How to create an Administrative Account without being an Administrator
Page 1 of 2 12 LastLast
Results 1 to 10 of 12

Thread: How to create an Administrative Account without being an Administrator

  1. #1
    Senior Member alakhiyar's Avatar
    Join Date
    Dec 2006
    Location
    Land of Oryx
    Posts
    255

    How to create an Administrative Account without being an Administrator

    This is my first howto/tutorial, so if there are any suggestions of any kind or questions, please let me know.


    How to create an Administrative Account without being an Administrator
    Next time you're faced with an NT or 2k system that you need to logon to
    with an administrative account and nobody knows the passwords, do the
    following 12 steps to create a new account while preserving the existing
    account profiles.

    1) boot to a windows boot disk

    2) if the C drive is NTFS use ntfsdos to mount it

    3) maneuver to c:\winnt\system32\config

    4) rename the SAM. file to anything you want

    5) reboot and login as 'administrator' and a blank password


    At this point you have administrative access, but any changes you make to
    the profiles will not be saved to the proper SAM file and will be lost.
    All other changes (configurations, installations, etc) made at this point
    will be saved.


    6) open notepad

    7) type '@echo off
    net user newuser mypass /ADD
    net localgroup /ADD administrators newuser'

    save as c:\useradd.bat

    9) open a command prompt and type
    at <enter a time 10 minutes or so into the future> "c:\useradd.bat"

    10) reboot to your floppy

    11) delete the c:\winnt\system32\config\SAM. file and rename the old one
    back to SAM.

    12) reboot and wait 10-15 minutes for the batch file to execute. The batch file will execute with system privledges and create the 'newuser' account and add it to the administrators group.


    You can then logon with your newuser account with local administrative rights and can reset the original administrator account, clear the logs or do whatever it is you need to.

    Unfortunately, the only way to defend against something like this in the wild is to ensure you have proper auditing and hope whomever it is doesn't run through your security log and edit out the appropriate entries.


    There are now several new tools out there to assist you in recovering/changing passwords:

    http://www.loginrecovery.com/


    Login Recovery is a service to reveal user names and recover passwords for Windows NT, 2000, XP, 2003 and Vista. As long as you have physical access to the computer, your passwords can be recovered



    http://ebcd.pcministry.com/


    change password of any user, including administator of Windows NT/2000/XP OS. You do not need to know the old password.


    http://trinityhome.org/Home/index.ph...=1&front_id=12

    Here 's a sumup of some of the most important features, new and old:
    -easily reset windows passwords
    -4 different virusscan products integrated in a single uniform commandline with online update capability
    -full ntfs write support thanks to ntfs-3g (all other drivers included as well)
    -clone NTFS filesystems over the network
    -wide range of hardware support (kernel 2.6.19.1 and recent kudzu hwdata)
    -easy script to find all local filesystems


    http://www.ubcd4win.com/contents.htm


    (re)set the passwords of any user that has a valid local account, create a new local user with administrator rights, and set administrator rights to existing user on your NT system
    (\__/)
    (='.'=)
    (")_(")

  2. #2
    Senior Member Aardpsymon's Avatar
    Join Date
    Feb 2007
    Location
    St Annes (aaaa!)
    Posts
    434
    or padlock the PC, password the bios and disable booting from floppies. Thats as good a defence as you can mount against this. If it wouldn't leave such a great hole in the case we would remove the floppies round here.
    If the world doesn't stop annoying me I will name my kids ";DROP DATABASE;" and get revenge.

  3. #3
    Member Slot's Avatar
    Join Date
    Jul 2004
    Posts
    31
    Quote Originally Posted by Aardpsymon
    or padlock the PC, password the bios and disable booting from floppies. Thats as good a defence as you can mount against this. If it wouldn't leave such a great hole in the case we would remove the floppies round here.
    Better take out USB, CD, and network bootability too
    I wake up in the morning, wash my face, brush my teeth, and sharpen my tongue.
    Preparation is half the battle, its also a butt cream.

  4. #4
    Senior Member Info Tech Geek's Avatar
    Join Date
    Jan 2003
    Location
    Vernon, CT
    Posts
    828
    or just download the NT Password & Registry Editor Bootdisk and change the password for the admin or any other account.

  5. #5
    Just a Virtualized Geek MrLinus's Avatar
    Join Date
    Sep 2001
    Location
    Redondo Beach, CA
    Posts
    7,324
    Tutorial was written by someone from http://www.security-forums.com/viewtopic.php?t=16252

    If you write a tutorial please make it your own work rather than cut and paste.
    Goodbye, Mittens (1992-2008). My pillow will be cold without your purring beside my head
    Extra! Extra! Get your FREE copy of Insight Newsletter||MsMittens' HomePage

  6. #6
    Member Slot's Avatar
    Join Date
    Jul 2004
    Posts
    31

    Thumbs down

    Quote Originally Posted by MsMittens
    Tutorial was written by someone from http://www.security-forums.com/viewtopic.php?t=16252

    If you write a tutorial please make it your own work rather than cut and paste.
    hm... thats no bueno.
    I wake up in the morning, wash my face, brush my teeth, and sharpen my tongue.
    Preparation is half the battle, its also a butt cream.

  7. #7
    Banned
    Join Date
    Aug 2001
    Location
    Yes
    Posts
    4,429
    Tutorial was written by someone from http://www.security-forums.com/viewtopic.php?t=16252
    He's also a (previous, because banned) Antionline member ...

  8. #8
    Banned
    Join Date
    Jul 2006
    Location
    /
    Posts
    385

    Talking

    lol

    i've been waiting for the oppurtune moment to be able to use this smiley. and looks like i now got my chance.

    looks like the OP has been caught out not once, but twice.

  9. #9
    Senior Member Info Tech Geek's Avatar
    Join Date
    Jan 2003
    Location
    Vernon, CT
    Posts
    828
    Quote Originally Posted by acidtone
    lol

    i've been waiting for the oppurtune moment to be able to use this smiley. and looks like i now got my chance.

    looks like the OP has been caught out not once, but twice.
    UM? The OP wasn't previously banned, the original author of the OPs stolen material was a banned member.

  10. #10
    Banned
    Join Date
    Aug 2001
    Location
    Yes
    Posts
    4,429
    Acid didn't say anything about the OP being banned...

Similar Threads

  1. Painless User Group Experience
    By Soda_Popinsky in forum The Security Tutorials Forum
    Replies: 10
    Last Post: June 1st, 2006, 08:12 PM
  2. Has anyone seen this SSH Scanner tool?
    By MrLinus in forum Miscellaneous Security Discussions
    Replies: 15
    Last Post: October 28th, 2004, 04:29 PM
  3. Oracle help!!!!
    By hjack in forum Code Review
    Replies: 0
    Last Post: March 7th, 2004, 08:20 PM
  4. Know Your UNIX Admin - Which One Are you?
    By ac1dsp3ctrum in forum AntiOnline's General Chit Chat
    Replies: 8
    Last Post: February 20th, 2002, 08:31 PM
  5. Bofh
    By ac1dsp3ctrum in forum AntiOnline's General Chit Chat
    Replies: 2
    Last Post: February 17th, 2002, 09:52 AM

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •  

 Security News

     Patches

       Security Trends

         How-To

           Buying Guides