Page 1 of 2 12 LastLast
Results 1 to 15 of 18

Thread: Hacking my own system?

  1. #1
    Bronze Member Coffee's Avatar
    Join Date
    Dec 2003
    Posts
    190

    Question Hacking my own system?

    I know this isn't your average security question to anyone other than maybe a hacker, or just someone as dumb as my self but... Does anyone know how to hack into Windows XP?

    The reason is i've been experimenting with system accounts and policies, and have basically now locked myself out of my own computer. The thing i need to do is remove from 'Deny Logon Locally', 'Interactive Logon'. I,ve tried using ERD Commander, restoring to previous point, and another thing i will need to hack is my Administrator password, which i have, well, forgotten.

    Any suggestions?
    Live long and prosper!

  2. #2
    Precision Processor Super Moderator egghead's Avatar
    Join Date
    May 2002
    Location
    In Your Monitor
    Posts
    3,546
    if you can get into windows XP using an account other than the guest account you can open the command promt and type

    net user administrator 1234

    this will change your administrator password to 1234

    you can also use the net user to change the password of any account in windows xp

    just type
    net user whatevertheaccountnameis "and" thenewpassword
    ------------------------------------------------------------



  3. #3
    Bronze Member Coffee's Avatar
    Join Date
    Dec 2003
    Posts
    190
    Thanks egghead, I'll give it a try. Not entirely sure how though, with interactive logon being disabled it's blocking out just about everything, i'll try ERD & see if it will let me logon. Network's a no go too, only account i can use would be read only privilages, but even then i need to enable networking after logging on. Basically it's supposedly safe as houses, not that houses r safe mind u.
    Live long and prosper!

  4. #4
    Precision Processor Super Moderator egghead's Avatar
    Join Date
    May 2002
    Location
    In Your Monitor
    Posts
    3,546
    XP passwords rendered useless

    By Brian Livingston

    Windows XP, which has been marketed by Microsoft as "the most secure version ever," has been found to have a flaw so bone-headed that it renders passwords ineffective as a means of keeping people out of your PC.

    Reader Tony DeMartino alerted me to the problem, which all administrators of Windows XP machines should immediately take to heart:


    • Anyone with a Windows 2000 CD can boot up a Windows XP box and start the Windows 2000 Recovery Console, a troubleshooting program.
    • Windows XP then allows the visitor to operate as Administrator without a password, even if the Administrator account has a strong password.
    • The visitor can also operate in any of the other user accounts that may be present on the XP machine, even if those accounts have passwords.
    • Unbelievably, the visitor can copy files from the hard disk to a floppy disk or other removable media - something even an Administrator is normally prevented from doing when using the Recovery Console.
    This problem is unrelated to a feature of XP that allows an Administrator to set up automatic logon when the Recovery Console is used. Even without the Registry entry that enables this, XP is vulnerable. (For info on that feature, see support.microsoft.com/?scid=kb;en-us;312149.)

    Windows 2000, of course, doesn't allow Recovery Console users to access a hard drive without a password, if one previously existed.

    I notified four Microsoft executives of the XP flaw weeks ago, but haven't yet received an official response. There's no Knowledge Base article about it, and there may not even be a good solution to the problem.

    When I've spoken with Microsoft security pros about similar problems in the past, they've referred me to a company policy that says, "If a bad guy has unrestricted physical access to your computer, it's not your computer anymore."

    That's all well and good - but the fact remains that Windows 2000 doesn't allow anyone with an old CD to get password-free access, and Windows XP does.

    My recommendation: If you use XP machines in open spaces, put the PCs behind a locked door or put a lock on the PCs themselves. The bad guys know about this flaw, and it's just one more thing for the good guys to protect against.

    http://www.briansbuzz.com/w/030213/



    egghead
    ------------------------------------------------------------



  5. #5
    Bronze Member Coffee's Avatar
    Join Date
    Dec 2003
    Posts
    190
    Now hoooooow bad is that.
    Nice one Microsoft! Someone did say to me before... Microsoft & security?

    Will definatly try that one tomorrow thanks egghead
    Live long and prosper!

  6. #6
    Precision Processor Super Moderator egghead's Avatar
    Join Date
    May 2002
    Location
    In Your Monitor
    Posts
    3,546
    no problem,

    keep us updated!

    one thing....
    If you have enabled encryption on your file system you most likely lost your files unless you have extracted the encryption code.
    ------------------------------------------------------------



  7. #7
    Bronze Member Coffee's Avatar
    Join Date
    Dec 2003
    Posts
    190
    Right, i've managed to get to the 2k RC as suggested above, however anything i try doesn't seem to do anything, so i guess thats a no go now. I've been trying to use someone's boot disk to reset/change the Admin's password although my Laptop doesn't seem to like any disks, so either all my floppies are now unuseable or something's wrong with the drive. Having said that they've done a bootable cd version, so i just need to find a cdr.

