SlideShare uma empresa Scribd logo

Hacking Windows Xp Sp2 Security

Transferir como DOC, PDF
Sarfaraz Qadry
Sarfaraz Qadry
Tecnologia
1 de 9
1-Introduction 2-To Hackers / Security Systems Engineers 3-Close Lock to hole 4-Dose Microsoft Know and Why!? 5-Understand the Idea 6-Get Admin Like Account (The Simple Way) 7-Crack the SAM-Know the real Admin Password and Apply Hint 8 8-Creat a Hidden User Account 9-USB Boot for FAT32, NTFS or any File System 10-Mother Boards Default Passwords and how to extract it if you are in The system 1-Introduction This article introduce very simple way to get Administrator like account and do the job and after finish recover your way, after that Get Admin Password later in your home by Cracking, After get the Admin Password Create a hidden user account and do all your jobs free, and Explain how to make a USB Storage Device Bootable corresponding to any system boot, and how to bypass Mother Board password by Default Passwords, and how to extract it if you are in the system 2-To Hackers / Security Systems Engineers First All must know that both Hackers / Security Systems Engineers Are 2 faces to the same coin Any way, I try this on Windows XP SP2 I want all to try it on Windows Server 2003, Windows Vista Any Windows NT and POST a Message to make all know what versions exactly this idea can apply for 3-Close Look to hole Microsoft stores all Security Information in many files but the main file is the SAM file (Security Accounts Manager)! this file contain critical information about users account you can explore the folder $windir$system32config You will find all things and may discover some thing new, but what amazing here is that the file is available, so we can apply our idea
You will Not be able To copy them Under XP 4-Dose Microsoft Know and Why!? Yes Microsoft Know all things, and done on purpose why? I always for many years ask my self why Microsoft doesn’t do real security on their systems from the CD setup to all security aspects In the system, I found(my opinion may wrong)that they need to achieve 2 strategic things 1-They need their software spread and all depend on it and in one day when they feel that they are the One The security will done and all money will go to One Pocket 2-They Forced/Like to Make Some Organizations Hack other systems Proof: They can make this File SAM Unavailable by storing the information in FAT, FAT32, NTFS Areas (Sectors reserved by The Operating SYSTEM to Store the Addresses of the files on the HardDisk File Allocation Table) So that it is hard to extract. But they don't!!!!! 5-Understand the Idea The Idea is simple I will explain it manually and it can then be programmed it is so easy here is the idea
The SAM file is available and the SAM file contain a Security Information, so I created a Free Windows XP SP2 Logon account (Administrator Account without password) that means when windows Lunch it Will enter directly to the system without asking about any password And windows will store this Account in The SAM file on My PC So the SAM file on My PC contain an Account will Make you enter Directly to the Windows, so I will take My SAM File and Replace (by renaming, we will need the original file to recover our way) It with the other SAM File in The Other System or Machine So When you restart It will make you enter directly to the Windows With Administrator Like Account ,do what you need and then back all things to the previous state. All These Steps will be under other system bootable DOS, Knoppiex, Windows Live CD, Because Windows XP will not make u able to copy the Files 6-Get Admin Like Account (The Simple Way) 1- Download My 2 SAM files I Include them in Downloads 2- Go to the target Machine , and try to Access it and Boot from any device CD-ROM, Floppy, NIC if it haven't any of those Read Hint 9 3- After Get Access to the Boot Command prompt c:> or Boot Live OS CD, Go to the windows folder $windir$system32config And Copy the SAM File and System File (we will need it later) To other folder, Then go to $windir$repair copy SAM file And then Rename the 2 SAM Files to SAM1 in their original places 4- Copy My SAM/config File and Paste it in the windows folder $windir$system32config Copy My SAM/Repair File and Paste it in the windows folder $windir$repair (may this step not required) 5- Reboot and Make windows enter Normally 6- Yeah, No You are in The System 7- Copy the files in step 3 to Floppy Disk or Flash Stick Or Send it to your mail via Internet 8- After finish repeat step 2 and delete My SAM files and Rename Both SAM1 to SAM 9- Reboot , Congratulation you recover your way 7-Crack the SAM-Know the real Admin Password and Apply Hint 8 There is many ways I will introduce 2 ways and explain 1 After you get the SAM File and System File there are Programs That extract the Accounts and their passwords, depending on the idea of cracking the HASH (the HASH is one way encryption method) so that The program will generate random passwords and convert them to HASH and then compare it with the HASHES in the SAM File , so it may take a long time but for fast you will pay more money for ready made HASHES with their user names and passwords the 2 program are 1-L0phtcrack v4.0 (LC4 alternate name) the most famous on the NET
2-SAMInside http://www.insidepro.com/I include on the Downloads I will explain fast SAMInside This is the main window press Ctrl+O or by mouse click Import SAM and SYSTEM Window will open to import the 2 files and the program will start to crack the Accounts and get them, and then display users names and their passwords Any other tool will do the job try all and select your best I Explain here SAMInside because he give me results with 6 character only password and get it FAST 8-Creat a Hidden User Accountn Windows NT / Windows 2000 and Windows XP has a security setting to hide accounts from the Logon Screen/Control panel users accounts
Press Ctrl+Alt+Delet Give you another Access Dialog Steps: 1-After getting Admin Password enter to the system 2-create an Account with password 3-click start - > Run - > type Regedit press Enter 4-Go to HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsNT CurrentVersionWinlogonSpecialAccountsUserList
5- Create a new DWORD Value on the UserList 6-Name it with Name of Account to be Hidden 7-set the Value Data of this DWORD Value to 0 to hide it /1 to appear it 8- close Regedit and Reboot 9- Press Ctrl+Alt+Delete when logon Screen Appear another login dialog appear type You hidden user name and password and press Enter Note: 1- the account profile will be visible in Documents and Settings, But it will be hidden from Logon Screen and User Account in the control panel 2-there is other method that Inject your Account directly to the Admin SAM without know the Admin Pass, but believe me you don't Expect the result, so if you want try it (if the password hard to get) 9-USB Boot for FAT32, NTFS or any File System HP Always amazing me to do this we need 2 tools 1- HP USB Disk Storage Format Tool v 2.0.6 I include in Downloads If u want to find more go to http://www.hp.com/ 2- NTFSDOS Professional Boot Disk Wizard I include in Downloads If u want to find more go to http://www.winternals.com/
Just connect your USB Storage steps: 1- Prepare a Startup Disk or Startup CD , Or any Equivalent 2- In the HP tool select the Device->your USB Storage 3- Select File System FAT or FAT32 4- Check "create a DOS startup disk" checkbox and then select option "using DOS System Files Located at" 5- brows your location 6- Click Start 7- Now you have a Bootable USB Storage Device 8- Now in the NTFSDOS Professional Boot Disk Wizard follow the wizard and you will get a NTFS bootable USB Storage Why we need NTFS ? If the Partition of the Windows System is NTFS so with normal Startup you will not be able to access any files because the File System is not Recognized by MS-DOS when we install NTFSDOS Professional on the bootable disk it will allow you To Access any File Under NTFS Note: Make sure that the option in Mother board Setup of First Boot "USB-Hard Disk" if you want to boot from a USB 10-Mother Boards Default Passwords and how to extract it if you are in The system
This subject is huge I try to find simple or clever way but as u know many PC's many machines many bios versions and updates so I search the net for the best and I list below ,but if this doesn’t help I recommend you to find the bios version and the motherboard and search the net on Google, yahoo, yahoo groups and other you will find some thing help u HOW TO BYPASS BIOS PASSWORDS http://www.elfqrin.com/docs/biospw.html Removing a Bios - CMOS Password http://www.dewassoc.com/support/bios/bios_password.htm How to Bypass BIOS Passwords http://www.uktsupport.co.uk/reference/biosp.htm How to Bypass BIOS Passwords http://www.i-hacked.com/content/view/36/70/ Default Password List 2006-04-30 http://www.phenoelit.de/dpl/dpl.html Award BIOS backdoor passwords: ALFAROME--------BIOSTAR--------KDD--------ZAAADA-------- ALLy-------- CONCAT--------Lkwpeter--------ZBAAACA-------- aLLy-------- CONDO-------- LKWPETER--------ZJAAADC-------- aLLY--------Condo-------- PINT--------01322222-------- ALLY--------d8on--------pint--------589589-------- aPAf--------djonet--------SER--------589721-------- _award--------HLT-------- SKY_FOX--------595595-------- AWARD_SW--------J64--------SYXZ--------598598 AWARD?SW--------J256--------syxz-------- AWARD SW--------J262--------shift + syxz-------- AWARD PW--------j332--------TTPTHA-------- AWKWARD-------- j322-------- awkward AMI BIOS Backdoor Passwords: AMI--------BIOS--------PASSWORD--------HEWITT RAND-------- AMI?SW-------- AMI_SW--------LKWPETER--------CONDO Phoenix BIOS Backdoor Passwords: phoenix--------PHOENIX--------CMOS-------- BIOS Misc. Common Passwords ALFAROME--------BIOSTAR--------biostar--------biosstar-------- CMOS-------- cmos--------LKWPETER--------lkwpeter-------- setup--------SETUP--------Syxz-------- Wodj Other BIOS Passwords by Manufacturer
Manufacturer--------Password VOBIS & IBM-------- merlin Dell--------Dell Biostar-------- Biostar Compaq--------Compaq Enox--------xo11nE Epox--------central Freetech--------Posterie IWill--------iwill Jetway--------spooml Packard Bell--------bell9 QDI--------QDI Siemens--------SKY_FOX TMC--------BIGO Toshiba--------Toshiba Toshiba--------BIOS Most Toshiba laptops and some desktop systems will bypass the BIOS password if the left shift key is held down during boot IBM Aptiva BIOS Press both mouse buttons repeatedly during the boot Thanks To ALLAH

