Follow us on Twitter!
Imagination is more valuable than knowledge - Albert Einstein
Wednesday, April 23, 2014
HellBoundHackers Main:
HellBoundHackers Find:
HellBoundHackers Information:
HellBoundHackers Exploit:
HellBoundHackers Programming:
HellBoundHackers Think:
HellBoundHackers Track:
HellBoundHackers Patch:
HellBoundHackers Other:
HellBoundHackers Need Help?
Members Online
Total Online: 21
Guests Online: 21
Members Online: 0

Registered Members: 82885
Newest Member: ConiBE
Latest Articles

Exploiting Administrator account

Arrow Image Create an administrator account on restricted Windows XP computer

I have desided to put this tutorial back up. If you have a problem with it, don't read it! I know that I have tried this many times on my sch00l's computers, and my dad's buisness computers, which are running a VPN, and it has work everytime. So, if you still have a problem, screw you! Everyone knows about executing a batch file on a restricted computer will let you execute Command Prompt commands. And everyone knows the joke of "NET SEND bla bla". Im going to show you how to take batch files to the next level! The NET command is a very powerful command, if you know how to use it. Right now lets look at NET USER. NET USER lets you delete, add, and edit Windows XP accounts, without even a password. In order to add an account, you need to use "NET USER username password /ADD" without quotes ("). When you create that account, you can log into that account. If the computer you are running on, is running on a domain change it on the login window to \\XXXXXX(this computer). The X's may vary. Once that is done you can login. Why we select the "\\XXXXXX(this computer)" is because the account is created on the computer, not the server. Here is a bit of an explenation what most school networks (and most other networks) do for account restrictions. They have you connect to a domain that has the account you usally log into in archive. In that archive tells your client computer what permitions to give the computer, what programs that are started, and so on. Most of the time the program they activate is deepfreeze. If you know deepfreeze, then you may think this account creator tutorial will not work. Well, oddly it does, I dont know why though. Lets continue. It may seem like it took off all the restrictions, but if the IT guy setting up those computers are smart, they would have a backup plan. Most of the time the command prompt and the Task manager is disabled. To change that, you need to access "gpedit.msc" without quotes. You can try running it, but you'll fail, because it is only accessable by administrator debugger accounts (I think thats what it is called). So now it is time to get the administrator account password... or do you? If you have been reading the NET USER command can "delete, add, and edit Windows XP accounts". To edit accounts, you have to use "NET USER username password" without quotes, and username to whatever account password you want to change. In this case it is Administrator. I think you can figure this out. (If you cant, then re-read the first paragraph) Once you have change the Administrator account password, go ahead and login (If you get an error in loging in, make sure your domain is set correctly, paragraph 2...). Your in the admin account cool. Now try to get into "gpedit.msc" without quotes. You can, great!!! Now you can disable the block for the command prompt, and Task manager under "User Configuration > Administrative Template". Look around inside of there, Im sure youll find what you looking for. Beware the * !!!


