What is Digg?Sponsored by HowLifeWorks
How to Make Your PC as Fast as the Day You Bought It view!
howlifeworks.com - What's the fastest way to restore a computer to its original blazing glory
133 Comments
- merreborn, on 10/12/2007, -1/+96"In all honesty the only way to prevent this is disabling all boot devices except the HDD and passwording the BIOS."
Even then you can either just clear the BIOS, or take the drive out and put it in another system.
If you've got physical access to a PC, it's already compromised. - inactive, on 10/12/2007, -5/+63A) If you have access to System32, you already have admin access
B) Corrrect me if I'm wrong, but this only works on Win2K machines as there is a patch for XP that corrects this.
Marked as LAME. - boberto, on 10/12/2007, -3/+60Cover your tracks?
Yeah, they won't notice their admin password has changed or anything. - chubbymidget, on 10/12/2007, -3/+47Followed by how to get your hosted account suspended!
- thestorey, on 10/12/2007, -0/+38ophcrack live cd
http://ophcrack.sourceforge.net/ - Bigbro69, on 10/12/2007, -1/+35Not that you can type.. 'net user' or anything to find it out.
- teh_toaster, on 10/12/2007, -4/+36Article Text:
How to Hack a Window XP Admins Password
November 2nd, 2006 by Quinn Zerfas
This is a cool little trick I’ve picked up in my travels and decided to share it with you fine and ethical individuals =). Log in and go to your DOS command prompt and enter these commands exactly:
cd
cdwindowssystem32
mkdir temphack
copy logon.scr temphacklogon.scr
copy cmd.exe temphackcmd.exe
del logon.scr
rename cmd.exe logon.scr
exit
So what you just told windows to backup is the command program and the screen saver file. Then you edited the settings so when windows loads the screen saver, you will get an unprotected dos prompt without logging in. When this appears enter this command that’s in parenthesis (net user password). So if the admin user name is Doug and you want the password 1234 then you would enter “net user Doug 1234″ and now you’ve changed the admin password to 1234. Log in, do what you want to do, copy the contents of temphack back into system32 to cover your tracks. - n00tz, on 10/12/2007, -1/+31"Thats why you enable "Lock Case" in the BIOS and you can't take the drive out. Also how will you clear the BIOS if 1. you don't have admin access to install programs and 2. you can't get inside the case to pull the jumper. True you could still manually get in the case but the time it takes is a bit and the fact that you need the correct HEX driver to loosen those screws so....."
You must be one of those 'A+ Certified' computer users that have never spent a day inside the computer, if you're even certified. Most new computers (Dell especially) don't take anything more than pushing a button to get inside the case. Once inside the case it doesn't take anything more than popping the BIOS battery out of the motherboard and unplugging the power cord (and sometimes hit the power button to discharge any of the capacitors on the motherboard) to reset the BIOS.
If that was even an issue, I then insert my Linux bootable CD, or USB Flash drive and boot to a linux kernel: mount NTFS. manipulate SAM. reboot. DING! FRIES ARE DONE.
BTW, no digg. old news. - lustre, on 10/12/2007, -1/+30All bets are off if someone has physical access to the machine. Any machine. Any OS.
- inactive, on 10/12/2007, -1/+28just do a google, literally nine hundred thousand identical tutorials exist
- SpookyET, on 10/12/2007, -2/+27How come these "knowledgeable" idiots do not know 5 years later that "Command Prompt" is not DOS? XP is not built on top of DOS. It's not 9x.
Is DOS still there? Yes, for compatibility reasons. Type "command.com" in Run to get to DOS. CMD.exe is not DOS. - SmokeN-DC, on 10/12/2007, -3/+25the main problem with this is most no admin users do not have access to the system32 directory
I need to check this any one know if this is correct? - 2012, on 10/12/2007, -5/+25"This Account Has Exceeded Its CPU Quota" whatever was there, isn't anymore.
