John Hammond Demonstrates New Method to Bypass Windows Installation Restrictions

In this video, John Hammond explores a new method to exit the Windows installation process or the Out-of-Box Experience (OBE) to access a local administrator command line. This technique allows security researchers to bypass restrictions and gain elevated privileges on a freshly installed Windows system.

Hammond uses a Windows 11 virtual machine in VMware Workstation to demonstrate this method. He begins by explaining how to bypass Windows 11's hardware compatibility checks, such as the Trusted Platform Module (TPM), using specific commands in an administrative command prompt. This command prompt is accessible via the Shift + F10 key combination during the installation process, but this method can be disabled on some systems.

To bypass this limitation, Hammond uses a simple yet effective trick. By opening the accessibility tool "Magnifier" during the OBE, he can then use the Windows + R key combination to open the Run dialog box. Although this dialog box is not visible on the screen, it is active in the background. By typing "cmd.exe" and pressing Enter, he can open a command prompt. Using the Ctrl + Shift + Enter key combination, he can run this command prompt with administrative privileges.

This method allows the execution of administrative commands even if the command prompt is not visible on the screen. Hammond demonstrates how to use this command prompt to check user privileges and potentially add new administrator accounts or perform other privileged actions.

Hammond also discusses the practical implications of this technique. Although Microsoft does not consider this a critical security vulnerability, as the OBE naturally runs with administrative privileges, this method can be used to manipulate the system if a machine is left unattended during the installation process. He also mentions that this technique can be useful for system administrators who are preparing golden images or configuring machines via management tools like Intune.

In conclusion, this video provides a detailed and practical demonstration of a new method to bypass Windows OBE restrictions, while discussing the security implications and potential applications in real-world scenarios.