Saturday, February 19, 2011

Hack Windows Admin Password (With Different Ways)

Net User: Command Prompt

Windows Command Prompt Utility, Net User, can be also be used to manipulate the
User accounts in Windows. The Commands are as follows:

* To check the User Accounts: Net User
* To Change the Password of User Account: Net User Username *
* To Add a New User Account: Net User Username Password /add
* To Delete a User Account: Net User Username /delete

Sticky Keys Backdoor

* Sticky Keys application can be used as the Backdoor in Windows Operating System.
* Command Prompt file ‘CMD.EXE’ can be renamed to ‘SETHC.EXE’ in C:\Windows\System32 Folder.
* After this one can hit the Shift Key 5 times on the User Login Screen and will get the Command Prompt right there. Net User can be used to modify User Accounts thereafter.

Live Boot Disk Attack

* Software: Active Password Recovery can be used to create Live Boot Disks for Windows Operating System.
* Live Boot Disk can be used to start the Windows and access the SAM File.
* Attacker can Remove the Passwords from the User Accounts or can set new
Passwords on the Accounts.

Brute Force Attack

* Bruteforce Password Guessing is just what it sounds like: Trying a Random approach by
Attempting Different Passwords and hoping that One works. Some logic can be applied
by trying passwords related to the person’s name, job title, hobbies, or other similar
items.
* Brute force randomly generates passwords and their associated hashes.
* There are Tools available to perform the Brute force attack on the Windows SAM File.
One of the most famous of them is Cain and Able.

Privilege Escalation

* Once the Administrator account is Cracked, one can easily Login with the Administrator User Account and Promote any User Account to give him the Administrator privileges.
* One more thing which an attacker can do is to boot the computer from the Live CD and
change the SAM file to promote any Limited User account to Administrator.

No comments:

Post a Comment