|
by Chris Zhang
////////////////////////////////////////////////////////////////////
I have read lots of articles embrace various methods of hacking into
windows networks. Except for NetBIOS attacks, the majority of the
others concern registry attacking. Not to impugn these authors, their
hacking tutorials reflected very limited understanding of registry
structure and how exactly it works. They probably know perfectly how
to use the registry, but the knowledge behind it. Okay, get rid of my
guff. Let’s start.
////////////////////////////////////////////////////////////////////
DOS ATTACK (local computers or equivalent to local computers but in a
network ONLY)
////////////////////////////////////////////////////////////////////
Say you have a situation:
NO user name and password are given
NO Bios password banner being active
A: or CD-ROM drive is present and functional
Basic principle: make your own registry file which anti-disable the
functions that were disabled in your target computer, then import it
to the system registry, restart the computer or refresh the system.
Copy the red bit and save it as *.reg
Regedit 4
[HKEY_LOCAL_MACHINE\Network\logon]
"mustbevalidated"=dword:00000000
Boot up your computer to real Dos and copy the file to a path like c:
Type: path c:\windows enter
Regedit *.reg enter
You will see something like ‘successfully’. Restart your computer see
what happens.
This file would let you enter windows without providing your user name
and password, but simply click on cancel or press Esc.
////////////////////////////////////////////////////////////////////
GUI ATTACK (Network computers)
////////////////////////////////////////////////////////////////////
Again, say you have a situation:
Granted an account with limited privilege
Internet connection available and eligible to download
A: drive inaccessible, but physically present
NOT on Windows NT or 2000 network, administrator use other programs
restrict your access rights.
Basic principle: Write your own reg file and send it to your email box
then receive it on the target computer, run the reg file without
saving it(for your own safe, might get caught if you do save).
Like dos attack, copy the red bit once again, save it as *.reg, then
double click on it to execute, also you can put more stuff in it to
enable more functions, example:
Regedit 4
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\
Explorer]
"norun"=dword:00000000
After running the file, you have to refresh your system, you can log
out and log back in, as long as you are not on a Windows NT or 2000
network, the administrator use other programs restrict your access
rights. Or, you press ctrl+alt+del, when a box pops up and ask you to
confirm shut down computer or restart, just press cancel, then wait
few seconds until another box comes up, click on end task. All the
functions which you have enabled will take affect immediately.
On Windows NT or 2000 network, the administrator use policies to
restrict your access rights.
Make sure hidden and system files are shown. Go to windows folder and
search poledit.exe, double click on it. An error message will pop out
say can’t find pol file, no worries, click ok, then cancel the next
box. Go to option and click on template, add. Go to system drive:
\windows\inf. Then you will see heaps adm file, choose windows.adm and
press ok. Then go to file, open registry. What can you see? Change it
around for your own pleasure, mate.
If you wanna know the whole network configuration just click on File
and go the option below Exit.
DO REMEMBER to refresh your system. (Don’t log out and back in, the
other way)
If you want to get access to A: drive, first enable show all drives in
policy. If doesn’t work, enable dos prompt. Use assembly language
type:
Debug
-O 70 10
-O 71 0
Or make up any numbers which are different. (Cheat POST)
Method 2: unplug the network cable when being copying policy from the
server, then you got full access to the computer, but out of the
network, no worries. Go to windows folder then inf folder, which is
default hidden. Move the *.adm files to other path, then log back in.
cause the system cant find any restriction configuration files,
apparently the restrictions are not going to take affect.
Enjoy
Chris Zhang
This e-mail address is being protected from spam bots, you need JavaScript enabled to view it
Related Items:
|
