Stake666

Gaining Admin

56 posts in this topic

can some1 plz help me?

i have a realy poop Limited Account on my schools computers.

we can't even access CMD (command prompt) well, we can now because my friend and I

have created a .bat file to open CMD so if there is anyway that i can gain the network admin password

through CMD then that would be great.

well any help to gaining admin priviliges from a limited account without asking for it. :P

Thanks.

I'm offline until about 3:30pm GMT or i might use our "secret" to getting past the web blocks and say hi. :)

0

Share this post


Link to post
Share on other sites

You have access to command prompt?

Type "control userpasswords2" and mess around a bit. It MAY be only local computer, not network accounts, but Im not sure.

0

Share this post


Link to post
Share on other sites

That will grant you admin rights if you tweak the settings correctly. (Depending on how clever your actual network administrator at school)

0

Share this post


Link to post
Share on other sites
You have access to command prompt?

Type "control userpasswords2" and mess around a bit. It MAY be only local computer, not network accounts, but Im not sure.

cool will try that.

even if it is just local admin, we can use a "weapon" to crack the network password ^_^

0

Share this post


Link to post
Share on other sites
can some1 plz help me?

i have a realy poop Limited Account on my schools computers.

we can't even access CMD (command prompt) well, we can now because my friend and I

have created a .bat file to open CMD so if there is anyway that i can gain the network admin password

through CMD then that would be great.

well any help to gaining admin priviliges from a limited account without asking for it. :P

Thanks.

I'm offline until about 3:30pm GMT or i might use our "secret" to getting past the web blocks and say hi. :)

What's the network login program they use?

That can make ALL the difference.

0

Share this post


Link to post
Share on other sites

If you grab the hash (pwdump) I am sure someone here will be glad to crack it for you.

Edited by zal91
0

Share this post


Link to post
Share on other sites
If you grab the hash (pwdump) I am sure someone here will be glad to crack it for you.

Depends. The only network logon client weak against a hash dump is Novell. That's simply because apparently they store all their logins used on that computer in the local SAM file.

0

Share this post


Link to post
Share on other sites

Oh, I was thinking he wanted to crack the local hash.

0

Share this post


Link to post
Share on other sites
Oh, I was thinking he wanted to crack the local hash.

What do you plan on cracking the hashes with? I mean which program are you gonna use?

0

Share this post


Link to post
Share on other sites

What we did last year was:

net users fish fish /add

net localgroup administers fish /add

Worked like a charm

We made a batch file as well

0

Share this post


Link to post
Share on other sites
Oh, I was thinking he wanted to crack the local hash.

Did you not read what he said?

is anyway that i can gain the network admin password
0

Share this post


Link to post
Share on other sites

I don't read post, heck I don't even read the title. I just post random stuff everywhere.

:P

0

Share this post


Link to post
Share on other sites
I don't read post, heck I don't even read the title. I just post random stuff everywhere.

:P

*Flames teh bandwidth waster* :P

0

Share this post


Link to post
Share on other sites
What we did last year was:

net users fish fish /add

net localgroup administers fish /add

Worked like a charm

We made a batch file as well

Zpr or anyone, please eleaborate on this little trick, looks quite neat, like it can save alot of trouble, thanks.

0

Share this post


Link to post
Share on other sites
What we did last year was:

net users fish fish /add

net localgroup administers fish /add

Worked like a charm

We made a batch file as well

Zpr or anyone, please eleaborate on this little trick, looks quite neat, like it can save alot of trouble, thanks.

Sure thing,

net users

Displays the users on the local computer.

As in, not on the network.

The syntax of adding a user would be:

net users username password /add

We just used fish for both. That will create a logon with "username" as the username and "password" as the password. When you're selecting a domain to logon, the usual default is "ADMIN" or something. At least down here it is.

net localgroup

Will display the localgroup's on the computer. On this computer, they are

*Administrators
*Guests
*HelpServicesGroup
*Users

By default, I believe the user is added to the "Users" group.

So, the syntax of the command would be:

net localgroup group username /add

Which would add a user with the username "username" to the group "group".

So,

net localgroup administrators fish /add

Adds "fish" as an admin. So, that's what we did, we added a user [fish] and put it in the administrators group.

When you're logging in, make sure to change the DOMAIN to the local computer, and not the network.

Sorry for the probably terrible explanation, and if you need further assistance, feel free to ask.

