Hack into Windows Network by Chris Zhang
I have read lots of articles embrace various methods of hacking
into
windows networks. Except for NetBIOS attacks, the majority of the
others concern registry attacking. Not to impugn these authors,
their
hacking tutorials reflected very limited understanding of registry
structure and how exactly it works. They probably know perfectly
how
to use the registry, but the knowledge behind it. Okay, get rid
of my
guff. Lets start.
DOS ATTACK (local computers or equivalent to local computers but
in a
network ONLY)
Say you have a situation:
NO user name and password are given
NO Bios password banner being active
A: or CD-ROM drive is present and functional
Basic principle: make your own registry file which anti-disable
the
functions that were disabled in your target computer, then import
it
to the system registry, restart the computer or refresh the system.
Copy the red bit and save it as *.reg
Regedit 4
[HKEY_LOCAL_MACHINE\Network\logon]
"mustbevalidated"=dword:00000000
Boot up your computer to real Dos and copy the file to a path like
c:
Type: path c:\windows enter
Regedit *.reg enter
You will see something like successfully. Restart your
computer see
what happens.
This file would let you enter windows without providing your user
name
and password, but simply click on cancel or press Esc.
GUI ATTACK (Network computers)
Again, say you have a situation:
Granted an account with limited privilege
Internet connection available and eligible to download
A: drive inaccessible, but physically present
NOT on Windows NT or 2000 network, administrator use other programs
restrict your access rights.
Basic principle: Write your own reg file and send it to your email
box
then receive it on the target computer, run the reg file without
saving it(for your own safe, might get caught if you do save).
Like dos attack, copy the red bit once again, save it as *.reg,
then
double click on it to execute, also you can put more stuff in it
to
enable more functions, example:
Regedit 4
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\
Explorer]
"norun"=dword:00000000
After running the file, you have to refresh your system, you can
log
out and log back in, as long as you are not on a Windows NT or 2000
network, the administrator use other programs restrict your access
rights. Or, you press ctrl+alt+del, when a box pops up and ask you
to
confirm shut down computer or restart, just press cancel, then wait
few seconds until another box comes up, click on end task. All the
functions which you have enabled will take affect immediately.
On Windows NT or 2000 network, the administrator use policies to
restrict your access rights.
Make sure hidden and system files are shown. Go to windows folder
and
search poledit.exe, double click on it. An error message will pop
out
say cant find pol file, no worries, click ok, then cancel
the next
box. Go to option and click on template, add. Go to system drive:
\windows\inf. Then you will see heaps adm file, choose windows.adm
and
press ok. Then go to file, open registry. What can you see? Change
it
around for your own pleasure, mate.
If you wanna know the whole network configuration just click on
File
and go the option below Exit.
DO REMEMBER to refresh your system. (Dont log out and back
in, the
other way)
If you want to get access to A: drive, first enable show all drives
in
policy. If doesnt work, enable dos prompt. Use assembly language
type:
Debug
-O 70 10
-O 71 0
Or make up any numbers which are different. (Cheat POST)
Method 2: unplug the network cable when being copying policy from
the
server, then you got full access to the computer, but out of the
network, no worries. Go to windows folder then inf folder, which
is
default hidden. Move the *.adm files to other path, then log back
in.
cause the system cant find any restriction configuration files,
apparently the restrictions are not going to take affect.
Enjoy
|