thousandtooneon November 10 2005 - 07:46:56
This does NOT work on modern networks of over 30 users anymore.. Especially schools. I haven't heard of any large school district NOT using ISA to handle their networks. This is VPN, not Windows network administration.
saxibleon November 10 2005 - 08:02:00
I agree, this article does not work. For starters, you need administrative access to use net user. You cant be a normal user, and user commands like: c:\> net user administrator 1337_password c :\>net user saxible pass /add c:\>net localgroup administrators saxible /add If you could do that, then whats the difference of having users as administrators or normal users? Sorry about the critisism
Rasteron November 10 2005 - 21:12:52
I never said it would make a network administrator, I clearly stated the account is made on the computer on the server. You can use NET USER if you use it in a batch file. And, On my school computers, they block out just about everything you can possible imagen, so thats the diffrence. And, at my school, Im not a normal user, Im a restricted user. And the only way you can enable Command Prompt, Task Manager, network managers, is to gain access to gpedit.msc . Which you can only access with an administrator account.
Rasteron November 10 2005 - 21:13:51
Not on the server... sorry
thousandtooneon November 10 2005 - 22:40:18
For goodness sake. 90% of school districts out there USE ISA. This means that you can't get at any accounts on the local computer, as all accounts on the computer go through the ISA server. It is ALL VPS. Nothing is local.
Rasteron November 10 2005 - 22:45:53
I understand what yor saying, and that is what the domain is all about right below the password on the login window. There is the servers Domain, and then if you look at the tab, there is a selection "//blabla(this computer)", Im serious. Im not some f@cking dumb ass. I have done this to 5 computers at my school...
Rasteron November 10 2005 - 23:01:00
Ok, Instead of arguing, how about you try, at a library, or school, the bug I found. Write up a log of every single thing you did, and then Send it to me. If it doesnt work, you can ban my account if you please.
thousandtooneon November 11 2005 - 02:29:14
Think about it. With Windows ISA, you really can't get to much of the computer, as most of what you touch is on a server. ISA is developed to handle way more than kids that want to be hackers. Whether or not your school/library uses ISA or not isn't the point; all I'm saying is that most school districts with over 4000 kids total use Microsoft ISA to handle VPN networking. Thus, bam, it doesn't work on any computer that is set to boot straight into the ISA VPN system. Go read up on DNS and Domains, as well as specifically Windows Domains. While your at it, look up Microsoft ISA and VPN. To prove it isn't ISA, does your school have individual user accounts that use some form of a network drive as your own personal file space?
Rasteron November 11 2005 - 08:03:27
We do not have individual accounts for each student, but we do for each classroom that has its own storage space specificly set up for that classroom. And think of this... If for some odd reason the computer cannot get on the network, how else would the IT guys get into the computer to alter something? There is a default administrator acount on every single computer, that cannot be deleted. Same as such things like the MSQLDebugger account. It is soully based to the computer that you are using.
thousandtooneon November 11 2005 - 08:39:14
Google on how to set up ISA-enabled VPN workstations.
willeHon November 11 2005 - 23:03:42
you tell him thousandtoone Smile
thousandtooneon November 11 2005 - 23:32:08
Don't try and take this to PMs either. Yes, there is a local administrator account. Doesn't help much when you don't have a way to log in with it when the computer is set up for VPN. First things first, gotta get to a point where you can log in with it.
CNS Chemiston November 12 2005 - 02:33:16
Who the fuck is the god damn idiot that let this article through? God some of you HBH Administrators are fucking thick.
Rasteron November 12 2005 - 06:15:44
I did point out where you can login with the local account you create. On the login window, there is a Domain option. You open up the tab and select \\bla(this computer) I have tryed this many times on my schools network, and it is a VPN. I guess the IT guys are a bunch of fucking morons, for letting people log into accounts on the computer.
Rasteron November 12 2005 - 06:18:42
I dont get why people just wont try step by step what I have said in this article instead of just saying you can't, try it some time.
wolfmankurdon November 12 2005 - 09:19:04
*Giggles* I wish I knew what VPN and ISA networks were.
CNS Chemiston November 12 2005 - 18:44:12
No, dont delete it, REFORMAT it. HBH should have done that before letting it through, but they suck at judging content.
Rasteron November 13 2005 - 03:20:44
I did that not HBH, I just wanted to end the arguing.
quietkilleron November 16 2005 - 04:33:55
aw cmon i was gonna use this article as a reference.. mind PMing me all the info again Wink
danbradsteron February 01 2006 - 09:36:53
Command prompt doesn't work on my school's computers, their security is too good. Pfft
mastergameron April 30 2006 - 22:17:32
@danbradster, you could always code a C++ program to excecute CMD commands, unless your school blocks you from running .EXE files.
blacksheep090on August 15 2006 - 20:45:00
You could make a DOS boot flopy and start directly from it then create an account. Im not sure this will work over the schools network but its worth a try.
Post Comment


You must have completed the challenge Basic 1 and have 100 points or more, to be able to post.