- boneill428, on 10/12/2007, -0/+18i miss the days of windows 95 where kids thought they were "hacking" when they hit the cancel button at the login screen
- Crazyiodudo, on 10/12/2007, -3/+18Wow, how many more duggmirror comments can you guys put?
We get it. - vinbob, on 10/12/2007, -2/+16If you're physically at the PC just boot from a UBCD and change the admin password...
http://www.ultimatebootcd.com - downlo, on 10/12/2007, -5/+19Not really since a Linux LiveCD will be able to mount the NTFS drive and monkey with the SAM files. In all honesty the only way to prevent this is disabling all boot devices except the HDD and passwording the BIOS.
- foxhoundadmin, on 10/12/2007, -6/+18i like the one where they blow up the truck.
- TigonLiger, on 10/12/2007, -0/+11Marked as inaccurate. Unless you already have admin rights, you'll get "access denied" when you try to create a dir inside system32. If you can create a dir in system32 then you can probably already do whatever you want on the system anyway. Pointless and inaccurate.
- mhaluza, on 10/12/2007, -2/+10 find yourself a copy of ERD commander on a P2P network. Its a bootable live CD that can change Windows admin and user passwords as well as many other techie features (disk wipe, data backup, network access...etc.)
this article is too dirty of a hack compared to the dozens of software applications like the one mentioned that can do that and much more - subgeniusd, on 10/12/2007, -6/+14I also changed the admin name to something long and strange so you still can't log on.
- klawz, on 10/12/2007, -1/+8actually it was accurate, back in 1997-1998
- fr0z3nph03n1x, on 10/12/2007, -1/+8If you have AT ability already, the admin did something wrong....
- inactive, on 10/12/2007, -0/+7a single most useful link in this post.
Tried ophcrack. Works as a charm. It will tell you all passwords on the system unless they are really complex... IT is also a very useful tool to test your system password. If ophcrack gets it - change it, 'cos its no good :-)
The point is to find out the password not to change it.
If you wish to change the password then just use ERD 2005 or up. - Ahnteis, on 10/12/2007, -0/+6If you change the password, they'll know you were in anyway.
- Ahnteis, on 10/12/2007, -0/+6That's why you restrict physical access to your server. If you can get to it to boot it to linux, you can just put a hardware keylogger on the back and steal the admin key, or any number of other obvious "hacks".
Physical security is as important and software security. - dfndoe, on 10/12/2007, -0/+6Unless your machine is part of a domain... If you use the UBCD to get admin you need to wipe the domain key which will break the domain relationship and then the real admin will know you monkied with it.... YMMV..
- ivanmarsh, on 10/12/2007, -1/+6Lame! A hack that requires you to be logged into the machine to set up the hack isn't a hack. If you're already logged into the machine what do you need the hack for?
- ernkush, on 10/12/2007, -0/+5@merreborn
You are right, but under most circumstances you could also lock your case and encrypt your hdd when you turn the computer off. It would take far too long for a potential cracker to break the system for him not be noticed. - jamend, on 10/12/2007, -0/+5I especially like Hak5's http://sys9five.ath.cx:8080/hak5rtables/, which gives you online access to all-character rainbow tables (not 100% complete but close), so you just paste in a hash and it gives you the password. You can use pwdump6 (http://www.foofus.net/fizzgig/pwdump/, pwdump.exe in PwDumpRelease) to get the contents of the SAM hash file from within Windows and without a reboot.
Also, to help protect yourself from this attack, you can disable LanManager password hashes (which are on by default in XP) by going to HKEY_LOCAL_MACHINE/SYSTEM/CurrentControlSet/Control/Lsa in the registry, creating a new DWORD value called "NoLMHash", and giving it a value of 1.
PS: The advantage of finding the password instead of replacing it as per the article (whos instructions don't work on am up-to-date 2K/XP system anyways) is that you will be able to access EFS-encrypted files, and the administrator won't notice that you got access in the first place because the password isn't changed. - klawz, on 10/12/2007, -2/+6yes! someone with a brain.