    So in conclusion, there's still no way of getting in.
    The last thing on my list is to simply try and backup any important files i have on c: and then go for an upgrade to 2003, although i would prefer a way to keep things as they are with XP.

    If anyone has any other suggestions, it would be greeaaatly appriciated.

    Coffee.
    Live long and prosper!

  8. #8
    Old and Cranky Super Moderator rik's Avatar
    Join Date
    Aug 2003
    Location
    Watching Your every move...
    Posts
    4,688
    I have a Linux boot floppy that you can use to change the admin password even if you don't know the current one. I am looking for the name of it now...


    [edit]
    Try this link...
    http://www.google.com/search?q=%22nt%20password%20reset%22

    This is a Google search that I did...not supposed to be posting active "dubious" links so thought I'd give you the entire search. You can weed thru them or just pick the first one which is the one you need I'm sure...
    Last edited by rik; March 26th, 2004 at 15:02 PM.

  9. #9
    Bronze Member Coffee's Avatar
    Join Date
    Dec 2003
    Posts
    190
    Thanks for the reply rik, it's actually the site i got the boot disk from.
    Although still have the problem of actually creating the disk.
    I got board and did a windows repair to see if it would remove the settings, however that's proved a but pointless as it doesn't remove those kind of settings. Gonna try booting to another HDD and either copy any important files off and go for an upgrade, or bring me to my next question, are the gp settings stored in a file or the registry and if a file which one?
    Live long and prosper!

  10. #10
    Old and Cranky Super Moderator rik's Avatar
    Join Date
    Aug 2003
    Location
    Watching Your every move...
    Posts
    4,688
    Have you looked at this article: How can I gain access to a Windows 2000/XP/NT computer if I forgot the administrator's password? How can I reset the administrator's password if I forgot it? The link is here . This is from MCSEworld by a guy named Daniel Petri, and seems to have lots of good info and links on it.

  11. #11
    Friendly Neighborhood Super Moderator phishhead's Avatar
    Join Date
    Apr 2002
    Location
    San Diego, Ca.
    Posts
    3,732
    I have a boot cd that has a linux shell for changing the admin password but cant think of the name of it right now. so when I get home will check it out. but like what egg said if you change the password not sure if you will be able to access any encrypted files



  12. #12
    Bronze Member Coffee's Avatar
    Join Date
    Dec 2003
    Posts
    190
    Well, given up trying. Could have probably changed the admin password if i could create a boot disk or even a bootable cd if i had one attached to my laptop, but even then, could i have been able to reset the local security settings? Maybe not.

    Anyways, gone for an upgrade and slight move around of systems, and now playing with Windows 2003. Oh what fun. Cheers for all your help on that one lads, was nice to see people willing to try and hack windows even if there aren't enuff already.

    Coffee.
    Live long and prosper!

  13. #13
    Old and Cranky Super Moderator rik's Avatar
    Join Date
    Aug 2003
    Location
    Watching Your every move...
    Posts
    4,688
    Sorry it didn't work out for ya. I imagine after you had reset the admin password you would have been able to tweak those security settings but I'm just not sure. I have used that hack before and it worked great even tho it isn't something to turn a novice loose with. There are way too many things you can mess up.

  14. #14
    Junior Member
    Join Date
    Apr 2006
    Posts
    3
    Quote Originally Posted by Coffee
    I know this isn't your average security question to anyone other than maybe a hacker, or just someone as dumb as my self but... Does anyone know how to hack into Windows XP?

    The reason is i've been experimenting with system accounts and policies, and have basically now locked myself out of my own computer. The thing i need to do is remove from 'Deny Logon Locally', 'Interactive Logon'. I,ve tried using ERD Commander, restoring to previous point, and another thing i will need to hack is my Administrator password, which i have, well, forgotten.

    Any suggestions?
    dear coffee you have to restart your comp and just befor your xp boot up starts push the f8 it will start up your system a different way when it is done arrow up to start windows in safe mode with comand promt when that is done you need to type start desktop when you see the start at the bottom like on your desk top click on that then go into your control panel under user account click on the name with the pass word and just remove if you have any problems with this let me know ziggy67

  15. #15
    Triple Platinum Member Curio's Avatar
    Join Date
    Nov 2004
    Location
    London
    Posts
    899
    Muuuuuhaahaaa!!

    The net user thing is funny - I did it to all the display PCs in PC world when XP first came out and I also set the minimum password length to 12 which you can't normally do with XP home because it doesn't have the proper 'local users' mmc. Net user won't change the password from any account except guest though - except on XP home which defaults all accounts to administrator access level.

    The 2000 bootdisk thing didn't work since service pack 1.
    Search google for 'Hiren's Boot CD' - you need it's toolage, too much on it to list. HaX0r5 (especially L337 ones) need Whax - nuff said.
    I'm using Windows 7 - you got a problem with that?

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •