omfg my shcool has windows 2000 professional and i wat to hack a admin acount but i can get to the command probp to take over as system and they have the filse hidden really well.

do you know how i could hack in to one or get to the pass list ssave file thing or just fuck shit up?

You mean want, and cant get to command promt?

Can you edit your mispellings cuz I'm not sure what you mean at this point

i can not get to the command prompt becuase i can not acces the run application thing.

i can not get to the command prompt becuase i can not acces the run application thing.

You can run cmd.exe from C:\Windows\System32 folder... Just search for it. If that does not work the best way to do it is open notepad and type in cmd (just cmd and nothing else) and save it with a .bat extension ("test.bat"). And then run the .bat file. It will bring up command prompt. If that doesnt work just download cmd.exe (from your computer or the internet) and put it on a flopp disk..

You can access the run thing the same way. (run.exe).

I think you can re-add the run thing by right clicking the taskbar and click properties then going to start then clicking customize, then advanced and find the checkbox to re-check.

To screw the computer up, just run regedit.exe (Run > Regedit) or the .bat file thing (regedit) and start deleting all of the stuff in the registry. What would be even funnier is if you started teh computer up and went into the BIOS settings (press the DEL button before windows boots) and setting a password to access the computer. That would be lol to the max.. Although there are ways to fix that... (Not sure if your school would know)

our bios has a pawssword. i check the system folders and couldnt find cmd, i found regedit but you cant access it i tryed...

havent tried a batch file yet tho.

right click iong the teask bar is also disallowed.

a .bat is they way to go i guess.

lol, theres another thread on how to reset or figure out the BIOS password. Find that tthread.

the bat file with CMD worked.

i cant schedual any tasks tho. i tryed like

at 14:21 /interactive "cmd.exe"

no luck acccess is denied.

so what can i do in th prompt? where are the passwords stored in windows 2000/nt?

there is a c:\winnt

folder so thats ow i know we got nt on there.

Windows Admin Hack - ISO



Windows Admin Hack allows you to reset the Administrator password on any PC running Windows 2000 or XP.
When you boot a PC with this CD, a mini version of Linux starts which allows you to reset the Administrator password to anything you want.
Very useful if you ever need to work on a PC, and no one knows the password, or if you ever forget the password to your own PC.

http://www.zomgstuff.com/Sharing/129221

Password is zomgstuff.com

i cant use a cd drive unless im in the rom with our noob network administrator.

and that ISO is password protected. could i fit it on a floppy? or a usb mass storage device?

im gunna search for the PWL's tomorrow.

Rar pass: www.2baksa.net

its an iso so you have to burn it as a iso on a cd. wont fit on a floppy doubt it, and idk about usb if it will work

k ill try

that password is wrong.
you punk'd me

Its actually possible to boot up a computer using nothing but a floppy.
And there are specially made dos programs that will give you access to the NTFS file system and also allow you to change the administration password.
I myself dont have any of those programs but I do know they are out there.

OMFG! a bootdisk. its so obvious! thank you.

try a dictionary hacker or a password breaker, the pw breaker is alot slower because it uses all teh letters until it finds a correct code.. :o they're hard to find just search google though, could have it.

that wouldnt work . i dont think.

He doesnt need to crack the password. he just needs to replace it.
also once you have gotten to the Filesystem (NTFS was supposedly "Secure") its pretty easy to do whatever you want to well. whatever...
Suggestions include some friendly:
-Trojans
-Keyloggers
-Viruses (sort of a broad generalisation but you get the ide)
-Backdoor IP routing software (lets you see what they are sending to the net)

The list goes on. Pretty much anything you want to do with a computer can be done once you have accessed the Filesystem in that way...

i can get to the file system from a boot disk right?

im might just run down to vx heavens and get a good trojan.

Getting a cmd prompt when it is blocked.
1- Open notepad or Wordpad.
2- Type command.com
3- Save it as blah.bat (You can change blah to whatever you want, just make sure it's a batch file (.bat))
4- Open it and ta-da!

To add a account.
Adding Users: Net User Username Password /ADD

you now have a new user account. Now add it to the Admininstrators group =D
NET GROUP groupname username /ADD [/DOMAIN]

You can find alot more things on how to do this by googling Net User commands and other things. Lots of fun things to do.

Heres one site to use.

Code: http://www.ss64.com/nt/net_useradmin.html

Hope i help a bit http://www.warez-bb.org/images/smiles/icon_smile.gif

1yosar

Hacking windows 2000 and XP passwords
Hacking windows 2000 and XP passwords is really easy... All ya need is the
right tools and the knowledge to use them...

Terms Used:

Hash: Encrypted passwords that windows uses

DOS: Also reffered as command prompt.. To open go to run and type command

Sam: The File That contains the passwords in encrypted form


Tools needed:

Minimum requirements

Computer-- Yeah Du

Understanding on how to use DOS

John The Ripper ( Can be found at any good hacking site )

Pwdump2 ( Same as Above. )

Maximum Requirements

Computer

L0phtcrack 3.0 or above ( Runs about $100+. Not Really good for a hacker on
a budget)

Quick Overview Of Tools

L0phtcrack: A nice GUI windows 2000-XP cracker made by l0pht. ( Costs $$)

John The Ripper: A command prompt tool used to crack passwords. (Free)

Pwdump2: A tool used to extract hashes from the protected sam file. ( Free )

Using Pwdump2

Pwdump2 is a hash retrieval program that runs in DOS. The sam file is
normally protected by windows and will not allow you to copy it or open it
under any circumstance. Pwdump2 provides a quick and easy way to obtain the
hashes. Some other ways of obtaining the hashes is to boot to a separate
operating system and recover them..

