Help with Hacking

I followed the golden rule about this first. I asked Google and I found nothing. I know little to nothing about hacking, so I need some help. I have an IP address which I can use remote desktop connection to access. I used to be able to access the administrator account but the password got changed. I need to know is there so way I can get the administrator password for a computer running windows 2000 server, and it has no firewall. Thanks in advance.

sorry, I don't like cheaters. nah, only kidding! lol. But seriously, I don't.

Have you tried the usual things like SAM and what not?

Sorry, but I don't really know what SAM is, and this is not a challenge. This is real life but, if I do anything malicious on the server, the people that run it will know about it, so I just want to look around.

ok, but curiosity killed the cat ;)

I've actually never used windows 2000, but if it's anything like xp, there should be a sam file in the windows/system32 folder somewhere that contains the encrypted password. You can't access it while you are in windows usually, so try a linux live cd, or check the /repair folder.

The only access I have to this system is a user account which I can access regedit (if that helps) What would the file be named if it was in the system32 folder because there are lots of files there.

just wth ViralCoder, stop using the same trick over and over again.

What the topicstarter wants is to access the PC remotely. Either guess/bruteforce the password for remote desktop OR exploit a active service. Do a portscan and check milw0rm. People will think you are a lamer if you do it this way, but hey, maybe you'll learn something from it.

EDIT: didn't see previous post at the time of posting this.

wait, I'm confused, did I do something wrong? nvm I'm pretty sure the dude wants the admin pass for the pc though :/

wait, you have access to a normal account on the pc? at what level/layer is the password?

meh. linkage time(read and reap): http://home.eunet.no/~pnordahl/ntpasswd/ http://www.irongeek.com/i.php?page=security/localsamcrack2 http://www.irongeek.com/i.php?page=security/localsamcrack

None of those links help….I need a program that I can enter the IP address, and it searches the computer of all passwords. I think Lophtcrack does that and I will try to get a copy of it. Please remember I do not have physical access to the computer, I can only use remote desktop connection to connect to it and log in under a guest account. The administrator is pretty stupid, so I am willing to try anything at all to get that password. Thanks for all the help you guys are giving me.

I know there is someone out there who is laughing at how easy this would be for them to do, but that is you and not me. I really need some help with this, so for all of you laughing at how easy this is and how stupid I am, think about this. If you can tell me how to do this I have just learned something, and the more I learn, the less I ask about. I asked someone how to do this and he told me about this site which I had never heard of. Of course he knew how to do it, but he wanted me to find it myself, and I haven't found anything that can help me yet.

LOL.

Go, run! Before you get flamed!

(You will get flamed)

gamecheater wrote: I know there is someone out there who is laughing at how easy this would be for them to do, but that is you and not me. I really need some help with this, so for all of you laughing at how easy this is and how stupid I am, think about this. If you can tell me how to do this I have just learned something, and the more I learn, the less I ask about. I asked someone how to do this and he told me about this site which I had never heard of. Of course he knew how to do it, but he wanted me to find it myself, and I haven't found anything that can help me yet.

well, i can sort of understand how you feel (even though I don't remember asking questions like yours..ever). I guess the world of 'hacking' can be a daunting place for some people. But hacking a windows nt admin pass would not necessarily make you a hacker. A thief, a vandal, a cracker maybe.

but yeah, can someone please just help this dude so we can close this thread and all go out and have a party somewhere? :P

Nope I am fine, I dont mind being flamed so I am ready for it go ahead and flame the newb hacker.

gamecheater wrote: I need a program that I can enter the IP address, and it searches the computer of all passwords.

Yeah, who doesn't? :D

Do you actually think there's such a thing as an application which can do this on any computer just like that?

EDIT: Not meant as flaming, more like trying to explain that it's not that easy :p

thats what i was just about to say uber0n. but if its a server, try and go round and probe the sites for exploits, if you dont know how to do that then get learning ;) also try out some common windows exploits like netbios, you can find some info on them in the articles section.

If you have access to regedit, you may have access to CMD right? if not you should be able to manufacture your way into CMD. you might need to edit the security policy as well. Once in CMD you should be able to access the computer as system, if the "exploit" was there in Win2k, I've never used it so i wouldn't know for sure. It also depends on the level of access, but you should be able to change the logon.scr to cmd.exe and gain access that way, but again this is XP im talking about, perhaps it will work, if screensavers show on remote desktop?