Recomendados

Forbidframing
ForbidframingForbidframing
ForbidframingMaynepharma
 
Ieframe dll forbidframing
Ieframe dll forbidframingIeframe dll forbidframing
Ieframe dll forbidframingKerry Rushton
 
Loc kv100 (mode 8)
Loc kv100 (mode 8)Loc kv100 (mode 8)
Loc kv100 (mode 8)smithy07
 
Imation loc kv20-d manual
Imation loc kv20-d manualImation loc kv20-d manual
Imation loc kv20-d manualEdgar Fernando Quinteros
 
Loc kv100 (mode 8)
Loc kv100 (mode 8)Loc kv100 (mode 8)
Loc kv100 (mode 8)Ahmad Logic
 
Secure Traveler Users Manual
Secure Traveler Users ManualSecure Traveler Users Manual
Secure Traveler Users Manuallwandemberg
 
Dp carrier en
Dp carrier enDp carrier en
Dp carrier enCompaniaDekartSRL
 
Loc kv101 mode 8
Loc kv101 mode 8Loc kv101 mode 8
Loc kv101 mode 8angga_uht
 

Recomendados

Forbidframing
ForbidframingForbidframing
ForbidframingMaynepharma
 
Ieframe dll forbidframing
Ieframe dll forbidframingIeframe dll forbidframing
Ieframe dll forbidframingKerry Rushton
 
Loc kv100 (mode 8)
Loc kv100 (mode 8)Loc kv100 (mode 8)
Loc kv100 (mode 8)smithy07
 
Imation loc kv20-d manual
Imation loc kv20-d manualImation loc kv20-d manual
Imation loc kv20-d manualEdgar Fernando Quinteros
 
Loc kv100 (mode 8)
Loc kv100 (mode 8)Loc kv100 (mode 8)
Loc kv100 (mode 8)Ahmad Logic
 
Secure Traveler Users Manual
Secure Traveler Users ManualSecure Traveler Users Manual
Secure Traveler Users Manuallwandemberg
 
