I'm here to describe an interesting issue I've been facing today, in order to get some hints or solutions.
My goal : access and modify one of my computer's Windows (10) system hard drive in order to run the "utilman bypass" scenario under this fresh new version of M$.
For those who do not know the Utilman bypass : http://fred151.net/en/bypass-windows-logons-with-utilman.exe-trick-and-solution/id/48 (basically replacing the accessibility exe by cmd so we can have admin-access at logon screen).
Well nothing very complicated so far, but here comes the unexpected :
I boot a recent Kali Live on the computer, mount the system hard drive and when I run the outcome is simply cp utilman.exe utilman.exe.bak : Unsupported operation...
Well time for ls -la which gives out "utilman.exe -> unsupported reparse point"
After some web crawling I am left perplex and upgrade ntfs-3g for the very last version which comes up with some kind of "Input/output error" instead of the previous error message.
Time to try ntfsfix and chkdsk /R from the Windows session : everything runs OK and no change of my situation.
I decided to give a final try from Windows installation CD via the rescue prompt and face a the system cannot access file when I try to ren C:\Windows\System32\Utilman.exe C:\Windows\System32\Utilman.exe.bak.
Seems to me like a funny situation and I wonder if it could be some new security feature introduced with recent windows 10 or if there is some kind of filesystem trick to put in motion.
PS: Please let me know if I should crosspost or move to a different section, thought it has its best place here though because of the pentest aspect.
PS2: The Windows system is not damaged at all, boots and runs smoothly.
