Yes, it is possible. And it's relatively easy. What do you need to do this?
If you managed to get in a Windows system with e.g. password guessing, brute force attack, eavesdropping or using any other technique, it can be important to set up a backdoor there, because if your intrusion is detected later, the user / pw pair you used can be removed or changed and you have lost your way in.
One solution for this is to do a little trick as soon as you got in.
The secret is the following: whenever the Windows asks a login name / pw pair, you can press the shift key a couple of times (five, to be precise) to switch on the socalled Sticky Keys. This option lets you use the SHIFT, CTRL, ALT and Windows Logo keys by pressing one key at a time.
Anyway, you have to realize that an application is run by Windows BEFORE you log in. And you just have to utilize this fact! So once you are in (with e.g. guessed pw), go to system32, find sethc.exe, create a backup for this file and copy cmd.exe to sethc.exe (overwrite). That's it! Next time when you log off and Windows asks for username / pw, you just hit the SHIFT key five times and you will get a command prompt...
Which opens up the system for you without logging in.
Voilá!