Dp carrier en
Dp carrier enDp carrier en
Dp carrier enCompaniaDekartSRL
 
Loc kv101 mode 8
Loc kv101 mode 8Loc kv101 mode 8
Loc kv101 mode 8angga_uht
 
Apidays New York 2024 - The value of a flexible API Management solution for O...
Apidays New York 2024 - The value of a flexible API Management solution for O...Apidays New York 2024 - The value of a flexible API Management solution for O...
Apidays New York 2024 - The value of a flexible API Management solution for O...apidays
 
Apidays New York 2024 - The Good, the Bad and the Governed by David O'Neill, ...
Apidays New York 2024 - The Good, the Bad and the Governed by David O'Neill, ...Apidays New York 2024 - The Good, the Bad and the Governed by David O'Neill, ...
Apidays New York 2024 - The Good, the Bad and the Governed by David O'Neill, ...apidays
 
Strategies for Landing an Oracle DBA Job as a Fresher
Strategies for Landing an Oracle DBA Job as a FresherStrategies for Landing an Oracle DBA Job as a Fresher
Strategies for Landing an Oracle DBA Job as a FresherRemote DBA Services
 
Connector Corner: Accelerate revenue generation using UiPath API-centric busi...
Connector Corner: Accelerate revenue generation using UiPath API-centric busi...Connector Corner: Accelerate revenue generation using UiPath API-centric busi...
Connector Corner: Accelerate revenue generation using UiPath API-centric busi...DianaGray10
 
Apidays New York 2024 - APIs in 2030: The Risk of Technological Sleepwalk by ...
Apidays New York 2024 - APIs in 2030: The Risk of Technological Sleepwalk by ...Apidays New York 2024 - APIs in 2030: The Risk of Technological Sleepwalk by ...
Apidays New York 2024 - APIs in 2030: The Risk of Technological Sleepwalk by ...apidays
 
EMPOWERMENT TECHNOLOGY GRADE 11 QUARTER 2 REVIEWER
EMPOWERMENT TECHNOLOGY GRADE 11 QUARTER 2 REVIEWEREMPOWERMENT TECHNOLOGY GRADE 11 QUARTER 2 REVIEWER
EMPOWERMENT TECHNOLOGY GRADE 11 QUARTER 2 REVIEWERMadyBayot
 
Apidays New York 2024 - Scaling API-first by Ian Reasor and Radu Cotescu, Adobe
Apidays New York 2024 - Scaling API-first by Ian Reasor and Radu Cotescu, AdobeApidays New York 2024 - Scaling API-first by Ian Reasor and Radu Cotescu, Adobe
Apidays New York 2024 - Scaling API-first by Ian Reasor and Radu Cotescu, Adobeapidays
 
Architecting Cloud Native Applications
Architecting Cloud Native ApplicationsArchitecting Cloud Native Applications
Architecting Cloud Native ApplicationsWSO2
 
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FME
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FMECloud Frontiers: A Deep Dive into Serverless Spatial Data and FME
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FMESafe Software
 
ICT role in 21st century education and its challenges
ICT role in 21st century education and its challengesICT role in 21st century education and its challenges
ICT role in 21st century education and its challengesrafiqahmad00786416
 
Platformless Horizons for Digital Adaptability
Platformless Horizons for Digital AdaptabilityPlatformless Horizons for Digital Adaptability
Platformless Horizons for Digital AdaptabilityWSO2
 
Introduction to Multilingual Retrieval Augmented Generation (RAG)
Introduction to Multilingual Retrieval Augmented Generation (RAG)Introduction to Multilingual Retrieval Augmented Generation (RAG)
Introduction to Multilingual Retrieval Augmented Generation (RAG)Zilliz
 
Strategize a Smooth Tenant-to-tenant Migration and Copilot Takeoff
Strategize a Smooth Tenant-to-tenant Migration and Copilot TakeoffStrategize a Smooth Tenant-to-tenant Migration and Copilot Takeoff
Strategize a Smooth Tenant-to-tenant Migration and Copilot Takeoffsammart93
 
How to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected WorkerHow to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected WorkerThousandEyes
 
ProductAnonymous-April2024-WinProductDiscovery-MelissaKlemke
ProductAnonymous-April2024-WinProductDiscovery-MelissaKlemkeProductAnonymous-April2024-WinProductDiscovery-MelissaKlemke
ProductAnonymous-April2024-WinProductDiscovery-MelissaKlemkeProduct Anonymous
 
Elevate Developer Efficiency & build GenAI Application with Amazon Q​
Elevate Developer Efficiency & build GenAI Application with Amazon Q​Elevate Developer Efficiency & build GenAI Application with Amazon Q​
Elevate Developer Efficiency & build GenAI Application with Amazon Q​Bhuvaneswari Subramani
 
Emergent Methods: Multi-lingual narrative tracking in the news - real-time ex...
Emergent Methods: Multi-lingual narrative tracking in the news - real-time ex...Emergent Methods: Multi-lingual narrative tracking in the news - real-time ex...
Emergent Methods: Multi-lingual narrative tracking in the news - real-time ex...Zilliz
 
Polkadot JAM Slides - Token2049 - By Dr. Gavin Wood
Polkadot JAM Slides - Token2049 - By Dr. Gavin WoodPolkadot JAM Slides - Token2049 - By Dr. Gavin Wood
Polkadot JAM Slides - Token2049 - By Dr. Gavin WoodJuan lago vázquez
 
presentation ICT roal in 21st century education
presentation ICT roal in 21st century educationpresentation ICT roal in 21st century education
presentation ICT roal in 21st century educationjfdjdjcjdnsjd
 
Artificial Intelligence Chap.5 : Uncertainty
Artificial Intelligence Chap.5 : UncertaintyArtificial Intelligence Chap.5 : Uncertainty
Artificial Intelligence Chap.5 : UncertaintyKhushali Kathiriya
 
