-
May 10th, 2007, 09:18 AM
#1
How to create an Administrative Account without being an Administrator
This is my first howto/tutorial, so if there are any suggestions of any kind or questions, please let me know.
How to create an Administrative Account without being an Administrator
Next time you're faced with an NT or 2k system that you need to logon to
with an administrative account and nobody knows the passwords, do the
following 12 steps to create a new account while preserving the existing
account profiles.
1) boot to a windows boot disk
2) if the C drive is NTFS use ntfsdos to mount it
3) maneuver to c:\winnt\system32\config
4) rename the SAM. file to anything you want
5) reboot and login as 'administrator' and a blank password
At this point you have administrative access, but any changes you make to
the profiles will not be saved to the proper SAM file and will be lost.
All other changes (configurations, installations, etc) made at this point
will be saved.
6) open notepad
7) type '@echo off
net user newuser mypass /ADD
net localgroup /ADD administrators newuser'
save as c:\useradd.bat
9) open a command prompt and type
at <enter a time 10 minutes or so into the future> "c:\useradd.bat"
10) reboot to your floppy
11) delete the c:\winnt\system32\config\SAM. file and rename the old one
back to SAM.
12) reboot and wait 10-15 minutes for the batch file to execute. The batch file will execute with system privledges and create the 'newuser' account and add it to the administrators group.
You can then logon with your newuser account with local administrative rights and can reset the original administrator account, clear the logs or do whatever it is you need to.
Unfortunately, the only way to defend against something like this in the wild is to ensure you have proper auditing and hope whomever it is doesn't run through your security log and edit out the appropriate entries.
There are now several new tools out there to assist you in recovering/changing passwords:
http://www.loginrecovery.com/
Login Recovery is a service to reveal user names and recover passwords for Windows NT, 2000, XP, 2003 and Vista. As long as you have physical access to the computer, your passwords can be recovered
http://ebcd.pcministry.com/
change password of any user, including administator of Windows NT/2000/XP OS. You do not need to know the old password.
http://trinityhome.org/Home/index.ph...=1&front_id=12
Here 's a sumup of some of the most important features, new and old:
-easily reset windows passwords
-4 different virusscan products integrated in a single uniform commandline with online update capability
-full ntfs write support thanks to ntfs-3g (all other drivers included as well)
-clone NTFS filesystems over the network
-wide range of hardware support (kernel 2.6.19.1 and recent kudzu hwdata)
-easy script to find all local filesystems
http://www.ubcd4win.com/contents.htm
(re)set the passwords of any user that has a valid local account, create a new local user with administrator rights, and set administrator rights to existing user on your NT system
-
May 10th, 2007, 10:43 AM
#2
or padlock the PC, password the bios and disable booting from floppies. Thats as good a defence as you can mount against this. If it wouldn't leave such a great hole in the case we would remove the floppies round here.
If the world doesn't stop annoying me I will name my kids ";DROP DATABASE;" and get revenge.
-
May 10th, 2007, 03:12 PM
#3
Member
Originally Posted by Aardpsymon
or padlock the PC, password the bios and disable booting from floppies. Thats as good a defence as you can mount against this. If it wouldn't leave such a great hole in the case we would remove the floppies round here.
Better take out USB, CD, and network bootability too
I wake up in the morning, wash my face, brush my teeth, and sharpen my tongue.
Preparation is half the battle, its also a butt cream.
-
May 10th, 2007, 03:39 PM
#4
or just download the NT Password & Registry Editor Bootdisk and change the password for the admin or any other account.
-
May 10th, 2007, 03:50 PM
#5
Tutorial was written by someone from http://www.security-forums.com/viewtopic.php?t=16252
If you write a tutorial please make it your own work rather than cut and paste.
-
May 10th, 2007, 04:23 PM
#6
Member
Originally Posted by MsMittens
hm... thats no bueno.
I wake up in the morning, wash my face, brush my teeth, and sharpen my tongue.
Preparation is half the battle, its also a butt cream.
-
May 10th, 2007, 04:33 PM
#7
He's also a (previous, because banned) Antionline member ...
-
May 10th, 2007, 04:36 PM
#8
-
May 10th, 2007, 05:29 PM
#9
Originally Posted by acidtone
lol
i've been waiting for the oppurtune moment to be able to use this smiley. and looks like i now got my chance.
looks like the OP has been caught out not once, but twice.
UM? The OP wasn't previously banned, the original author of the OPs stolen material was a banned member.
-
May 10th, 2007, 05:34 PM
#10
Acid didn't say anything about the OP being banned...
Similar Threads
-
By Soda_Popinsky in forum The Security Tutorials Forum
Replies: 10
Last Post: June 1st, 2006, 08:12 PM
-
By MrLinus in forum Miscellaneous Security Discussions
Replies: 15
Last Post: October 28th, 2004, 04:29 PM
-
By hjack in forum Code Review
Replies: 0
Last Post: March 7th, 2004, 09:20 PM
-
By ac1dsp3ctrum in forum AntiOnline's General Chit Chat
Replies: 8
Last Post: February 20th, 2002, 09:31 PM
-
By ac1dsp3ctrum in forum AntiOnline's General Chit Chat
Replies: 2
Last Post: February 17th, 2002, 10:52 AM
Posting Permissions
- You may not post new threads
- You may not post replies
- You may not post attachments
- You may not edit your posts
-
Forum Rules
|
|