://www.7-zip.org/

 

Open a PowerShell command prompt as
administrator.  Win + S and then type powershell.  Find the command
and right click to “Run as Administrator”

 

Run the following commands in the admin
powershell.  One of the commands will ask for permission.  Select ‘A’
to allow all when prompted.

 

You need to first cd to the directory where the
regfix.zip was extracted.  This should be in the regfix directory in
Downloads.

 

set-executionpolicy unrestricted

Ø
Select
‘A’ and hit enter to allow running scripts

 

.\FixTcpipACL.ps1

 

Restart your computer

.

 

Let me know how it goes,

 

Steve

Reset Qnap Settings

By jldurham6,

mv /etc/config/uLinux.conf /etc/config/uLinux.conf.OLD
cp /etc/default_config/uLinux.conf /etc/config/uLinux.conf
sync
reboot

 

 

 

https://forum.qnap.com/viewtopic.php?t=97413