2024 State of Marketing Report – by Hubspot
2024 State of Marketing Report – by Hubspot2024 State of Marketing Report – by Hubspot
2024 State of Marketing Report – by HubspotMarius Sescu
 
Everything You Need To Know About ChatGPT
Everything You Need To Know About ChatGPTEverything You Need To Know About ChatGPT
Everything You Need To Know About ChatGPTExpeed Software
 

Mais conteúdo relacionado

Último

Apidays New York 2024 - The value of a flexible API Management solution for O...
Apidays New York 2024 - The value of a flexible API Management solution for O...Apidays New York 2024 - The value of a flexible API Management solution for O...
Apidays New York 2024 - The value of a flexible API Management solution for O...apidays
 
Apidays New York 2024 - The Good, the Bad and the Governed by David O'Neill, ...
Apidays New York 2024 - The Good, the Bad and the Governed by David O'Neill, ...Apidays New York 2024 - The Good, the Bad and the Governed by David O'Neill, ...
Apidays New York 2024 - The Good, the Bad and the Governed by David O'Neill, ...apidays
 
Strategies for Landing an Oracle DBA Job as a Fresher
Strategies for Landing an Oracle DBA Job as a FresherStrategies for Landing an Oracle DBA Job as a Fresher
Strategies for Landing an Oracle DBA Job as a FresherRemote DBA Services
 
Connector Corner: Accelerate revenue generation using UiPath API-centric busi...
Connector Corner: Accelerate revenue generation using UiPath API-centric busi...Connector Corner: Accelerate revenue generation using UiPath API-centric busi...
Connector Corner: Accelerate revenue generation using UiPath API-centric busi...DianaGray10
 
Apidays New York 2024 - APIs in 2030: The Risk of Technological Sleepwalk by ...
Apidays New York 2024 - APIs in 2030: The Risk of Technological Sleepwalk by ...Apidays New York 2024 - APIs in 2030: The Risk of Technological Sleepwalk by ...
Apidays New York 2024 - APIs in 2030: The Risk of Technological Sleepwalk by ...apidays
 
EMPOWERMENT TECHNOLOGY GRADE 11 QUARTER 2 REVIEWER
EMPOWERMENT TECHNOLOGY GRADE 11 QUARTER 2 REVIEWEREMPOWERMENT TECHNOLOGY GRADE 11 QUARTER 2 REVIEWER
EMPOWERMENT TECHNOLOGY GRADE 11 QUARTER 2 REVIEWERMadyBayot
 
Apidays New York 2024 - Scaling API-first by Ian Reasor and Radu Cotescu, Adobe
Apidays New York 2024 - Scaling API-first by Ian Reasor and Radu Cotescu, AdobeApidays New York 2024 - Scaling API-first by Ian Reasor and Radu Cotescu, Adobe
Apidays New York 2024 - Scaling API-first by Ian Reasor and Radu Cotescu, Adobeapidays
 
Architecting Cloud Native Applications
Architecting Cloud Native ApplicationsArchitecting Cloud Native Applications
Architecting Cloud Native ApplicationsWSO2
 
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FME
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FMECloud Frontiers: A Deep Dive into Serverless Spatial Data and FME
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FMESafe Software
 
ICT role in 21st century education and its challenges
ICT role in 21st century education and its challengesICT role in 21st century education and its challenges
ICT role in 21st century education and its challengesrafiqahmad00786416
 
Platformless Horizons for Digital Adaptability
Platformless Horizons for Digital AdaptabilityPlatformless Horizons for Digital Adaptability
Platformless Horizons for Digital AdaptabilityWSO2
 
Introduction to Multilingual Retrieval Augmented Generation (RAG)
Introduction to Multilingual Retrieval Augmented Generation (RAG)Introduction to Multilingual Retrieval Augmented Generation (RAG)
Introduction to Multilingual Retrieval Augmented Generation (RAG)Zilliz
 
Strategize a Smooth Tenant-to-tenant Migration and Copilot Takeoff
Strategize a Smooth Tenant-to-tenant Migration and Copilot TakeoffStrategize a Smooth Tenant-to-tenant Migration and Copilot Takeoff
Strategize a Smooth Tenant-to-tenant Migration and Copilot Takeoffsammart93
 
How to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected WorkerHow to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected WorkerThousandEyes
 
ProductAnonymous-April2024-WinProductDiscovery-MelissaKlemke
ProductAnonymous-April2024-WinProductDiscovery-MelissaKlemkeProductAnonymous-April2024-WinProductDiscovery-MelissaKlemke
ProductAnonymous-April2024-WinProductDiscovery-MelissaKlemkeProduct Anonymous
 
Elevate Developer Efficiency & build GenAI Application with Amazon Q​
Elevate Developer Efficiency & build GenAI Application with Amazon Q​Elevate Developer Efficiency & build GenAI Application with Amazon Q​
Elevate Developer Efficiency & build GenAI Application with Amazon Q​Bhuvaneswari Subramani
 
Emergent Methods: Multi-lingual narrative tracking in the news - real-time ex...
Emergent Methods: Multi-lingual narrative tracking in the news - real-time ex...Emergent Methods: Multi-lingual narrative tracking in the news - real-time ex...
Emergent Methods: Multi-lingual narrative tracking in the news - real-time ex...Zilliz
 
Polkadot JAM Slides - Token2049 - By Dr. Gavin Wood
Polkadot JAM Slides - Token2049 - By Dr. Gavin WoodPolkadot JAM Slides - Token2049 - By Dr. Gavin Wood
Polkadot JAM Slides - Token2049 - By Dr. Gavin WoodJuan lago vázquez
 
presentation ICT roal in 21st century education
presentation ICT roal in 21st century educationpresentation ICT roal in 21st century education
presentation ICT roal in 21st century educationjfdjdjcjdnsjd
 
Artificial Intelligence Chap.5 : Uncertainty
Artificial Intelligence Chap.5 : UncertaintyArtificial Intelligence Chap.5 : Uncertainty
Artificial Intelligence Chap.5 : UncertaintyKhushali Kathiriya
 

Último (20)

Apidays New York 2024 - The value of a flexible API Management solution for O...
Apidays New York 2024 - The value of a flexible API Management solution for O...Apidays New York 2024 - The value of a flexible API Management solution for O...
Apidays New York 2024 - The value of a flexible API Management solution for O...
 
