For the program in my post you can either put it on a cd or put it on floppy disks.
Printable View
For the program in my post you can either put it on a cd or put it on floppy disks.
you have some good answers so im gonna play. you might be able to use a local lsass exploit and telnet/netcat to the port that the shell is spawned on, "net user" a new user and assign it to the admin group with "net localgroup". im sure the owner of the pawn shop didn't take the time to patch.
create a windows 98 bootdisk (or download one from bootdisk.com) and startup with the disk, now go to c:\windows\system32\config\ and copy the sam and system file to disk (if it fits), and send me an email : lepricaun2003 at yahoo dot com with these files, then i'll see what i can do for you...
/*if it doesn't fit on disk, then copy those to c:\ to have access to them when your in windows*/
the above only works with FAT32, otherwise you'd have to download a copy of ntfspro, ntfsreader or something like that...
as you've sent me the mail, you'd pray they didn't create a very hard password, otherwise it might be nearly impossible to crack.
lets see, Hmmm....
I am not fully sure how to make an admin account if you are not admin right now....
But maby you can just wait.... if i am not mistaking it is like 30 days if the admin Acc. is not logged into the password will delete and there will be an account called Windows Administrator. I am sure that is one way but it takes time... a lot at that matter...
And a few questions...?
Is there a burning program on there?
And if so can you use it?
because if so you can find a friend with copy of your OS you are using and then you can just make a backup and just burn that and then you will have a fresh copy of XP and an Admin ACC
... and then with that backup you can install it to your PC...
That should work.
That's called pirating. He could just use the advice he's already been given.
Quote:
Originally posted here by pooh sun tzu
Wait, guys, why on earth are you trying exploits and 'cracks'? Three other proven and instant methods have been listed (you read the entire thread, right?) that do not involve hoping an exploit was not patched and the password was not too hard.
"Never use a cannon to kill a mosquito." - Confucius
pooh please dont get testy as i said "you have some good answers so im gonna play. " i read the whole thread. ...its a thought. he said he doesnt have a cd burner or another computer. id try it just for shits and giggles. actually HTreg told of a pwd resetter which i downloaded but cant remember the name of. im to lazy/tired to search for it. i have it at work but that does me no good here and the previous answers would work. how could you call it a cannon? a 12k file that can be downloaded and run from the mydocument folder as compared to iso's, multiple floppies whatever.
if it works use it - me :-)
This might help you:
http://home.eunet.no/~pnordahl/ntpasswd/
I know you are new here §©®@P here is a small bit of advice read the entire thread before posting your reply I already posted a link to that program on the first page.
Hey Tedob, as far as I am aware, you can only give the spawned shell admin rights, if it is spwaned from an admin account. As in say you connected to the port nc is on, an admin would need to be logged into that computer for you to end up with an admin account other wise he would only be able to assign it to user group or something similar, if I am wrong could you tell me why as I have been experementing with this for about 6 weeks and havent found a way round it yet!Quote:
Originally posted here by Tedob1
you might be able to use a local lsass exploit and telnet/netcat to the port that the shell is spawned on, "net user" a new user and assign it to the admin group with "net localgroup". im sure the owner of the pawn shop didn't take the time to patch.
Thanks!
Well, according to this: http://www.g4techtv.com/feature.aspx?article_key=664
You must:
# Boot with Knoppix STD and launch a shell.
# From the shell, you can view all your NTFS partitions via the LinuxNTFS built into Knoppix STD.
# Navigate to the windows\system32\config directory.
# Copy the SAM and system files to a cheap USB thumbdrive.
# Take each of these files back to another Windows machine and fire up SAMInside. SAMInside uses SAM and system files to extract the encrypted hash (the SAM file is double encrypted with SYSKEY. SAMInside gets around that).
# Launch LC4. It will brute-force and dictionary-attack the hash marks. Once the hash has been matched, the final password is displayed.
Or, you could always try erasing the hash values... not sure what it'll do though.
My very first post! Yay!