How to hack administrator account on a school or job network.

Hello everyone.

Time for my first tutorial on this site.
___________________________________________________________________________

Step 1

We are going to use the as I like to call it "The sticky keys exploit"
This is the only feature which can be used before logging in at logon screen.
So if we are able to replace the .dll file we are able to use it for something more fun eh?

Copy the CMD.exe file.



Rename it "sethc.exe" without the "

Step 2

Now go to the system32 folder, It's usually in. C:/windows/System32

There paste the "cmd.exe" witch you renamed to "sethc.exe"



Click Yes.

Step 3

Log out from your account and press "SHIFT" 5 times and the command prompt will appear "Cmd" insted of the stickey keys.

Since there are no account logged in your will have the administrators right.

Now in the terminal you type in.

PHP Code:

Net user 


You will see something like this.

PHP Code:

----------------------------------------------------------------------------------------------------------------
Administrator              ASPNET                                 Guest
"Some Account" <---- That's the one you want! 


Not type in

PHP Code:

net user "Some account" * 


You will get this.

PHP Code:

Type a password for the user: 


Type in the password you want.

Then you will get this.

PHP Code:

Retype the password to confirm: 


Type it in again. Now log in to this account and enjoy your administrator privileges.

I hope you enjoy this tutorial!

At least I hope they do not. Though I know that some of the IT directed schools have access to the system32 because of all there work with programming around windows .dll files so they have access to that folder.

I think schools and jobs aren't that dumb to give acces to the system32 map, otherwise good tutorial.

You can access the System32 files from outside of Windows I believe, I might be wrong though. If you can, you could easily run a Linux live-disk to modify the files I think. Either ways, it's a pretty clever idea I hadn't come up with. Nice post.

You can access the entire filesystem, including files hidden to all Windows users, from Linux. JD, here, seems to think that non-admin accounts have write access to System32, which they usually don't. Even if they need it for programming, which they wouldn't, they would only be given read rights.

On our school, IT professor locked out the computer completely, we have DeepFreeze installed for recovery, VNC and iTalc for Administration and students are left with some form of guest account with only one directory to save your files in.

(01-22-2013, 05:04 PM)pac Wrote:

[To see links please register here]

On our school, IT professor locked out the computer completely, we have DeepFreeze installed for recovery, VNC and iTalc for Administration and students are left with some form of guest account with only one directory to save your files in.

If that is the case, This will not work (duuh) but boot up with linux might work, I'm not sure if you could access the user files though.

Booting up OS from CD or USB is not working as BIOS is locked with a password. Taking out and putting back in CMOS battery is technically possible but everywhere where's a computer, there's a camera to monitor them. We have to .net frameworks installed so most of "cracking" programs wont work. Any native applications(C, C++) triggers iTalcs "defense" mode which locks out a computer and person who has a password is able to unlock it. iTalc gives full report what happened. Regedit and similar things are blocked too.

(01-22-2013, 06:26 PM)pac Wrote:

[To see links please register here]

Booting up OS from CD or USB is not working as BIOS is locked with a password. Taking out and putting back in CMOS battery is technically possible but everywhere where's a computer, there's a camera to monitor them. We have to .net frameworks installed so most of "cracking" programs wont work. Any native applications(C, C++) triggers iTalcs "defense" mode which locks out a computer and person who has a password is able to unlock it. iTalc gives full report what happened. Regedit and similar things are blocked too.

Damn where do you study? High Security Prison?

Lol, no I don't study in High Security Prison. :tongue: Just mine IT professor is convinced that as much you secure the system the less it's vulnerable. Which isn't quite true if you don't update software. Java, firefox, adobe reader and flash player are all outdated.