Physical Access
Techniques to exploit a Windows system you have physical access to.
Sticky Key binary hijack
If the disk is not encrypted and the BIOS is not protected:
- poweroff system without using hibernation using
shutdown /s /t 0 - boot on Kali
- replace
C:\Windows\System32\sethc.exebyC:\Windows\System32\cmd.exe - reboot on the Windows system
- hit
SHIFTkey 5 times to trigger the hijackedsethc.exebinary