This isn't a web server. It is my school server (sorry I forgot to tell you that). I have access to regedit and CMD. I just want a program I can run through remote desktop connection, because I can't get physical access to the server. Is there any program that can tell me all the usernames and passwords on the current computer that I am running it on?

type net user to find all users on the server(on that server itself, not the network) then 'net user username password' can be used to change passes if you have enough privs.

gamecheater wrote: Nope I am fine, I dont mind being flamed so I am ready for it go ahead and flame the newb hacker.

You're not a hacker… you're not even a newb one. You're a skiddie. You don't know what a SAM is and you are unwilling to learn from spoon-fed exploit explanations. You just want a program that you can run and feel like you did something meaningful.

There are programs that would help you do that which you are aiming to do, but I won't mention any of them. Why should I? If you want access to that system so damn bad, why don't you learn how to achieve it yourself? Or, at the very least, why don't you learn how to ask better questions? Even asking for sources of information on how to defeat RDP would've been better than "hey, can I get a prog?".

Go read, learn, try and, once you've failed, bring the gained knowledge to the table so someone might actually WANT to help you.

Cool. Now I get to flame. I don't give a shit about what you think I am. I know right now I can't call myself a hacker, and I don't because I know that what I know right now about computers means nothing compared to what I can learn. I am willing to learn anything I can, and it might be that you think I don't want to learn from "spoon-fed exploit explanations", but I know I want to learn hacking, but I do not understand much anything about it. I decided to upload a keylogger to the server and watch what happens so thanks for the help, I guess I will have to learn how to get the SAM file somewhere else.

You just want a program that you can run and feel like you did something meaningful. Doesn't everyone? I mean, doesn't everyone want a program that can do all their hacking for them? Another thing. I don't really care how "meaningful" what I do is. I want to hack computers because I am curious about how they work, and what is on them.

… what zephyr is trying to say is you seem to just be requesting for someone to give you a program that can hack a site for you without putting in any effort. in the same way a chav would google for "myspace hacking program" to get someones account e.t.c.

were basically giving you working exploits to test out and it doesnt seem like youre even bothering to try them… and if you are youre not saying what actually happened. if youre going to just sit around and expect someone to do the exploiting for you, go join milw0rm irc. [/harshtruth]

gamecheater wrote: Cool. Now I get to flame. I don't give a shit about what you think I am. I know right now I can't call myself a hacker, and I don't because I know that what I know right now about computers means nothing compared to what I can learn. I am willing to learn anything I can, and it might be that you think I don't want to learn from "spoon-fed exploit explanations", but I know I want to learn hacking, but I do not understand much anything about it.

Really? You are willing to learn anything you can? Then, why did you ignore the IronGeek articles that were placed in a previous post?

I decided to upload a keylogger to the server and watch what happens so thanks for the help, I guess I will have to learn how to get the SAM file somewhere else.

cough, cough The IronGeek articles detailed the SAM file and how to obtain it. If you hadn't been too lazy to actually check out the links, you would've seen this.

Doesn't everyone? I mean, doesn't everyone want a program that can do all their hacking for them?

No. In fact, the only people that want that here are the people that have no future here, in Information Security, or even as a "newb hacker". We like to do the work ourselves… it's more than just "omgz 31337 p0wn@93" for us. It's a constant learning process, which you say you want but, from your actions, you don't really seem to want. It's your loss… I don't really care whether you attain your stupid skiddie triumph or not.

Another thing. I don't really care how "meaningful" what I do is. I want to hack computers because I am curious about how they work, and what is on them.

So, you don't care if it's not meaningful, but you're curious about how computers work and what's on them. However, you don't want to learn, so you won't understand how computers work and what's on them.

You just need to stfu, figure out wtf you're trying to do, and come back when you are done being a useless sack of skin. Otherwise, you don't belong here, this place will be no help to you, and you will gain nothing from anyone here.

BTW, don't flame someone for telling you the truth and giving you honest advice. It just shows how much of an ass you really are.

look, man, this shit has been covered so many times.

there's seriously like, a bazillion ways to get higher privileges on a windows 2000/NT machine.

if you currently have access to regedit, like you said, I don't know why you're even asking anything. you can have plenty of fun with that.

The easiest way is a hardware keylogger. It's simple, pretty cheap and almost no knowledge required.

Then again, it's pretty straight-forward, boring and it misses the unique hacking challenge I like.

