alextepes Posted October 5, 2006 Posted October 5, 2006 I didn't think You can control the "Administrator" On Windows XP Home it is only there in Safe Mode. Quote
sircrumpet Posted October 5, 2006 Posted October 5, 2006 I didn't think You can control the "Administrator" On Windows XP Home it is only there in Safe Mode. Press Ctrl+Alt+Del Twice on the login screen (or change the settings in Control Panel) to bring up the "traditional" login (which requires you to type user name/password), enter "Administrator" and leave the password blank. Quote
alextepes Posted October 5, 2006 Posted October 5, 2006 Oh alright, I didn't know that part, But thanks that'll come in handy some day, I leave my administrator open just in case I forget my password or someone else forgets theres so they can fix it, But I know its wise to have one set even if its like "hak5" or something lol that way no one can go into safe mode and add themselves an account. Quote
Iain Posted October 5, 2006 Posted October 5, 2006 It's not good practice to leave the Administrator account without a password. I'd urge you strongly to apply one. however straightforward it might be. It wouldn't stop a determined attacker, but what would? At least you'd put off those who might rely upon the simple trick given above. Quote
sircrumpet Posted October 5, 2006 Posted October 5, 2006 It's not good practice to leave the Administrator account without a password. I'd urge you strongly to apply one. however straightforward it might be. It wouldn't stop a determined attacker, but what would? At least you'd put off those who might rely upon the simple trick given above. Agreed, its such a simple risk, but its one that is all too often ignored. It takes just a second to apply a password, and is well worth doing. Quote
alextepes Posted October 5, 2006 Posted October 5, 2006 I don't do anything important on my Microshaft pc, I run servers etc on Linux only and make sure everything it password protected and patched, But if anyone knew my windows username they could easily install vnc when I'm not looking lol, All they need is my ip and username because I don't have a password for my user account either lol Quote
celltoolz Posted October 6, 2006 Author Posted October 6, 2006 Ok so i scrapped utilman.exe and used svchost.exe instead. Also instead of using a Windows 2000 CD to replace the file ive used Windows Live (found via not here... lol but somewhere).. I used VC++ to write the script. It can be found at http://www.megaupload.com/?d=54KLN5CX If you dont know how to compile it the Exe is in the Debug folder, its called HackXP.exe if your unsure. Warning: this is only a beta it only works if your windows folders is called windows not winnt (Ill work this out later), and it has to be C: as the main drive. Anyways.. Get access to C: partition Create C:user.txt in user.txt put Username:Password Navigate to C:windowssystem32 rename svchost.exe to svchostnew.exe MUST DO copy HackXP.exe to C:windowssystem32 rename HackXP.exe to svchost.exe Restart Computer After it starts it will create a new user and the computer will automatically restart. This is because svchost was not properly loaded and after the restart the original is backed up. Its hard to explain but it should work. so this is what i have: C:user.txt <--> NewAdmin:Hacked <--> Username = NewAdmin Password = Hacked C:windowssystem32svchostnew.exe <--> original microsoft svchost.exe C:windowssystem32svchost.exe <--> HackXP When you start your computer it creates a new user and backs up the original ms svchost.exe using svchostnew.exe so no need to worry. Then it restarts so svchost can correctly run. Post if you need any help... There should be more to come Quote
kickarse Posted October 10, 2006 Posted October 10, 2006 Good job! Btw, you HAVE to rename the svchost.exe to svchostnew.exe Quote
Guest Panarchy Posted October 13, 2006 Posted October 13, 2006 Is there a hack for Windows Vista? Quote
DeGrijze Posted October 13, 2006 Posted October 13, 2006 Is there a hack for Windows Vista? Please Panarchy go and find a nice corner and start playing with your self. :twisted: Gerard Quote
sid_lexic Posted October 15, 2006 Posted October 15, 2006 Hi all, Some of the earlier instructions mention using the Recovery console. Unfortunately the recovery console asks for the Administrator password which defeats the purpose of this hack. An NTFS4DOS boot disk as mentioned earlier would be the best thing to use. http://www.datapol.de/dpe/freeware/ Please note that Hiren's boot CD contains Warez! (as well as freeware) so be careful where you use it! A better option would be to use the ultimate boot cd or the UBCD4WIN version 3.0. http://www.ubcd4win.com/ Better yet how about a HAK.5 Bootcd then all of the utilities used for the Mods and hacks could be kept on the one CD. Maybe a new thread could be started for this. Quote
celltoolz Posted October 17, 2006 Author Posted October 17, 2006 Yes if you use the windows xp recovery console it asks for a password but if you use the Windows 2000 recovery console it doesnt :) Quote