Happy Hacking =D

Edited by zpr
0

Share this post


Link to post
Share on other sites
What we did last year was:

net users fish fish /add

net localgroup administers fish /add

Worked like a charm

We made a batch file as well

Wow, your school is really unsecure.

0

Share this post


Link to post
Share on other sites
What we did last year was:

net users fish fish /add

net localgroup administers fish /add

Worked like a charm

We made a batch file as well

Wow, your school is really unsecure.

Not anymore.

0

Share this post


Link to post
Share on other sites
What we did last year was:

net users fish fish /add

net localgroup administers fish /add

Worked like a charm

We made a batch file as well

Wow, your school is really unsecure.

Not anymore.

Did they finally fix it?

My school uses desktop authority and custom settings against things like this.

0

Share this post


Link to post
Share on other sites
What we did last year was:

net users fish fish /add

net localgroup administers fish /add

Worked like a charm

We made a batch file as well

Wow, your school is really unsecure.

Not anymore.

Did they finally fix it?

My school uses desktop authority and custom settings against things like this.

Yeah, we had to tell them how to.. We told them how we exploited it, [and yes, we found several other exploits that we believe we were the original finders.] I'm the one that actually found it but anyway..

They gave us a huge break on it. 5 days oss, thats it. Some other kid 3 years.

0

Share this post


Link to post
Share on other sites

Thanks Zpr, so just to confirm. If this is possible to pull off on this particular network and I'm able to install software onto the local machine with the DOMAIN changed to local computer instead of the network DOMAIN, will the software still be accessible to users on the nework domain?

p.s if it works and I'm able to install software, I plan to delete the account I created to cover my tracks.

0

Share this post


Link to post
Share on other sites
Oh, I was thinking he wanted to crack the local hash.

What do you plan on cracking the hashes with? I mean which program are you gonna use?

Just use a rainbow table.

0

Share this post


Link to post
Share on other sites

Once you have local admin you can use cachedump to dump domain hashes, then crack them, I got network admin that way. LM hashes are easy to crack, but MSCASH are a bitch caus I don't have tables for them.

0

Share this post


Link to post
Share on other sites

wow so many posts :)

I'll explain what we'eve tryed and what didnt work:

We tried:

l0phtcrack

Pwdump

adding users through batch files <-- Keep getting access denied

control userpasswords2 <-- asks me for admin pass

old 95 + 98 boot floppies

viruses :)

using dos to put a program in the C drive

"make me Admin" <-- asks for admin pass

Cain & Abel

none of them worked :(

we log onto the network itself mostly on Win2k or XP pro

we use censornet http proxy <--- its a parental control as well.

we cannot access the C drive, only to view it with firefox.

we cannot regedit. (not tried regkey tho)

we tried using cheat engine to muff up the mcaffee security they have but it didnt work.

our logon is kinda like the picture i've attached but in Domain ours says "Curriculum" or sumthing

if there iss anyway that we can get the password then that would be gr8

i will try and get sum screenshots of the system 2day

post-7771-1175150182_thumb.jpg

Edited by Stake666
0

Share this post


Link to post
Share on other sites

Maybe the trick is in social engineering and phishing.

Make a program that looks exactly (talking 1:1 replica here) of that log in screen. Down to the options of the server. Then have it disable the background and hide icons so it looks as if you are at the log in screen. Have the program you just crafted save whatever is typed to a text file and then report some sort of error message to the admin logging in (such as "No network connection detected", etc. Test out the log in screen in different scenarios to get a good error message to emulate) so that he stops logging in and goes back to find something to fix it. Then make the program respond to a keystroke of some kind and allow you to view all the icons, and return you to the normal desktop where you can view what he typed. This can all be done very easily using typical win32 GUI programming and before you know it you have root with almost no work what so ever. Nice thing is you don't have to install anything to do this. You could easily run it locally, or on portable media. Such as a flash drive or CD.

EDIT:

a side note is make sure all the buttons perform their function as in the real thing (shutdown shuts down, options displays a option dialog similar to the one it would display because I guarantee that's the first thing the admin will check). Not sure what to do with cancel...maybe disable it or something. Either way it has to be on there too.

This is assuming you have any programming skill what so ever and your not just a skiddie.

Edited by deadc0de
0

Share this post


Link to post
Share on other sites

Can you access BIOS?

If so, use loginrecovery or boot up to Linux STD.

Then once you get local, you can use to cachedump to get the last 10 users that logged in.

Or you can install cain and sniff the network.

0

Share this post


Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!


Register a new account

Sign in

Already have an account? Sign in here.


Sign In Now