Exploiting Administrator account
Exploiting Administrator account
I have desided to put this tutorial back up. If you have a problem with it, don't read it! I know that I have tried this many times on my sch00l's computers, and my dad's buisness computers, which are running a VPN, and it has work everytime. So, if you still have a problem, screw you!
Everyone knows about executing a batch file on a restricted computer will let you execute Command Prompt commands. And everyone knows the joke of "NET SEND bla bla". Im going to show you how to take batch files to the next level!
The NET command is a very powerful command, if you know how to use it. Right now lets look at NET USER. NET USER lets you delete, add, and edit Windows XP accounts, without even a password. In order to add an account, you need to use "NET USER username password /ADD" without quotes ("). When you create that account, you can log into that account. If the computer you are running on, is running on a domain change it on the login window to \\XXXXXX(this computer). The X's may vary. Once that is done you can login.
Why we select the "\\XXXXXX(this computer)" is because the account is created on the computer, not the server. Here is a bit of an explenation what most school networks (and most other networks) do for account restrictions. They have you connect to a domain that has the account you usally log into in archive. In that archive tells your client computer what permitions to give the computer, what programs that are started, and so on. Most of the time the program they activate is deepfreeze. If you know deepfreeze, then you may think this account creator tutorial will not work. Well, oddly it does, I dont know why though. Lets continue.
It may seem like it took off all the restrictions, but if the IT guy setting up those computers are smart, they would have a backup plan. Most of the time the command prompt and the Task manager is disabled. To change that, you need to access "gpedit.msc" without quotes. You can try running it, but you'll fail, because it is only accessable by administrator debugger accounts (I think thats what it is called).
So now it is time to get the administrator account password… or do you? If you have been reading the NET USER command can "delete, add, and edit Windows XP accounts". To edit accounts, you have to use "NET USER username password" without quotes, and username to whatever account password you want to change. In this case it is Administrator. I think you can figure this out. (If you cant, then re-read the first paragraph)
Once you have change the Administrator account password, go ahead and login (If you get an error in loging in, make sure your domain is set correctly, paragraph 2…). Your in the admin account cool. Now try to get into "gpedit.msc" without quotes. You can, great!!! Now you can disable the block for the command prompt, and Task manager under "User Configuration > Administrative Template". Look around inside of there, Im sure youll find what you looking for.
Beware the * !!!
ghost 18 years ago
@danbradster, you could always code a C++ program to excecute CMD commands, unless your school blocks you from running .EXE files.
ghost 18 years ago
You could make a DOS boot flopy and start directly from it then create an account. Im not sure this will work over the schools network but its worth a try.