I'd say go for the hardest solution possible.

as zephyr said, just suck it up and start trying, evveryone goes through the process of learning how not to be a skid, stop being so resistant and just listen to whats being said. unless you want to be a skid, then go download sub7 and pwn some people on msn

gamecheater, try reading some of the following articles. These should help you greatly to achieve your task.

http://www.hellboundhackers.org/articles/524-Gaining-Access.html

http://www.hellboundhackers.org/articles/642-Get-any-windows-XP-password.html

http://www.hellboundhackers.org/articles/474-NetBIOS-Hacking.html

These are just a few of the articles at HellboundHackers with useful information pertaining to your mission.

If, even after this, you still are waiting for a hack-all program, then I'd suggest trying out the instructions of this article on your computer.

http://www.hellboundhackers.org/articles/449-Thermite-:D.html

Yes, the smiley is included in the URL :P

if you are having trouble getting the SAM file, there is a way around it, that I'm pretty sure will work. Instead of trying to pop in a live-cd and RD over to the server. Try instead to RD over to the server, pull up a site to which you are registered and can upload to (googlepages is free) then upload the SAM file from C:\WINDOWS\repair\SAM (I'm pretty sure that's it) then whenever you get home, download the SAM file you uploaded and run Cain on it. If that doesn't work: read. I started hacking about 1 year ago (and that's not very long for a lot of people on here) and I'm still reading something new almost everyday. There is books of knowledge out there waiting to be discovered, and you just have to read. It's not hard at all.

lol all of you hellbound "hackers" know shit and are just a bunch of skiddiots, no matter what you say.

rdp is pretty nice. especially with a program called TS GRINDER. go google it and don't ask for a link or you'll be flamed once again. it's kinda hard to find but keep looking and you'll find it eventually. this will brute force the rdp, eventually giving you a login.

i don't even know why i logged on to hbh. i hate this place. i actually prefer helping out the newbs rather than helping out you "hbh gurus" seeing as they're not skiddified yet.

no wonder why the irc channel broke away from the site.

peace. sToRm_seveN

sToRm_seveN wrote: lol all of you hellbound "hackers" know shit and are just a bunch of skiddiots, no matter what you say.

wtf is wrong with you? ive seen huge amounts of people saying: all you hb hackers,all you this…all you that :S why is every1 all of a sudden the same? how can that be?

not that you could probably explain,in a detailed manner :|

i can say the same,about you,and your kind: you're all the same type of lower-educated-small-skull-content-morons. and that's putting it mildly.

if you dont like it here,please f*ck off to never come back! and keep your trap shut while you attempt to do so.:happy:

sToRm_seveN wrote: lol all of you hellbound "hackers" know shit and are just a bunch of skiddiots, no matter what you say.

rdp is pretty nice. especially with a program called TS GRINDER. go google it and don't ask for a link or you'll be flamed once again. it's kinda hard to find but keep looking and you'll find it eventually. this will brute force the rdp, eventually giving you a login.

i don't even know why i logged on to hbh. i hate this place. i actually prefer helping out the newbs rather than helping out you "hbh gurus" seeing as they're not skiddified yet.

no wonder why the irc channel broke away from the site.

peace. sToRm_seveN

Shut the fuck up.

sToRm_seveN wrote: rdp is pretty nice. especially with a program called TS GRINDER. go google it and don't ask for a link or you'll be flamed once again. it's kinda hard to find but keep looking and you'll find it eventually. this will brute force the rdp, eventually giving you a login.

Good job; you did his Google search for him:

http://www.google.com/search?hl=en&q=brute+force+RDP&btnG=Google+Search

The first listing shows the solution. Why was it that hard for him to do? Google is most useful when you know the correct question to ask.

i don't even know why i logged on to hbh. i hate this place. i actually prefer helping out the newbs rather than helping out you "hbh gurus" seeing as they're not skiddified yet.

Really? It looks like you just "skiddified" the OP… by spoon-feeding him a programmatic solution that he could've just as easily found himself (as shown above). The "skiddified" members were giving him information so that he could learn and understand what he was working with.

We don't mind helping people here… they just have to want to help themselves first. As for people like you… you are entitled to your opinions. It doesn't grant them any weight, though.