Apidays New York 2024 - The Good, the Bad and the Governed by David O'Neill, ...
Apidays New York 2024 - The Good, the Bad and the Governed by David O'Neill, ...Apidays New York 2024 - The Good, the Bad and the Governed by David O'Neill, ...
Apidays New York 2024 - The Good, the Bad and the Governed by David O'Neill, ...
 
Strategies for Landing an Oracle DBA Job as a Fresher
Strategies for Landing an Oracle DBA Job as a FresherStrategies for Landing an Oracle DBA Job as a Fresher
Strategies for Landing an Oracle DBA Job as a Fresher
 
Connector Corner: Accelerate revenue generation using UiPath API-centric busi...
Connector Corner: Accelerate revenue generation using UiPath API-centric busi...Connector Corner: Accelerate revenue generation using UiPath API-centric busi...
Connector Corner: Accelerate revenue generation using UiPath API-centric busi...
 
Apidays New York 2024 - APIs in 2030: The Risk of Technological Sleepwalk by ...
Apidays New York 2024 - APIs in 2030: The Risk of Technological Sleepwalk by ...Apidays New York 2024 - APIs in 2030: The Risk of Technological Sleepwalk by ...
Apidays New York 2024 - APIs in 2030: The Risk of Technological Sleepwalk by ...
 
EMPOWERMENT TECHNOLOGY GRADE 11 QUARTER 2 REVIEWER
EMPOWERMENT TECHNOLOGY GRADE 11 QUARTER 2 REVIEWEREMPOWERMENT TECHNOLOGY GRADE 11 QUARTER 2 REVIEWER
EMPOWERMENT TECHNOLOGY GRADE 11 QUARTER 2 REVIEWER
 
Apidays New York 2024 - Scaling API-first by Ian Reasor and Radu Cotescu, Adobe
Apidays New York 2024 - Scaling API-first by Ian Reasor and Radu Cotescu, AdobeApidays New York 2024 - Scaling API-first by Ian Reasor and Radu Cotescu, Adobe
Apidays New York 2024 - Scaling API-first by Ian Reasor and Radu Cotescu, Adobe
 
Architecting Cloud Native Applications
Architecting Cloud Native ApplicationsArchitecting Cloud Native Applications
Architecting Cloud Native Applications
 
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FME
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FMECloud Frontiers: A Deep Dive into Serverless Spatial Data and FME
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FME
 
ICT role in 21st century education and its challenges
ICT role in 21st century education and its challengesICT role in 21st century education and its challenges
ICT role in 21st century education and its challenges
 
Platformless Horizons for Digital Adaptability
Platformless Horizons for Digital AdaptabilityPlatformless Horizons for Digital Adaptability
Platformless Horizons for Digital Adaptability
 
Introduction to Multilingual Retrieval Augmented Generation (RAG)
Introduction to Multilingual Retrieval Augmented Generation (RAG)Introduction to Multilingual Retrieval Augmented Generation (RAG)
Introduction to Multilingual Retrieval Augmented Generation (RAG)
 
Strategize a Smooth Tenant-to-tenant Migration and Copilot Takeoff
Strategize a Smooth Tenant-to-tenant Migration and Copilot TakeoffStrategize a Smooth Tenant-to-tenant Migration and Copilot Takeoff
Strategize a Smooth Tenant-to-tenant Migration and Copilot Takeoff
 
How to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected WorkerHow to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected Worker
 
ProductAnonymous-April2024-WinProductDiscovery-MelissaKlemke
ProductAnonymous-April2024-WinProductDiscovery-MelissaKlemkeProductAnonymous-April2024-WinProductDiscovery-MelissaKlemke
ProductAnonymous-April2024-WinProductDiscovery-MelissaKlemke
 
Elevate Developer Efficiency & build GenAI Application with Amazon Q​
Elevate Developer Efficiency & build GenAI Application with Amazon Q​Elevate Developer Efficiency & build GenAI Application with Amazon Q​
Elevate Developer Efficiency & build GenAI Application with Amazon Q​
 
Emergent Methods: Multi-lingual narrative tracking in the news - real-time ex...
Emergent Methods: Multi-lingual narrative tracking in the news - real-time ex...Emergent Methods: Multi-lingual narrative tracking in the news - real-time ex...
Emergent Methods: Multi-lingual narrative tracking in the news - real-time ex...
 
Polkadot JAM Slides - Token2049 - By Dr. Gavin Wood
Polkadot JAM Slides - Token2049 - By Dr. Gavin WoodPolkadot JAM Slides - Token2049 - By Dr. Gavin Wood
Polkadot JAM Slides - Token2049 - By Dr. Gavin Wood
 
presentation ICT roal in 21st century education
presentation ICT roal in 21st century educationpresentation ICT roal in 21st century education
presentation ICT roal in 21st century education
 
Artificial Intelligence Chap.5 : Uncertainty
Artificial Intelligence Chap.5 : UncertaintyArtificial Intelligence Chap.5 : Uncertainty
Artificial Intelligence Chap.5 : Uncertainty
 

Destaque

2024 State of Marketing Report – by Hubspot
2024 State of Marketing Report – by Hubspot2024 State of Marketing Report – by Hubspot
2024 State of Marketing Report – by HubspotMarius Sescu
 
Everything You Need To Know About ChatGPT
Everything You Need To Know About ChatGPTEverything You Need To Know About ChatGPT
Everything You Need To Know About ChatGPTExpeed Software
 
