Exploiting Administrator account
Exploiting Administrator account
I have desided to put this tutorial back up. If you have a problem with it, don't read it! I know that I have tried this many times on my sch00l's computers, and my dad's buisness computers, which are running a VPN, and it has work everytime. So, if you still have a problem, screw you!
Everyone knows about executing a batch file on a restricted computer will let you execute Command Prompt commands. And everyone knows the joke of "NET SEND bla bla". Im going to show you how to take batch files to the next level!
The NET command is a very powerful command, if you know how to use it. Right now lets look at NET USER. NET USER lets you delete, add, and edit Windows XP accounts, without even a password. In order to add an account, you need to use "NET USER username password /ADD" without quotes ("). When you create that account, you can log into that account. If the computer you are running on, is running on a domain change it on the login window to \\XXXXXX(this computer). The X's may vary. Once that is done you can login.
Why we select the "\\XXXXXX(this computer)" is because the account is created on the computer, not the server. Here is a bit of an explenation what most school networks (and most other networks) do for account restrictions. They have you connect to a domain that has the account you usally log into in archive. In that archive tells your client computer what permitions to give the computer, what programs that are started, and so on. Most of the time the program they activate is deepfreeze. If you know deepfreeze, then you may think this account creator tutorial will not work. Well, oddly it does, I dont know why though. Lets continue.
It may seem like it took off all the restrictions, but if the IT guy setting up those computers are smart, they would have a backup plan. Most of the time the command prompt and the Task manager is disabled. To change that, you need to access "gpedit.msc" without quotes. You can try running it, but you'll fail, because it is only accessable by administrator debugger accounts (I think thats what it is called).
So now it is time to get the administrator account password… or do you? If you have been reading the NET USER command can "delete, add, and edit Windows XP accounts". To edit accounts, you have to use "NET USER username password" without quotes, and username to whatever account password you want to change. In this case it is Administrator. I think you can figure this out. (If you cant, then re-read the first paragraph)
Once you have change the Administrator account password, go ahead and login (If you get an error in loging in, make sure your domain is set correctly, paragraph 2…). Your in the admin account cool. Now try to get into "gpedit.msc" without quotes. You can, great!!! Now you can disable the block for the command prompt, and Task manager under "User Configuration > Administrative Template". Look around inside of there, Im sure youll find what you looking for.
Beware the * !!!
ghost 19 years ago
This does NOT work on modern networks of over 30 users anymore.. Especially schools. I haven't heard of any large school district NOT using ISA to handle their networks. This is VPN, not Windows network administration.
ghost 19 years ago
I agree, this article does not work. For starters, you need administrative access to use net user. You cant be a normal user, and user commands like:
c:\> net user administrator 1337_password c :\>net user saxible pass /add c:\>net localgroup administrators saxible /add
If you could do that, then whats the difference of having users as administrators or normal users?
Sorry about the critisism
ghost 19 years ago
I never said it would make a network administrator, I clearly stated the account is made on the computer on the server. You can use NET USER if you use it in a batch file. And, On my school computers, they block out just about everything you can possible imagen, so thats the diffrence. And, at my school, Im not a normal user, Im a restricted user. And the only way you can enable Command Prompt, Task Manager, network managers, is to gain access to gpedit.msc . Which you can only access with an administrator account.
ghost 19 years ago
For goodness sake. 90% of school districts out there USE ISA. This means that you can't get at any accounts on the local computer, as all accounts on the computer go through the ISA server.
It is ALL VPS. Nothing is local.
ghost 19 years ago
I understand what yor saying, and that is what the domain is all about right below the password on the login window. There is the servers Domain, and then if you look at the tab, there is a selection "//blabla(this computer)", Im serious. Im not some f@cking dumb ass. I have done this to 5 computers at my school…
ghost 19 years ago
Ok, Instead of arguing, how about you try, at a library, or school, the bug I found. Write up a log of every single thing you did, and then Send it to me. If it doesnt work, you can ban my account if you please.
ghost 19 years ago
Think about it. With Windows ISA, you really can't get to much of the computer, as most of what you touch is on a server. ISA is developed to handle way more than kids that want to be hackers. Whether or not your school/library uses ISA or not isn't the point; all I'm saying is that most school districts with over 4000 kids total use Microsoft ISA to handle VPN networking. Thus, bam, it doesn't work on any computer that is set to boot straight into the ISA VPN system.
Go read up on DNS and Domains, as well as specifically Windows Domains. While your at it, look up Microsoft ISA and VPN.
To prove it isn't ISA, does your school have individual user accounts that use some form of a network drive as your own personal file space?
ghost 19 years ago
We do not have individual accounts for each student, but we do for each classroom that has its own storage space specificly set up for that classroom. And think of this… If for some odd reason the computer cannot get on the network, how else would the IT guys get into the computer to alter something? There is a default administrator acount on every single computer, that cannot be deleted. Same as such things like the MSQLDebugger account. It is soully based to the computer that you are using.
ghost 19 years ago
Don't try and take this to PMs either.
Yes, there is a local administrator account. Doesn't help much when you don't have a way to log in with it when the computer is set up for VPN. First things first, gotta get to a point where you can log in with it.
ghost 19 years ago
Who the fuck is the god damn idiot that let this article through? God some of you HBH Administrators are fucking thick.
ghost 19 years ago
I did point out where you can login with the local account you create. On the login window, there is a Domain option. You open up the tab and select \\bla(this computer) I have tryed this many times on my schools network, and it is a VPN. I guess the IT guys are a bunch of fucking morons, for letting people log into accounts on the computer.
ghost 19 years ago
I dont get why people just wont try step by step what I have said in this article instead of just saying you can't, try it some time.
ghost 19 years ago
No, dont delete it, REFORMAT it. HBH should have done that before letting it through, but they suck at judging content.
ghost 18 years ago
aw cmon i was gonna use this article as a reference.. mind PMing me all the info again ;)
ghost 18 years ago
Command prompt doesn't work on my school's computers, their security is too good. :P