@storm seven, there are some "know it all" SKs on hbh, but dont group an entire community under one stereotype. there are also members who try and help newbies as well as better themselves. so stfu :)

@game cheater… you still reading this thread? lol

we're all entitled to our own opinions. this is mine. it's also the opinion of the entire irc channel, which knows a helluva lot more than anything the cheese can contemplate. this is also the opinion of the rest of the internet. hbh is 55% n00b, 40% skiddie, and 5% actually know what they're doing. such a shame that they've moved onto better sites.

lolz. i love the new "pen-testing" challenge. you flame DMZ for having n00b coding skills. hbh used a pre-made cms that sucks. this site gets owned on a regular basis. DMZ coded their own cms, which is better than php-fusion any day.

how about having a poll on the main page that says: "how many of you have created your own exploit before?" the results would be something like: 15% yes 75% no 10% what's an exploit?

lolz. 28% of the site that doesn't know what full disclosure is…

classic.

also, i didn't just make a skiddie out of gamecheater just by telling him what to search for. you'll never make it anywhere without a little push. giving him a minuscule clue that's just leading him into three more questions and a brick wall doesn't do much good.

I don't care what you think, what you say, what you think I am and I don't care about your skills.

You, my friend, are the type of guy I don't like. Sure, you are very skilled. Clever enough to be able to access IRC, whoopidoo. Furthermore, you are stating we are noobs yet you post the lame "k1ller apPz". You probably read the IRC-channel for hours, hoping you might get a program name so you can torrent it.

Just get the fuck outta here, will you?

it's also the opinion of the entire irc channel, which knows a helluva lot more than anything the cheese can contemplate.

First of all, don't EVER associate myself or anyone else here with Mr. Cheese. Ever.

this is also the opinion of the rest of the internet. hbh is 55% n00b, 40% skiddie, and 5% actually know what they're doing. such a shame that they've moved onto better sites.

You want to know what the real opinion of the rest of the internet is? You want to know what #phrack thinks of HBH and DMZ? You want to know what h0no thinks of HBH and DMZ? They think you're shit. Hell, they think you're lower then shit.

Your small group of scum are not "the rest of the internet".

"Challengesites" are stepping stones and communities, NOT hacking collectives.

By saying that people have "moved on to better sites" you have shown your ignorance and ineptitude as to how the security world works.

lolz. i love the new "pen-testing" challenge. you flame DMZ for having n00b coding skills. hbh used a pre-made cms that sucks. this site gets owned on a regular basis. DMZ coded their own cms, which is better than php-fusion any day.

Read spyware's blog about the DMZ cms, it's very lulzy, and very true.

how about having a poll on the main page that says: "how many of you have created your own exploit before?" the results would be something like: 15% yes 75% no 10% what's an exploit?

lolz. 28% of the site that doesn't know what full disclosure is…

classic.

You like making up statistics, don't you? And I'm sure you've coded BUCKETLOADS of exploits for real applications haven't you? Or were you talking about web apps? You were weren't you? Fucking tool.

Grow the fuck up.

If 15% of the people made their own exploit (app exploits), this site would be 31337.

You just said this site was the opposite of 31337. You hypocritical cunt.

no……

around 60% of the site making exploits is about 31337. 15% of a site making exploits does not overwhelm the 85% of n00bs that are here.

and would you mind telling us how many servers you've owned? how many you've rooted? how many times HBH has gotten web hacked, rooted, and DoS'd? please tell. i'm sure we'd all like to know.

also, no i don't idle on irc just to catch apps. i learn about what i'm doing and what i need to do it by myself. don't you even think about accusing me of freeloading off of irc.

So you expect 3,750 members to have coded their own exploit?

Oh, well bash.org proves that IRC is full of idiotic cunts like yourselves.

If you say you got more than Mr Cheese - prove it.

Get a community with 25,000 members, hold conventions, print t-shirts and be known in such circles.

Full Disclosure is just the lingo… I'm 99% sure the same people would knew what it is if it were to be put another way.

So yeah, grab a spade…. dig up some dead relatives - mung them and suck on their rib cage.

sToRm_seveN wrote: around 60% of the site making exploits is about 31337. 15% of a site making exploits does not overwhelm the 85% of n00bs that are here.

Registered Members: 23704

60% of that number = 14222 (.4)

So 14222 home made exploits. Just think about that number. 14222 exploits created by members, here, on HBH.

If this were true the SS would've arrested cheese… (hehe.. he..)

sToRm_seveN wrote: and would you mind telling us how many servers you've owned? how many you've rooted? how many times HBH has gotten web hacked, rooted, and DoS'd? please tell. i'm sure we'd all like to know.

Hacking is about learning, applying, and learning some more, not about comparing e-peens. So please shut the fuck up.

that's just the thing. i did the challenges on hbh (not all of them but enough) and i still haven't learned anything. for instance, i learned what sql injection was, but never how to use it. i read up about it in the articles on hbh, but all i got was "keep trying this list of injections until you get it". i never truly learned how to use sql injection until i went to enigma group.

