Physical access to a system is one of the best things you can have. Even so, you can’t exactly get in with just that. You still need to have a password to get in. Many people don’t use a password, but what about those that do.
One method is cracking the SAM file and finding the admin password. This can be done with Ophcrack or one of a few other programs. If this is the route you choose to go, I recommend Ophcrack. What if you don’t have time to crack the password? What if they change it? Do you really want to crack it again? I didn’t think so.
Considering that many people and most school systems are switching over to Vista then it is actually quite useful.
This method only requires a Linux boot disc. I recommend Puppy Linux, yes I know it sucks, but the average person can’t tell the difference between it and Windows. This way, noone can see your screen and become suspicious.
Begin by booting the disc and getting to the point where you can control the X Server. Mount the filesystem that holds the Windows partition. Navigate to the system32 folder. Every decent hacker should know where to find it. In case there’s a script kiddie that doesn’t reading this, in the root of the Windows filesystem there is a folder named “Windows” (without the quotes) in that folder there lies the system32 folder.
In this folder there is a there is a file called “Magnify.exe”. This file is the executable for the magnifier located in the ease of access in the accessories folder. I would recommend getting rid of the shortcut that lies within that folder on the start menu. Not many people use the magnifier, but on the off chance that the user does, you don’t want the backdoor being revealed.
Copy this file and make sure you keep the copy. Keeping it is vital to removing traces of the backdoor. Delete the original and then make a copy of cmd.exe. Rename that copy to appear to be “Magnify.exe”. The point in this is that Windows doesn’t check the integrity of the file before executing it. There is an ease of access button on the bottom left of the Vista login screen. This is the key to the backdoor. Once replaced, the magnifier opens the command prompt.
From the login screen, it starts an admin command prompt. Free reign.
You could create your own admin account, but that’s kinda conspicuous when the login screen shows a list of the registered users. A much better, and not to mention less traceable, method is to type “explorer”(once again without the quotes) into the prompt at the login screen. This will run Windows Explorer GUI while still in the login screen, under the system user. Free reign.
Repairing the system to get rid of traces is easy. Did you keep that copy? You better hope so. Reboot the Linux kernel and navigate back to the system32 folder. Delete the current “Magnify.exe” (the command prompt version) and rename the old copy of “Magnify.exe” to be “Magnify.exe” again. Voila, through the wonder of Live Cds you have gained access to a system and removed all traces of the backdoor.
If you have any better ideas post them here or PM me.
One method is cracking the SAM file and finding the admin password. This can be done with Ophcrack or one of a few other programs. If this is the route you choose to go, I recommend Ophcrack. What if you don’t have time to crack the password? What if they change it? Do you really want to crack it again? I didn’t think so.
Considering that many people and most school systems are switching over to Vista then it is actually quite useful.
This method only requires a Linux boot disc. I recommend Puppy Linux, yes I know it sucks, but the average person can’t tell the difference between it and Windows. This way, noone can see your screen and become suspicious.
Begin by booting the disc and getting to the point where you can control the X Server. Mount the filesystem that holds the Windows partition. Navigate to the system32 folder. Every decent hacker should know where to find it. In case there’s a script kiddie that doesn’t reading this, in the root of the Windows filesystem there is a folder named “Windows” (without the quotes) in that folder there lies the system32 folder.
In this folder there is a there is a file called “Magnify.exe”. This file is the executable for the magnifier located in the ease of access in the accessories folder. I would recommend getting rid of the shortcut that lies within that folder on the start menu. Not many people use the magnifier, but on the off chance that the user does, you don’t want the backdoor being revealed.
Copy this file and make sure you keep the copy. Keeping it is vital to removing traces of the backdoor. Delete the original and then make a copy of cmd.exe. Rename that copy to appear to be “Magnify.exe”. The point in this is that Windows doesn’t check the integrity of the file before executing it. There is an ease of access button on the bottom left of the Vista login screen. This is the key to the backdoor. Once replaced, the magnifier opens the command prompt.
From the login screen, it starts an admin command prompt. Free reign.
You could create your own admin account, but that’s kinda conspicuous when the login screen shows a list of the registered users. A much better, and not to mention less traceable, method is to type “explorer”(once again without the quotes) into the prompt at the login screen. This will run Windows Explorer GUI while still in the login screen, under the system user. Free reign.
Repairing the system to get rid of traces is easy. Did you keep that copy? You better hope so. Reboot the Linux kernel and navigate back to the system32 folder. Delete the current “Magnify.exe” (the command prompt version) and rename the old copy of “Magnify.exe” to be “Magnify.exe” again. Voila, through the wonder of Live Cds you have gained access to a system and removed all traces of the backdoor.
If you have any better ideas post them here or PM me.
0 comments:
Post a Comment