Get Windows XP administrator rights an effective method of practice validation-vulnerability warning-the black bar safety net

ID MYHACK58:62200821541
Type myhack58
Reporter 佚名
Modified 2008-12-19T00:00:00


If you have the drive, if you have to enter the BIOS permissions, then please do not continue to see this article, go find a Windows XP disc you can, like how to engage, how to engage.

I'm here to talk about the problem is for the company office computer. Company IT departments with the ordinary staff is always a pair of contradiction. The IT Department should be the company's leadership requirements, or your own easy to manage, always trying to make you have as few permissions. Optical drive, floppy drive, don't want to use; the BIOS password is not going to tell you, of course, in most cases, this is not a problem; the disk C must be NTFS format, boot. ini you not to touch, there is no hope, the C drive has no write permissions also need to look at the IT Department colleagues mood?; sealing the USB is generally divided into two kinds: the Physical port attached to a seal, it's called a Human, the system settings card permissions is called the rule of law, relatively speaking, the former is insidious; with domain controller for unified management authority; also with the various components of the strategy card you variety of application execution permissions......

For the desire for freedom, we are absolutely not throw in the towel drops......

Some time ago I wrote an article John/bkhive/samdump, under Linux crack SAM key article, is one of my success stories, but this will not absolutely useful, because if BT's IT man. put the administrator password is set to be sufficiently complex and long, then there is no choice. Not that I change jobs to a new company after the encounter. Let John help me to hard forget it after 1 month, I decided to abandon the use of this method.

Just google it, you'll find Windows XP elevated privileges method N, but the majority is invalid, while the overwhelming article also just irresponsible copy to copy to:

  1. The most famous of deleting the SAM file, under normal circumstances, you there is no way to move this file. When you vigorously remove this file, it will be found that the system will collapse. Sweat it out now...

  2. Access with the command line Safe Mode, execute the net user admin 1 2 3 /add similar command. sorry, first of all, the ordinary user to get into Safe mode is the administrator while Microsoft don't mix so many years; secondly, ordinary users to be able to add users, and then let him become an administrator while Microsoft still don't mix. Perspiration under the second....

  3. Running various be able to detect the windows password of the rootkit tools. Is a chicken born eggs, egg chicken problem. To successfully run these tools in the premise in General that you have the administrator privileges; if you have administrator privileges, you TMD also need this? Khan third....

  4. Write a bat file, write this code:

net user admin 1 2 3 /add

net localgroup administrators admin /add

Instead of the logon. scr, magnify. exe and other system programs.

This is a bit against the General, but the implementation of it is also have difficulty. Result the windows to these files is protected, you have no way to modify, delete, or rename,even if you put the hard drive removed and put into another windows machine on the same. But the method in this paper is based on this.

I would like to declare that this is not my original, the idea of the method comes from the Internet, I just through practice proves its feasibility, let us in the work of the freedom fighters to reduce detours.

Well, to start it:

1. Ready user add script. Use WordPad to write down the following content, and the file name changed to magnify. bat

@net user admin /del

@net user admin 1 2 3 4 5 6 /add

@net localgroup administrators admin /add


The first line will put the admin user to delete, avoid if it exists affect the back two rows of the execution, if there is no it will not affect the back two rows of the execution; the second row add a named admin account, the password is set to 1 2 3 4 5 6; The Third Row is the admin account added to the administrators user group; the fourth row exit

2. The file magnify. bat converted to exe format. Please do not directly change the suffix name, as can't run. There is a tool called bat2exe,can be transformed: the bat2exe inside there are two files, bat2com. exe and com2exe. exe file. Respectively, with the following command:

bat2com magnify. bat //generate magnify. com file

com2exe //generate magnify. exe file

bat2exe tool is a 1 6-bit program. If the above connection cannot download, please google it

  1. Replace the file: will be generated above the magnify. exe file to replace the C:\WINDOWS\systen32\magnify. exe file. In fact, this is a magnifying glass program, before replacing, make sure that the first original magnify. exe backup is good, so that after use can be replaced back, otherwise later your magnifying glass program before.

This is where the most difficult part. Again to reiterate, if you have an optical drive, floppy, USB,BIOS and other resources, please you with a Windows XP disc this convenient method, don't go the long way. I was the hard drive removed and put into the Linux system under the alternative(by the use NTFS3g program so that the Linux NTFS write, used here under Linux Mount windows partition, modify the file, etc. knowledge is not the topic less, not discussed. If you need to, you can ask me). You can also use other way, but the hard disk is removably fixed, or else no choice; in addition a system to determine the Don't upgrade your Windows XP,because it does not succeed.

4.运行magnify.exe the. Start Windows XP to the login screen, press Ctrl+U, the pop-up auxiliary tool dialog box, the above two procedures is optional, the magnifying glass program and the on-screen keyboard program. Selected the magnifying glass, click on run. Then you can use the account admin password 1 2 3 4 5 6 login.

Congratulations, the system is yours. Remember the original magnifying glass replacement back

Here's my successful method, but the process is certainly not unique. Such alternative procedures is not necessarily a Magnifier program, you can also use the on-screen keyboard program. The file replacement process is even more fanciful, and completely lies in your creativity.