You mean you never studied SQL before? You never managed a SQL server? Never used SQL commands in console/input box? Never tried to learn? Never approached information that scared you, things you couldn't understand frightened you?

And you blame HBH for your stupidity? You are weak and fragile.

Burn.

LMFAO.

and where'd you get that information from? for your information, i've coded a phpshell with mysql support AND a sha1/md5 hash cracker that utilizes a rainbow table from sql. mind you, the cracker is the first script i've ever coded and it beats any cracker that you can find in the code vault here. the shell is my 3rd script ever coded and it beats the majority of the shells used today (save for c99 which will never be beaten)

sToRm_seveN wrote: that's just the thing. i did the challenges on hbh (not all of them but enough) and i still haven't learned anything. for instance, i learned what sql injection was, but never how to use it. i read up about it in the articles on hbh, but all i got was "keep trying this list of injections until you get it". i never truly learned how to use sql injection until i went to enigma group.

Well, you just said it yourself. You learned what SQL injection was. Maybe you didn't learn how to apply it here, but you learned about it, whcih allowed you to go to Enigma Group and learn even more about SQL injection. If you hadn't heard it here from HBH first, you probably would've never done research on it.

HBH (well, any site for that matter) can't teach you everything. Different sites have different things that'll help you. It's a matter of stepping stones, going from one site to another, one video to another, one whitepaper to another till you finally master something.

sToRm_seveN wrote: [shit we don't care about]boo[/endshit]

We don't care. And FYI, the code-bank on HBH sucks. Even cheese knows that. You are weak, for not having the curiosity, the stroke of brilliance, the THING that DRIVES you. The spark that lightens the universe. In the end, you will be stuck with your lame-ass apps, Frankenstein scripts and worthless posts. Get skilled by opening EXE, got a tut on that for me?

EDIT

Oh, and your love for C99 confirms my rumors. You are not only stupid, weak and fragile, but also a terrible application reviewer.

spyware wrote: [quote]sToRm_seveN wrote: [shit we don't care about]boo[/endshit]

We don't care. And FYI, the code-bank on HBH sucks. Even cheese knows that. You are weak, for not having the curiosity, the stroke of brilliance, the THING that DRIVES you. The spark that lightens the universe. In the end, you will be stuck with your lame-ass apps, Frankenstein scripts and worthless posts. Get skilled by opening EXE, got a tut on that for me? [/quote]

and how do you know that i don't have the drive to learn?!?!?!?!?!?!?! HOW CAN YOU POSSIBLY KNOW THAT I DON'T HAVE THE DRIVE TO LEARNQQ

DO YOU KNOW THAT I GO TO BED EVERY NIGHT AT 4:30 AM, BECAUSE I'M UP HACKING AND LEARNING? DO YOU KNOW HOW MUCH STRESS I PUT MYSELF THROUGH FINISHING HOMEWORK WITHIN MINUTES OF WHEN IT'S DUE, BECAUSE I SPEND EVERY WAKING MINUTE ONLINE LEARNINGQQ? WHAT THE FUCK DO YOU KNOWQ?!!!!!

I know you have no sense of grammatical functions. Have a broken caps lock key, and a sleeping disorder.

i'm glad that you find me funny.

go hack flog.

[too late, touché James] I know you are using the "?" and "!" signs and your shift-key excessively. If you are not using shift, you pressed caps which is even worse.

And I don't care when you stop watching lesbian pr0n, or how much you hate school.

The Flash wrote: I know you have no sense of grammatical functions. Have a broken caps lock key, and a sleeping disorder.

also, the second sentence is in fact a fragment. would you mind telling me where the subject is?

HYPOCRITICAL CUNT (I can use capitals to express my emotion)

Well the structure is used as an implication to speech. Such as the pause/continuation.

I don't expect you to grasp it

Of course the line break is used as a continuation that I know you have/haven't got.

If you had the intellect, the subject would be evident.

wow. i use smilies to further express myself.

:ninja:

The Flash wrote: Well the structure is used as an implication to speech. Such as the pause/continuation.

I don't expect you to grasp it

a comma is usually used in that implication.

:ninja: smiley, lets see here.

What does ninja mean?

"Stealer in." Japanese warriors most associated but sadly stereotyped with spying, infiltration and assassination. They became legends in their time, supposedly capable of disappearing into thin air and turning into animals. Source: www.yorkkarate.com/Terminology/n.htm

Why don't you disappear, or at least vanish in thin air (or transform into the dog you are).