With the Linux Live DC known as BackTrack 3, you are past the security on a Windows Vista Box in no time flat!
One of the really nice things about Linux is the Live CDs that are out there, that were made from various Linux Distributions; Knoppix being one of the most popular. A Live CD is just an Operating System that you can run from a CD instead of your hard drive. It allows you to keep the OS you have installed, and run a completely different OS from a CD.
I personally like BackTrack. It was derived from the flavor of Linux known as Slackware. While Slackware is not quite as "user friendly" as some of the other Linux distributions like Kubuntu and Mandriva, it is a very POWERFUL flavor of Linux, with more of a minimalist approach to software. Most people that are comfortable with Slackware operate in command line environment quite a bit more than relying on the GUI. The BackTrack CD allows the user to avoid what some might consider the daunting task of installing the Slackware distribution, but yet gives the user the very best of the Pen. Testing, Security Testing, and Digital Forensics Features of Slackware. Below are three links, the first is the Wiki Page for Backtrack and two Links to get BackTrack 3; the latest version of BackTrack. You can get the ISO to burn to CD and you can also get the install for a Thumb Drive:
BackTrack 3 Wiki
BackTrack 3 ISO
BackTrack 3 USB (Thumb Drive)
Now, the primary purpose of this article here is to give the reader a way to get into a Windows Vista Box and gain System Access without having a username and password. You only need three things to do this. (1) Physical Access to the machine, (2) Backtrack 3, and (3) "The Know How". Okay, I solved the problem of getting you the right tool by giving you the links to download BackTrack 3, and I am getting ready to give you "the know how", now you provide the Vista Box.
Once you have downloaded the Backtrack 3 file and burned the ISO to disk, you have a copy of BackTrack 3 all ready to go.
Now, study the video below:
Breaking Into Vista with BackTrack 3
Here is what the video is showing you how to do. You are renaming cmd.exe to Utilman.exe, thus you are invoking the Utility Manager before you log into the system. You are actually gaining SYSTEM ACCESS, which is even a level higher than Admin Access.
Also, here are some more videos from the people that found this exploit for Windows Vista:
Offensive Security Videos
Offensive Security is an absolutely LETHAL Computer Security Company. The have impressed me a great deal. For those of you out there that want to learn about Computer Security, these are the guys to go to. Below is their website:
This information is designed to be used by Investigators with a LEGITIMATE purpose for it. Computer Forensics Examiners MAY have a use for it, Computer Security Personnel should have a use for it, and even Computer Repair Personnel may have a use for it in the case that a customer has forgotten their username and password.
Rick Gurley: Best Cyber Investigator