There is several linux distributions that allows to crack windows operating system administrator passwords. BIOS password is important to prevent such attack as if the attacker have physical access to the host he will be able to have admin access to the system.
Windows 7 privilege escalation is possible not by using any linux distribution but according to IntelComms it is based on the system recovery during the operating system boot in safe mode. the method is by reset the windows OS during the boot with <Ctrl + Alt + Del>. The system will display:
- Start Windows Normally;
- Launch Startup Repair (recommended)
You select the Launch Startup Repair, Next the recovery process will display the loading System Recovery, you then cancel the “Restore your computer using System Restore”, then you select “View problem details”, here you will have the notepad file opened and you can browse all system files and you may open the cmd.exe as administrator to create new user with administrator or just change the admin password.
The issue that the system recovery on windows has a full access to OS files system and it is possible to run any command without having the admin privileges.
Microsoft considers this as not a security gap as user with physical access is able to have the administrator right. Basically with physical access user can also reset the BIOS password that’s why it is always considered that physical security of your computer is the best way to prevent such attack.
You can use the same method to bypass windows authentication over the domain.