Below is a simulation of what you should do.. We are assuming the pwdump2 is
in the c: drive and the folder. It is also taken place in the DOS ( Command
Prompt ).

First We Go To The Folder

c:d pwdump2

Now We Are In The Folder

c:pwdump2

Now we are going to run the program and see the print out.

c:_pwdump2pwdump2

Administrator:500:f22487de2f1sdaw0aad3b435b51404ee :d0c3985a7dsawq190d8b04c06
1c3e:::

Guest:501:aad3b435b51404eeaad3asdwb51404ee:31d6cfs daw16ae931b73c59d7e0c089c0
:::

HelpAssistant:1000:158dbeae7e5dasf9a2515e837c97827 :9cfec91asdwdb011860fa3816
6da9eaa1:::

You:1003:8c96188dd805daf3aaddas251404ee:96ce08a2c2 dsa0296c8e673506d763d9:::

These Are Not Actual Hashes.

We see in the first part the name of the user ( Username )

Then followed by the hashes and other information. ( Ya dont need to know
anything about this. )

Now we will save the sam file to the c: direcotry as a regular text file.

c:pwdump2pwdump2 > c:Pass.txt

c:pwdump2

It will not print out anything but it will save the file as pass.txt to the
c: directory.

Using John The Ripper

John the Ripper will also be used in the command prompt.

John the Ripper is a cracker that can either use brute for or dictionary
attacks.

I will now show you how to use John The Ripper. We assume that John the
Ripper is located in c:John and that the hashes from pwdump2 are located on
the c: drive with the filename pass.txt. At the end of this section there is
a list of options you can use with John the Ripper.

We First Go From the c: to the john folder where John The Ripper is located.

c:cd john


c:john

Now we run the program in brute force mode.

c:johnjohn.exe -i:all c:pass.txt

Loaded 3 passwords with no different salts <NT LM DES [24/32 4K]>

The hashes are loaded and it is now cracking them..

If ya get bored and would like to see the progress then just hit esc key and
it will print out something like this.

guesses: 0 time: 0:00:00:30 c/s: 218534 trying: LYLB - BMWH

Hitting esc again lets you view the status of the crack.

Options

All options can be put at the end of the exe with a - proceding them.

-i: = Incremental.. This can be used with the following commands..


alpha: Letters only..

digits: Digits Only

all: All characters

Example: c:John.exe -i:digits c:pass.txt

To View All Options just hit john.exe with no options or passwords loaded
and it will list them all out.

Using L0phtcrack

This will not be a complete detailed tutorial of L0phtcrack but it will let
you understand the basics. I will be using L0phtcrack 2.52 since i dont have
the money to purchase the new one.. Got this one about a year ago and i
still think you can purchase it.

First off this program is really much like john the ripper but with some
added features and a nice gui interface.


The added features are:

SMB capture ( Captures Hashes over a network )

Registry Dump ( Dumps hashes from registry )

Ability to completly hide it from the desktop

Importing hashes from a file

Ok lets start with the previous hashes we got from pwdump2. First we go to
file then import passwords from file.. Then select the file with the
password hashes.

File>Open Passwords From File>c:>pass.txt>Open

Now you should see the hashes in the windows below. To crack press F4 or hit
tools and run crack.

Dump passwords from registry

Go to tools then dump passwords from registry.

Tools>Dump Passwords From Registry>

SMB Capture

Go to tools and select SMB capture. It will now monitor the network for
hashes being sent for remote login or other password req. services.

Tools>SMB Capture>

When it finds on it will be listed. ( It wont work with my network card so i
cant help you with anything past that )

Options

Go to tools then options at the bottom.

There are a couple of options.

Lanman and Ntlm are the hashes you want the dictionary attack to take place
against.

Brute Force lets you turn it off or on by selecting or deselecting the
enabled button.

The character set allows you to select the characters to use when brute
force.


Last Words:

Thank you for reading my tutorial written by me. I give you full permission
to distribute this tutorial to anyone you wish as long as the credits and
body of the tutorial stay unchanged and intact. Any questions you have
should be voiced on forums like blackcode.com etc.. and i will review them..
My codenames are -=Moses=- ( Blackcode and some video games) 13110 ( Code
Name for some sites ) and Clash.. Remeber that people might Remembero be me
( Have No Idea Why But Ive Seen It Happen Maybe 2 Times )

Disclaimer:

I do not promote hacking or cracking. I do not also claim responsibility for
the way any of the programs act. I also do not claim them to be my own.
L0phtcrack is owned by L0pht and is avalible for purchase fromavaliableom.
Pwdump2 and John the Ripper are avalible for download on tavaliablenet. TRY
GOOGLE.COM, BLACKCODE.COM.

I did not write this, this article comes from: http://info-x.co.uk/docview.asp?id=38