renegadecanuck Posted October 20, 2006 Posted October 20, 2006 I don't know if this counts, or if it's already been posted someplace else in the forums, but I know an easy way to gain local Administrator account access on the machine in case you need that windows version of the root account.Steps are as follows: [*]Rightclick on My Computer, choose Manage [*]Choose Local Users and Groups in Computer Management, open Users folder [*]Rightclick on Administrator, choose rename, use any other name besides Admin or Administrator in any form [*]Rightclick on the new username, and choose Set Password, you can now change their password to anything you want [*]Rename back to Administrator, done [/list:o] This isn't removing a password, or spending hours with a cracking application or sitting there cracking it by staring at data all day, but I hope this helps people achieve the same thing you're looking for here, it's worked every time i've used it, don't know if it'll work under a standard User Account (as set under Users in Control Panel.)It should be mentioned that this will NOT work under Windows XP Home. Quote
goldfish Posted December 10, 2006 Posted December 10, 2006 A route which might be interesting to take is injecting code into winlogon. Winlogon runs as SYSTEM, so you could use it to spawn a new process to do some dirty work for you. You would need to find a way to write to the memory which winlogon resides to (tricky...) and alter the instructions to jmp to a place in memory you have loaded in code, and then jmp back to the end of winlogon, after you have replaced the original instructions. And once you have done this - as far as winlogon is concerned - everything is fine. The beauty of this approach is that winlogon will be running all the time, no matter what the privs of the account you are using. And even if there is NOBODY logged on. . Equally, if someone has locked the machine, injecting code into winlogon to switch you back to one of the unlocked Desktops would defeat the password protection. For more permenant access you could make a screensave which does this when a certain key combo is pressed (before the system kills it to wake up the system). Unfortunately I believe that autorun does not work without a non-system user logged in - but if it did... Quote
Geko42 Posted December 17, 2006 Posted December 17, 2006 I dont know if any one has said or tried this but, if you press f8 and boot into safe mode you can log in and change the admin pass word or make an acoount with admin and del after your done. i have only done this with win xp home and pro also 98 Quote
linuxzealot Posted December 19, 2006 Posted December 19, 2006 Just a note, the latest Knoppix cd should be able to mount any ntfs partition using libntfs+fuse(beta!!!)... Just to make it a little bit easier or scriptable. Quote
sircrumpet Posted December 25, 2006 Posted December 25, 2006 hmmm, wonder if anyone here has heard more about this... On Dec. 15, a Russian programmer posted a description of a flaw that makes it possible to increase a user’s privileges on all of the company’s recent operating systems, including Vista. And over the weekend a Silicon Valley computer security firm said it had notified Microsoft that it had also found that flaw, as well as five other vulnerabilities, including one serious error in the software code underlying the company’s new Internet Explorer 7 browser. http://www.nytimes.com/2006/12/25/technolo...artner=homepage Quote
therealdonquixote Posted December 31, 2006 Posted December 31, 2006 Hi all, I have been keeping an eye on this thread for quite some time now, and I really like it. Question, lets say I have an iso of a win2k boot cd... Then we could alter the boot.ini to load the recovery console and run a batch file (or whatever) that switched out the svcehost.exe with celltoolz hacked version while backing up the real version at the same time. Then the batch file tells it to shut down the system eject the CD and reboot to winXP. According to what celltoolz says the hacked svchost.exe will create the new user and pass with admin rights and force the WinXP OS to reboot and backup the original svchost.exe file. I imagine it working like the Ophcrack live cd that just launches and runs the brute force on the dumped SAM, SYSTEM and SECURITY hashes and keys. Then gives you the user and pass for everything stored on the local PC. (yes that's an over simplification) What do you guys think? The Win2k hacked CD could easily be modded with Power ISO, its just a matter of the batch file and boot file being feasible (oh and the iso would be warez so I dunno if we could post it here...that's why I haven't posted it yet). So could this work? I'm willing to supply the final product cause I have the toolz and I want to contribute. Just give me the word (and maybe the .bat file, and possibly the hacked boot.ini file, if you have the spare time and brain) and I can have the iso set up and tested ASAP. Hope this helps. BTW - We could also integrate this into a USB drive to boot from for low visibility. Quote