Product Design Trends in 2024 | Teenage Engineerings
Product Design Trends in 2024 | Teenage EngineeringsProduct Design Trends in 2024 | Teenage Engineerings
Product Design Trends in 2024 | Teenage EngineeringsPixeldarts
 
How Race, Age and Gender Shape Attitudes Towards Mental Health
How Race, Age and Gender Shape Attitudes Towards Mental HealthHow Race, Age and Gender Shape Attitudes Towards Mental Health
How Race, Age and Gender Shape Attitudes Towards Mental HealthThinkNow
 
AI Trends in Creative Operations 2024 by Artwork Flow.pdf
AI Trends in Creative Operations 2024 by Artwork Flow.pdfAI Trends in Creative Operations 2024 by Artwork Flow.pdf
AI Trends in Creative Operations 2024 by Artwork Flow.pdfmarketingartwork
 
PEPSICO Presentation to CAGNY Conference Feb 2024
PEPSICO Presentation to CAGNY Conference Feb 2024PEPSICO Presentation to CAGNY Conference Feb 2024
PEPSICO Presentation to CAGNY Conference Feb 2024Neil Kimberley
 
Content Methodology: A Best Practices Report (Webinar)
Content Methodology: A Best Practices Report (Webinar)Content Methodology: A Best Practices Report (Webinar)
Content Methodology: A Best Practices Report (Webinar)contently
 
How to Prepare For a Successful Job Search for 2024
How to Prepare For a Successful Job Search for 2024How to Prepare For a Successful Job Search for 2024
How to Prepare For a Successful Job Search for 2024Albert Qian
 
Social Media Marketing Trends 2024 // The Global Indie Insights
Social Media Marketing Trends 2024 // The Global Indie InsightsSocial Media Marketing Trends 2024 // The Global Indie Insights
Social Media Marketing Trends 2024 // The Global Indie InsightsKurio // The Social Media Age(ncy)
 
Trends In Paid Search: Navigating The Digital Landscape In 2024
Trends In Paid Search: Navigating The Digital Landscape In 2024Trends In Paid Search: Navigating The Digital Landscape In 2024
Trends In Paid Search: Navigating The Digital Landscape In 2024Search Engine Journal
 
5 Public speaking tips from TED - Visualized summary
5 Public speaking tips from TED - Visualized summary5 Public speaking tips from TED - Visualized summary
5 Public speaking tips from TED - Visualized summarySpeakerHub
 
ChatGPT and the Future of Work - Clark Boyd
ChatGPT and the Future of Work - Clark Boyd ChatGPT and the Future of Work - Clark Boyd
ChatGPT and the Future of Work - Clark Boyd Clark Boyd
 
Getting into the tech field. what next
Getting into the tech field. what next Getting into the tech field. what next
Getting into the tech field. what next Tessa Mero
 
Google's Just Not That Into You: Understanding Core Updates & Search Intent
Google's Just Not That Into You: Understanding Core Updates & Search IntentGoogle's Just Not That Into You: Understanding Core Updates & Search Intent
Google's Just Not That Into You: Understanding Core Updates & Search IntentLily Ray
 
Time Management & Productivity - Best Practices
Time Management & Productivity - Best PracticesTime Management & Productivity - Best Practices
Time Management & Productivity - Best PracticesVit Horky
 
The six step guide to practical project management
The six step guide to practical project managementThe six step guide to practical project management
The six step guide to practical project managementMindGenius
 
Beginners Guide to TikTok for Search - Rachel Pearson - We are Tilt __ Bright...
Beginners Guide to TikTok for Search - Rachel Pearson - We are Tilt __ Bright...Beginners Guide to TikTok for Search - Rachel Pearson - We are Tilt __ Bright...
Beginners Guide to TikTok for Search - Rachel Pearson - We are Tilt __ Bright...RachelPearson36
 

Destaque (20)

2024 State of Marketing Report – by Hubspot
2024 State of Marketing Report – by Hubspot2024 State of Marketing Report – by Hubspot
2024 State of Marketing Report – by Hubspot
 
Everything You Need To Know About ChatGPT
Everything You Need To Know About ChatGPTEverything You Need To Know About ChatGPT
Everything You Need To Know About ChatGPT
 
Product Design Trends in 2024 | Teenage Engineerings
Product Design Trends in 2024 | Teenage EngineeringsProduct Design Trends in 2024 | Teenage Engineerings
Product Design Trends in 2024 | Teenage Engineerings
 
How Race, Age and Gender Shape Attitudes Towards Mental Health
How Race, Age and Gender Shape Attitudes Towards Mental HealthHow Race, Age and Gender Shape Attitudes Towards Mental Health
How Race, Age and Gender Shape Attitudes Towards Mental Health
 
AI Trends in Creative Operations 2024 by Artwork Flow.pdf
AI Trends in Creative Operations 2024 by Artwork Flow.pdfAI Trends in Creative Operations 2024 by Artwork Flow.pdf
AI Trends in Creative Operations 2024 by Artwork Flow.pdf
 
Skeleton Culture Code
Skeleton Culture CodeSkeleton Culture Code
Skeleton Culture Code
 
PEPSICO Presentation to CAGNY Conference Feb 2024
PEPSICO Presentation to CAGNY Conference Feb 2024PEPSICO Presentation to CAGNY Conference Feb 2024
PEPSICO Presentation to CAGNY Conference Feb 2024
 
Content Methodology: A Best Practices Report (Webinar)
Content Methodology: A Best Practices Report (Webinar)Content Methodology: A Best Practices Report (Webinar)
Content Methodology: A Best Practices Report (Webinar)
 
How to Prepare For a Successful Job Search for 2024
How to Prepare For a Successful Job Search for 2024How to Prepare For a Successful Job Search for 2024
How to Prepare For a Successful Job Search for 2024
 
Social Media Marketing Trends 2024 // The Global Indie Insights
Social Media Marketing Trends 2024 // The Global Indie InsightsSocial Media Marketing Trends 2024 // The Global Indie Insights
Social Media Marketing Trends 2024 // The Global Indie Insights
 
