A Simple noobish question,but i need complex answers!! - System Security

mandi

Here is the noobish task,
I need to break the admin password of windows-xp

it looks noobish nah,but in our network we have very heavy security restrictions
1)All the users are provided with restricted accounts ,so batch scripts,net use and bla bla wont work

2)configured with good local,group security policies from the windows 2003 active directory..

3)usb is not allowed inside the system,password is above 14 characters(i have seen this while the admin typing a password on a system,but as it is very long i can't able to see it fully),so copying SAm FILE is not going to work,because we need to brute them for years to get the password...

4)boot cd's or usb is not allowed and biosBIOS modes is protected with password,so this making me not to enalbe the usb or cd boot.

5)Also i tried to figure out the back-door bios password lists from the internet,but failed..

6)I tried privilege escalation method (i.e at method)
But as it is restricted account,it is saying access is denied..

but i have found 2 possible ways to break this
1)sethc method

for this i need to copy the file in to c:\windows\system32 from a restricted account where modifying contents in the specified locations is not allowed,Can any 1 tell me how can i write or paste a file on the specified location from a restricted account?

2)Also i found they don't put too many restrictions for blocking installations of applications in the pc,they have given me a network drive where they forgot to apply these restriction,Also i can open portable Applications,So i can install Applications there,So i am thinking about running a out-dated Application or software such as older version of some Applications for which exploits are available from the public exploit databases and inject a shell code and get a admin access or some kind of possible hacking with the shell code..

will it works?

I know this may be noobish,but really i am struggling to overcome these restrictions,so if know any think to over come these restrictions i will be glad..

Hope i will find some help...

NOTE:please bear with my english :(

Xin

Try downloading a backdoor onto it, or scan it from within the network to search for possible ways in, it doesnt have to be local remember

mandi


your asking to crack into a school network &#46;&#46;&#46;

no not a school network but a kind of working environment,...


Try downloading a backdoor onto it, or scan it from within the network to search for possible ways in, it doesnt have to be local remember

if possible can you tell me how this works?
i am on a restricted account,not on a privileged account..

looking for some more explanation...

Bursihido

said:

lol this not a cracking :D u idoit

Sh3llc0d3

You could always try booting into safe mode (if it doesn't have an admin password) The default XP administrator account may not neccessarily have a password, however the admin of the network may have a admin enabled account with a password (if that makes sense).

You're right I believe copying netcat into your system32 folder then enable yourself to connect back to it would probably be a good idea. However, if you have thought of this or similiar, the network may be running deep freeze or another similiar solution which will revert any changes you make when the workstation reboots. I would personally work on a more higher level solution maybe at server level or administrators computer.

You say it has heavy security policies... i'm guessing they use XP Pro? Edits to the registry can alter the policies but it can cause alot of problems if you don't know what your doing. Then you have the ball-ache of actually accessing the registry as I suppose run and cmd is blocked no doubt.

mandi

they dont have deep freeze,
booting through safe mode does not works,as we have password for administrator account..
yes they are using xp-sp2,acessing registry,command prompt and modifying them are also banned or restricted by policies....

Howdy, Stranger!

Top Posters

Who's Online (0)