ichthuz Posted January 6, 2007 Posted January 6, 2007 i cant believe i didnt see this topic before!. i see huge potential here Quote
Philzney Posted January 22, 2007 Posted January 22, 2007 is it possible to do this on a network? my school uses windows 2000 on NT technology (according to the dialog box), and once the computer loads up you have to press ALT CTRL DEL and type in your student number. apparently theres a master computer somewhere in the school that has one big ass hard drive. so is it possible do to it on any computer within the school? Quote
therealdonquixote Posted January 22, 2007 Posted January 22, 2007 is it possible to do this on a network? my school uses windows 2000 on NT technology (according to the dialog box), and once the computer loads up you have to press ALT CTRL DEL and type in your student number. apparently theres a master computer somewhere in the school that has one big ass hard drive. so is it possible do to it on any computer within the school? Since you are only placing the new user to the local admin group via the SAM, SYSTEM and SECURITY files, the networked user and pass for the schools LAN won't matter. However, you will have to do it to every computer you log onto. Unless you can somehow figure out how to get into the school's DB of user and passwords and add a special user of your own that has LAN manager admin rights. Of course we have to get the local hack to work first. And I don't just mean once or on a home computer, I mean on a PC that has been secured by IT lock down. So who wants to lose their job? Quote
pleasedeletethis Posted January 26, 2007 Posted January 26, 2007 Ok so i scrapped utilman.exe and used svchost.exe instead. Also instead of using a Windows 2000 CD to replace the file ive used Windows Live (found via not here... lol but somewhere).. I used VC++ to write the script. It can be found at http://www.megaupload.com/?d=54KLN5CX If you dont know how to compile it the Exe is in the Debug folder, its called HackXP.exe if your unsure. Warning: this is only a beta it only works if your windows folders is called windows not winnt (Ill work this out later), and it has to be C: as the main drive. Anyways.. Get access to C: partition Create C:user.txt in user.txt put Username:Password Navigate to C:windowssystem32 rename svchost.exe to svchostnew.exe MUST DO copy HackXP.exe to C:windowssystem32 rename HackXP.exe to svchost.exe Restart Computer After it starts it will create a new user and the computer will automatically restart. This is because svchost was not properly loaded and after the restart the original is backed up. Its hard to explain but it should work. so this is what i have: C:user.txt <--> NewAdmin:Hacked <--> Username = NewAdmin Password = Hacked C:windowssystem32svchostnew.exe <--> original microsoft svchost.exe C:windowssystem32svchost.exe <--> HackXP When you start your computer it creates a new user and backs up the original ms svchost.exe using svchostnew.exe so no need to worry. Then it restarts so svchost can correctly run. Post if you need any help... There should be more to come Do you have a file that works for HackXP? Quote
kickarse Posted February 3, 2007 Posted February 3, 2007 You could always write some code into the msgina.dll, what the login is, with a hidden button that run CMD. That'd spawn in SYSTEM. Quote
Arikirangi Posted February 13, 2007 Posted February 13, 2007 Is there a way to boot some sort of network device from the pxe / network boot to access the %system% . My target has bios locked, not possible to open case and no boot from cd etc. Quote
therealdonquixote Posted February 13, 2007 Posted February 13, 2007 Is there a way to boot some sort of network device from the pxe / network boot to access the %system% . My target has bios locked, not possible to open case and no boot from cd etc. If there is no other way to boot from an external device... A bios chip cannot be backdoored or cracked on an oem machine. If it is a custom build machine then there are some backdoor passwords out there, but they rarely work. So that leaves you SOL. If the case is locked then you need to unlock the case. Don't get all panicky just yet. As long as you can inconspicuously open the case and remove the cmos battery, then the lock picking is your only hurdle. Lock picking is easier than you think. You only need some home made tools and some time to practice on your target lock to get er done. If the lock is one of those crappy kingston types then see any of the videos out there on picking those, cause it take seconds and a retarded cat with no paws could pick one of those. If its a master lock or some equivalent key based lock then you will need a "rake" and a "tension rod" and buy a lock like it to take home and practice on. How To Pick A Lock, In Comic Book Form!! That's a quick and easy starter tut on lock picking. Now go out there and be somebody!!! **of course if the case is locked via a looooooong steel wire thingy strung through through several PC's, and the admin has a HUGE CONSPICUOUS LOCK at the end... then you're straight up SOL. sorry Quote
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.