Tutorial How to hack administrator account on a school or job network.

Kinanizer · 01-23-2013, 02:19 AM

(01-23-2013, 02:00 AM)Ultimatum Wrote: Doesn't work. How do you hack a computer that is already locked, son?

It worked for me. Although I had to use a boottable version of BT to plant the CMD.exe

DrBlowFish · 01-23-2013, 04:19 AM

OMFG this worked at school today! I showed the exploit to an IT manager at our school, and he gave me an Administrator account to manage security utilities.
Awesome

3SidedSquare · 01-23-2013, 06:32 AM

(01-22-2013, 02:55 PM)JackDaniels Wrote: Step 3

Log out from your account and press "SHIFT" 5 times and the command prompt will appear "Cmd" insted of the stickey keys.

Since there are no account logged in your you will have the administrators right.

Now in the terminal you type in.

Nice tutorial :blackhat:
It would be nice to have a short list of circumstances where it wouldent work

User cannot put files into system32
Sticky keys is disabled by default
ect.

Also, does windows log the adding of new accounts via command prompt?

w00t · 01-23-2013, 06:55 AM

Windows logs everything, so yes.

3SidedSquare · 01-23-2013, 07:01 AM

In that case, is there any way to delete the logs with the newfound admin privilege?

w00t · 01-23-2013, 07:07 AM

Kind of. They're all read-only for all but superuser. There might be tools to do it, I don't use Windows often enough to know.

JackDaniels · 01-23-2013, 04:20 PM

(01-23-2013, 04:19 AM)DrBlowFish Wrote: OMFG this worked at school today! I showed the exploit to an IT manager at our school, and he gave me an Administrator account to manage security utilities.
Awesome

That's great! I'm glad you found it useful!

i0xIllusi0n · 01-27-2013, 06:19 PM

This really isn't an exploit, it's just file rename.

If you're using XP and already in command prompt, replacing Stcky Keys with CMD is unnecessary because XP doesn't have UAC, you can do this just from your desktop. The only time you'd need to do this is if you're on a PC with UAC and you're trying to change the password to someone elses account.

In this specific situation, the sticky keys method is worthless.

Plus,

"Now go to the system32 folder, It's usually in. C:/windows/System32"

Lmfao, really? It's not "usually" there, that is the location for x86 operating systems.
For x64, it's C:\Windows\SysWOW64
Although x64 still uses \System32\, that still may be a point in where you would find the files.
Only saying this because you have know knowledge on this if you're saying 'it's usually System32'

w00t · 01-27-2013, 09:20 PM

(01-27-2013, 06:19 PM)i0xIllusi0n Wrote: If you're using XP and already in command prompt, replacing Stcky Keys with CMD is unnecessary because XP doesn't have UAC, you can do this just from your desktop. The only time you'd need to do this is if you're on a PC with UAC and you're trying to change the password to someone elses account.

You're wrong. The whole point of users is that you can't change other's passwords. You have UAC confused with something else, otherwise you're just completely wrong.

(01-27-2013, 06:19 PM)i0xIllusi0n Wrote: Lmfao, really? It's not "usually" there, that is the location for x86 operating systems.
For x64, it's C:\Windows\SysWOW64
Although x64 still uses \System32\, that still may be a point in where you would find the files.
Only saying this because you have know knowledge on this if you're saying 'it's usually System32'

There is no 64 bit version of cmd.exe. It might be in SysWOW64, but it isn't 64 bit. For that reason, you'll always find it in System32, unless you configured your computer for maximum security.

i0xIllusi0n · 01-27-2013, 09:25 PM

(01-27-2013, 09:20 PM)w00t Wrote:
(01-27-2013, 06:19 PM)i0xIllusi0n Wrote: If you're using XP and already in command prompt, replacing Stcky Keys with CMD is unnecessary because XP doesn't have UAC, you can do this just from your desktop. The only time you'd need to do this is if you're on a PC with UAC and you're trying to change the password to someone elses account.

You're wrong. The whole point of users is that you can't change other's passwords. You have UAC confused with something else, otherwise you're just completely wrong.

(01-27-2013, 06:19 PM)i0xIllusi0n Wrote: Lmfao, really? It's not "usually" there, that is the location for x86 operating systems.
For x64, it's C:\Windows\SysWOW64
Although x64 still uses \System32\, that still may be a point in where you would find the files.
Only saying this because you have know knowledge on this if you're saying 'it's usually System32'

There is no 64 bit version of cmd.exe. It might be in SysWOW64, but it isn't 64 bit. For that reason, you'll always find it in System32, unless you configured your computer for maximum security.

You can change other peoples' passwords in CMD just by running it. I know that from personal experience. XP doesn't have UAC, are you fucking retarded?
UAC = User Account Control. That's the box that comes up asking for admin privileges. XP does not have that.

Which is why I said,
"Although x64 still uses \System32\, that still may be a point in where you would find the files."
I have little knowledge about x64 configuration, but I do know that some files are still kept in System32.