For those who care to know, but were afraid to ask: (no not THAT Leo!)
http://ask-leo.com/whats_the_difference_between_commandcom_and_cmdexe.html - stevetures, on 10/12/2007, -0/+4The way to foil the Linux LiveCD / LiveFloppy is to use EFS (encryption) on the local admin account. They can change the password hash but they won't be able use the new hash to decrypt any of the profile contents, and the login will fail.
You could probably beat this if you use a password cracker, and not a hash replacer. Beating the password cracker involves disabling lanman hashes (using only NTLMv2) and using a strong password. - Drull, on 10/12/2007, -1/+5Uh, you were using WINDOWS XP back in 97?
Not a man, but a god! - vinbob, on 10/12/2007, -1/+5BTW this can also reactivate locked admin accounts too.
- ahill7, on 10/12/2007, -2/+6People should stop digging a story that doesn't even exist. Plus like its been said, not really a new idea.
- bryhhh, on 10/12/2007, -0/+4@dfndoe
Not true, you can reset the admin password without breaking the domain membership. In fact, I've never heard of this happening and this is a very common practice (for legitimate reasons) where I work. - laxmaniac3773, on 10/12/2007, -1/+5if your logged in as an admin but you wanna have some fun with the other people logged into the computer then type
control userpasswords2
then you can reset passwords all day long if you like
heck, you can even remove whole user accounts with the click of a button. no questions asked! - prammy, on 10/12/2007, -0/+3This will only work on machines which use FAT32 as the filesystem.
On any NTFS based XP machine, you need admin privileges to copy anything to System32.
Article is inaccurate and author needs to talk to his/her IT dept as to why they format their machines with a FAT32 filesystem. - ThinkFr33ly, on 10/12/2007, -0/+3Wow, this is stupid.
First, there is no such thing as a "hack" that FIRST requires you to have admin access.
Second, any admin who cares about their machine's security as security event logging on. This means that any changes to security leave an event in the event log. And event which, even if you delete it, leaves another event. In other words, it will tell them exactly who did this.
Very, very lame. - spac3m0nk3y, on 10/12/2007, -3/+6Just use that Linux utility thingy: http://home.eunet.no/pnordahl/ntpasswd/bootdisk.html
- SpookyET, on 10/12/2007, -2/+5Use shift + arrow keys to navigate using the keyboard in Opera and press enter.
- nytsua, on 10/12/2007, -0/+3marked as lame... hacking the admin password when you already have to have admin privileges to do the hack... not hacking.
- dave8555, on 10/12/2007, -0/+2lame and assumes that the admin of the computer has put no security in place.
- zodiacal, on 10/12/2007, -1/+3and it will prevent anyone from ever reading encrypted files
- inactive, on 10/12/2007, -2/+4ntpasswd is smaller and faster
- dioscaido, on 10/12/2007, -4/+6Of course, you need to already have Administrator privileges to schedule the job... so what's the point?
- MLyzz, on 10/12/2007, -0/+2Sorry kiddies, might work for a typical home machine, not for a college (protected reasonably well) or net login machine. Good luck. Want to crack ANY admin password? Use linux.
- iAlex, on 10/12/2007, -3/+5Bluehost + Digg = not good. Bluehost seem to be a bad host.
- radu5er, on 10/12/2007, -0/+2@ ImTheDarkcyde
"just do a google, literally nine hundred thousand identical tutorials exist"
Absolutely!
Only people who are not adept at "The Google" ;) don't know how easily bios and windows passwords can be cracked. If an individual has physical access to the machine, you are basically had. THE major part of system security is to limit access to the hardware and any system admin worth his salt knows this. -
Show 51 - 100 of 138 discussions
© Digg Inc. 2009
— Content created and posted by Digg users is