Trends In Paid Search: Navigating The Digital Landscape In 2024
Trends In Paid Search: Navigating The Digital Landscape In 2024Trends In Paid Search: Navigating The Digital Landscape In 2024
Trends In Paid Search: Navigating The Digital Landscape In 2024
 
5 Public speaking tips from TED - Visualized summary
5 Public speaking tips from TED - Visualized summary5 Public speaking tips from TED - Visualized summary
5 Public speaking tips from TED - Visualized summary
 
ChatGPT and the Future of Work - Clark Boyd
ChatGPT and the Future of Work - Clark Boyd ChatGPT and the Future of Work - Clark Boyd
ChatGPT and the Future of Work - Clark Boyd
 
Getting into the tech field. what next
Getting into the tech field. what next Getting into the tech field. what next
Getting into the tech field. what next
 
Google's Just Not That Into You: Understanding Core Updates & Search Intent
Google's Just Not That Into You: Understanding Core Updates & Search IntentGoogle's Just Not That Into You: Understanding Core Updates & Search Intent
Google's Just Not That Into You: Understanding Core Updates & Search Intent
 
How to have difficult conversations
How to have difficult conversations How to have difficult conversations
How to have difficult conversations
 
Introduction to Data Science
Introduction to Data ScienceIntroduction to Data Science
Introduction to Data Science
 
Time Management & Productivity - Best Practices
Time Management & Productivity - Best PracticesTime Management & Productivity - Best Practices
Time Management & Productivity - Best Practices
 
The six step guide to practical project management
The six step guide to practical project managementThe six step guide to practical project management
The six step guide to practical project management
 
Beginners Guide to TikTok for Search - Rachel Pearson - We are Tilt __ Bright...
Beginners Guide to TikTok for Search - Rachel Pearson - We are Tilt __ Bright...Beginners Guide to TikTok for Search - Rachel Pearson - We are Tilt __ Bright...
Beginners Guide to TikTok for Search - Rachel Pearson - We are Tilt __ Bright...
 

