In this section, we will explore how to utilize physical access to the console of a Windows computer that is unlocked or without a password. Attackers can exploit the feature of Microsoft Windows sticky keys to plant a backdoor in a fraction of a second; however, the caveat is you will need to have administrator privileges to place the executable. But when the system is booted through Kali Linux, the attackers can place the files without any restrictions.

The following is a list of Windows utilities that can be utilized by attackers to replace utility executables with cmd.exe or powershell.exe:

• sethc.exe
• utilman.exe
• osk.exe
• narrator.exe
• magnify.exe
• displayswitch.exe

The following photograph shows when an attacker replaces sethc.exe with cmd.exe: