Threaded Mode | Linear Mode

ZiNgA BuRgA · 13/11/2007 05:23 AM

diego Wrote:cool thanks! but it will take 2 days?!?!?!

If you pay, 10 minutes...

diego · 13/11/2007 05:26 AM

can't I just acces the hard drives and use LC5? but the problem what I think is that the computers are connected in a network and all the student accounts (one for each student) is in that so I see when I log on I also have to choose a network, . . DLSZ (my school) or ie. lab1-18(my PC in computer class)
so I also want to know if there will be a problem because of this. ..

and offtopic.. wee are doing VB in class.

Ac_K · 13/11/2007 05:39 AM

ZiNgA BuRgA Wrote:
diego Wrote:i can access bios.   but how do I change password from there?
What?  They don't have a BIOS password?  They must be like, really dumb...

Well, if you can access and change the BIOS settings, here's the procedure:

Change the boot order - how will depend on what BIOS they use.  Change it so that you can intercept the boot order (ie prioritize booting from a floppy over booting from the harddrive)

Once you'd done that, you'll need to make the boot floppy or USB - you'll need to include the necessary tools (from memory, mainly NTFSDOS and SAMDUMP)

Boot up with your boot medium, run NTFSDOS so that you can access the harddrives from DOS, then use SAMDUMP to dump the password hashes

Restart the computer - if you want, you can restore the BIOS boot order

That's all you do with the target computer - if done correctly, no-one should know that you've done anything to it.  Go to http://loginrecovery.com/ and upload your password hash file

Wait about 2 days for it to process it - once done, it'll give you the admin password.

EDIT: http://loginrecovery.com/ also has a program to make a bootable floppy which has the necessary stuff.

Hum... With NTFSDOS copy the Sam file on your floppy...
And after use http://www.oxid.it/cain.html to decrypt it !

You have the Administrator password !

Diego School PWND

diego · 13/11/2007 05:52 AM

thanks . . I will try these soon ,

Anger · 13/11/2007 06:42 AM

you do realise they may have vnc software installed to watch what your doing right? my college tech was a good friend and he told me a few of the tricks they use, things like having vnc installed and having someone watch randomly the screens of the computers, things like having a single boot disk with a single password set which is used for all the computers etc.
he even gave me hints about getting around the security (using a blank account and changing the ip address to static, but outside of the dynamic range of the computer giving out the ip addressses), booting up and removing the inet cable to get access to local admin without tipping them off and being able then to create another account to use online so they couldnt monitor you.
its great having a tech friend, even though i shoulda had his job :/ grumble.

anyway back on topic - watch your back.

diego · 13/11/2007 06:50 AM

yeah I know they do have one . . its called NetOp I think . . they can even control your PC's . . .but yeah my classmates like not to be seen so they remove the lan cable. . . but they lose internet., . . anyways. . I have noticed however that there is only ONE person watching per lab since he/she is in the room . AND that they don't see it until I log in since I also watch their PC. .. so if my PC is booting or in BIOS or not even logged in . . they do not see.

MaDc0w · 13/11/2007 09:08 AM

I have used Ac_Ks idea using CAIN before.

Also works like a charm...

Oh and you would see quickly if they ran VNC... task manager - look for winvnc4.exe running....

amzter · 13/11/2007 10:19 AM

MaDcOw i will take that app

ZiNgA BuRgA · 13/11/2007 03:29 PM

diego Wrote:can't I just acces the hard drives and use LC5?

Firstly, to run l0pht Crack on the computer, you need administrative privileges...

You can crack the password hashes using LC4 or LC5, but I find it better just to upload to that site.

diego Wrote:but the problem what I think is that the computers are connected in a network and all the student accounts (one for each student) is in that so I see when I log on I also have to choose a network, . . DLSZ (my school) or ie. lab1-18(my PC in computer class)
so I also want to know if there will be a problem because of this. ..

Stealing a network password is MUCH more difficult. This will give you local administrative rights, not network administrative rights. Local should be all you need.

Anger Wrote:you do realise they may have vnc software installed to watch what your doing right?

Using my method, it's impossible to watch you, unless someone is physically watching what you do :P
VNC cannot even think about loading if you're intercepting the boot procedure :P

When you do gain admin, the main thing is, they may know it, but, as long as you don't do something stupid, they can't tell who's actually using it.
To make yourself feel safer, you can go into system services and task manager, killing anything suspicious.
Oh, and I used to install an auto-password dumper, so that if they did change the password, I could just get it again (actually, they did once, but thanks to my dumper, I got it again :P).

I haven't used Cain & Abel - well, successfully yet...

roberth · 13/11/2007 03:45 PM

wee did a similar thing...our admin typed like a spaco, and wee saw him type his password...so wee used his account and made someone elses account admin, so they got done, then fiddled when the fuss died down :P

Threaded Mode \| Linear Mode enabling netsend HELP
Author	Message