Hacking Windows Xp Sp2 Security

  • 1. 1-Introduction 2-To Hackers / Security Systems Engineers 3-Close Lock to hole 4-Dose Microsoft Know and Why!? 5-Understand the Idea 6-Get Admin Like Account (The Simple Way) 7-Crack the SAM-Know the real Admin Password and Apply Hint 8 8-Creat a Hidden User Account 9-USB Boot for FAT32, NTFS or any File System 10-Mother Boards Default Passwords and how to extract it if you are in The system 1-Introduction This article introduce very simple way to get Administrator like account and do the job and after finish recover your way, after that Get Admin Password later in your home by Cracking, After get the Admin Password Create a hidden user account and do all your jobs free, and Explain how to make a USB Storage Device Bootable corresponding to any system boot, and how to bypass Mother Board password by Default Passwords, and how to extract it if you are in the system 2-To Hackers / Security Systems Engineers First All must know that both Hackers / Security Systems Engineers Are 2 faces to the same coin Any way, I try this on Windows XP SP2 I want all to try it on Windows Server 2003, Windows Vista Any Windows NT and POST a Message to make all know what versions exactly this idea can apply for 3-Close Look to hole Microsoft stores all Security Information in many files but the main file is the SAM file (Security Accounts Manager)! this file contain critical information about users account you can explore the folder $windir$system32config You will find all things and may discover some thing new, but what amazing here is that the file is available, so we can apply our idea
  • 2. You will Not be able To copy them Under XP 4-Dose Microsoft Know and Why!? Yes Microsoft Know all things, and done on purpose why? I always for many years ask my self why Microsoft doesn’t do real security on their systems from the CD setup to all security aspects In the system, I found(my opinion may wrong)that they need to achieve 2 strategic things 1-They need their software spread and all depend on it and in one day when they feel that they are the One The security will done and all money will go to One Pocket 2-They Forced/Like to Make Some Organizations Hack other systems Proof: They can make this File SAM Unavailable by storing the information in FAT, FAT32, NTFS Areas (Sectors reserved by The Operating SYSTEM to Store the Addresses of the files on the HardDisk File Allocation Table) So that it is hard to extract. But they don't!!!!! 5-Understand the Idea The Idea is simple I will explain it manually and it can then be programmed it is so easy here is the idea
  • 3. The SAM file is available and the SAM file contain a Security Information, so I created a Free Windows XP SP2 Logon account (Administrator Account without password) that means when windows Lunch it Will enter directly to the system without asking about any password And windows will store this Account in The SAM file on My PC So the SAM file on My PC contain an Account will Make you enter Directly to the Windows, so I will take My SAM File and Replace (by renaming, we will need the original file to recover our way) It with the other SAM File in The Other System or Machine So When you restart It will make you enter directly to the Windows With Administrator Like Account ,do what you need and then back all things to the previous state. All These Steps will be under other system bootable DOS, Knoppiex, Windows Live CD, Because Windows XP will not make u able to copy the Files 6-Get Admin Like Account (The Simple Way) 1- Download My 2 SAM files I Include them in Downloads 2- Go to the target Machine , and try to Access it and Boot from any device CD-ROM, Floppy, NIC if it haven't any of those Read Hint 9 3- After Get Access to the Boot Command prompt c:> or Boot Live OS CD, Go to the windows folder $windir$system32config And Copy the SAM File and System File (we will need it later) To other folder, Then go to $windir$repair copy SAM file And then Rename the 2 SAM Files to SAM1 in their original places 4- Copy My SAM/config File and Paste it in the windows folder $windir$system32config Copy My SAM/Repair File and Paste it in the windows folder $windir$repair (may this step not required) 5- Reboot and Make windows enter Normally 6- Yeah, No You are in The System 7- Copy the files in step 3 to Floppy Disk or Flash Stick Or Send it to your mail via Internet 8- After finish repeat step 2 and delete My SAM files and Rename Both SAM1 to SAM 9- Reboot , Congratulation you recover your way 7-Crack the SAM-Know the real Admin Password and Apply Hint 8 There is many ways I will introduce 2 ways and explain 1 After you get the SAM File and System File there are Programs That extract the Accounts and their passwords, depending on the idea of cracking the HASH (the HASH is one way encryption method) so that The program will generate random passwords and convert them to HASH and then compare it with the HASHES in the SAM File , so it may take a long time but for fast you will pay more money for ready made HASHES with their user names and passwords the 2 program are 1-L0phtcrack v4.0 (LC4 alternate name) the most famous on the NET
  • 4. 2-SAMInside http://www.insidepro.com/I include on the Downloads I will explain fast SAMInside This is the main window press Ctrl+O or by mouse click Import SAM and SYSTEM Window will open to import the 2 files and the program will start to crack the Accounts and get them, and then display users names and their passwords Any other tool will do the job try all and select your best I Explain here SAMInside because he give me results with 6 character only password and get it FAST 8-Creat a Hidden User Accountn Windows NT / Windows 2000 and Windows XP has a security setting to hide accounts from the Logon Screen/Control panel users accounts
  • 5. Press Ctrl+Alt+Delet Give you another Access Dialog Steps: 1-After getting Admin Password enter to the system 2-create an Account with password 3-click start - > Run - > type Regedit press Enter 4-Go to HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsNT CurrentVersionWinlogonSpecialAccountsUserList
  • 6. 5- Create a new DWORD Value on the UserList 6-Name it with Name of Account to be Hidden 7-set the Value Data of this DWORD Value to 0 to hide it /1 to appear it 8- close Regedit and Reboot 9- Press Ctrl+Alt+Delete when logon Screen Appear another login dialog appear type You hidden user name and password and press Enter Note: 1- the account profile will be visible in Documents and Settings, But it will be hidden from Logon Screen and User Account in the control panel 2-there is other method that Inject your Account directly to the Admin SAM without know the Admin Pass, but believe me you don't Expect the result, so if you want try it (if the password hard to get) 9-USB Boot for FAT32, NTFS or any File System HP Always amazing me to do this we need 2 tools 1- HP USB Disk Storage Format Tool v 2.0.6 I include in Downloads If u want to find more go to http://www.hp.com/ 2- NTFSDOS Professional Boot Disk Wizard I include in Downloads If u want to find more go to http://www.winternals.com/
  • 7. Just connect your USB Storage steps: 1- Prepare a Startup Disk or Startup CD , Or any Equivalent 2- In the HP tool select the Device->your USB Storage 3- Select File System FAT or FAT32 4- Check "create a DOS startup disk" checkbox and then select option "using DOS System Files Located at" 5- brows your location 6- Click Start 7- Now you have a Bootable USB Storage Device 8- Now in the NTFSDOS Professional Boot Disk Wizard follow the wizard and you will get a NTFS bootable USB Storage Why we need NTFS ? If the Partition of the Windows System is NTFS so with normal Startup you will not be able to access any files because the File System is not Recognized by MS-DOS when we install NTFSDOS Professional on the bootable disk it will allow you To Access any File Under NTFS Note: Make sure that the option in Mother board Setup of First Boot "USB-Hard Disk" if you want to boot from a USB 10-Mother Boards Default Passwords and how to extract it if you are in The system
  • 8. This subject is huge I try to find simple or clever way but as u know many PC's many machines many bios versions and updates so I search the net for the best and I list below ,but if this doesn’t help I recommend you to find the bios version and the motherboard and search the net on Google, yahoo, yahoo groups and other you will find some thing help u HOW TO BYPASS BIOS PASSWORDS http://www.elfqrin.com/docs/biospw.html Removing a Bios - CMOS Password http://www.dewassoc.com/support/bios/bios_password.htm How to Bypass BIOS Passwords http://www.uktsupport.co.uk/reference/biosp.htm How to Bypass BIOS Passwords http://www.i-hacked.com/content/view/36/70/ Default Password List 2006-04-30 http://www.phenoelit.de/dpl/dpl.html Award BIOS backdoor passwords: ALFAROME--------BIOSTAR--------KDD--------ZAAADA-------- ALLy-------- CONCAT--------Lkwpeter--------ZBAAACA-------- aLLy-------- CONDO-------- LKWPETER--------ZJAAADC-------- aLLY--------Condo-------- PINT--------01322222-------- ALLY--------d8on--------pint--------589589-------- aPAf--------djonet--------SER--------589721-------- _award--------HLT-------- SKY_FOX--------595595-------- AWARD_SW--------J64--------SYXZ--------598598 AWARD?SW--------J256--------syxz-------- AWARD SW--------J262--------shift + syxz-------- AWARD PW--------j332--------TTPTHA-------- AWKWARD-------- j322-------- awkward AMI BIOS Backdoor Passwords: AMI--------BIOS--------PASSWORD--------HEWITT RAND-------- AMI?SW-------- AMI_SW--------LKWPETER--------CONDO Phoenix BIOS Backdoor Passwords: phoenix--------PHOENIX--------CMOS-------- BIOS Misc. Common Passwords ALFAROME--------BIOSTAR--------biostar--------biosstar-------- CMOS-------- cmos--------LKWPETER--------lkwpeter-------- setup--------SETUP--------Syxz-------- Wodj Other BIOS Passwords by Manufacturer
  • 9. Manufacturer--------Password VOBIS & IBM-------- merlin Dell--------Dell Biostar-------- Biostar Compaq--------Compaq Enox--------xo11nE Epox--------central Freetech--------Posterie IWill--------iwill Jetway--------spooml Packard Bell--------bell9 QDI--------QDI Siemens--------SKY_FOX TMC--------BIGO Toshiba--------Toshiba Toshiba--------BIOS Most Toshiba laptops and some desktop systems will bypass the BIOS password if the left shift key is held down during boot IBM Aptiva BIOS Press both mouse buttons repeatedly during the boot Thanks To ALLAH