Sunday, July 20, 2008

Hack into Windows Network

by Chris Zhang////////////////////////////////////////////////////////////////////I have read lots of articles embrace various methods of hacking intowindows networks. Except for NetBIOS attacks, the majority of theothers concern registry attacking. Not to impugn these authors, theirhacking tutorials reflected very limited understanding of registrystructure and how exactly it works. They probably know perfectly howto use the registry, but the knowledge behind it. Okay, get rid of myguff. Let’s start.////////////////////////////////////////////////////////////////////DOS ATTACK (local computers or equivalent to local computers but in anetwork ONLY)////////////////////////////////////////////////////////////////////Say you have a situation:NO user name and password are givenNO Bios password banner being activeA: or CD-ROM drive is present and functionalBasic principle: make your own registry file which anti-disable thefunctions that were disabled in your target computer, then import itto the system registry, restart the computer or refresh the system.Copy the red bit and save it as *.regRegedit 4[HKEY_LOCAL_MACHINE\Network\logon]"mustbevalidated"=dword:00000000Boot up your computer to real Dos and copy the file to a path like c:Type: path c:\windows enter Regedit *.reg enterYou will see something like ‘successfully’. Restart your computer seewhat happens.This file would let you enter windows without providing your user nameand password, but simply click on cancel or press Esc.////////////////////////////////////////////////////////////////////GUI ATTACK (Network computers)////////////////////////////////////////////////////////////////////Again, say you have a situation:Granted an account with limited privilegeInternet connection available and eligible to downloadA: drive inaccessible, but physically presentNOT on Windows NT or 2000 network, administrator use other programsrestrict your access rights.Basic principle: Write your own reg file and send it to your email boxthen receive it on the target computer, run the reg file withoutsaving it(for your own safe, might get caught if you do save).Like dos attack, copy the red bit once again, save it as *.reg, thendouble click on it to execute, also you can put more stuff in it toenable more functions, example:Regedit 4[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer]"norun"=dword:00000000After running the file, you have to refresh your system, you can logout and log back in, as long as you are not on a Windows NT or 2000network, the administrator use other programs restrict your accessrights. Or, you press ctrl+alt+del, when a box pops up and ask you toconfirm shut down computer or restart, just press cancel, then waitfew seconds until another box comes up, click on end task. All thefunctions which you have enabled will take affect immediately.On Windows NT or 2000 network, the administrator use policies torestrict your access rights.Make sure hidden and system files are shown. Go to windows folder andsearch poledit.exe, double click on it. An error message will pop outsay can’t find pol file, no worries, click ok, then cancel the nextbox. Go to option and click on template, add. Go to system drive:\windows\inf. Then you will see heaps adm file, choose windows.adm andpress ok. Then go to file, open registry. What can you see? Change itaround for your own pleasure, mate.If you wanna know the whole network configuration just click on Fileand go the option below Exit.DO REMEMBER to refresh your system. (Don’t log out and back in, theother way)If you want to get access to A: drive, first enable show all drives inpolicy. If doesn’t work, enable dos prompt. Use assembly languagetype:Debug-O 70 10-O 71 0Or make up any numbers which are different. (Cheat POST)Method 2: unplug the network cable when being copying policy from theserver, then you got full access to the computer, but out of thenetwork, no worries. Go to windows folder then inf folder, which isdefault hidden. Move the *.adm files to other path, then log back in.cause the system cant find any restriction configuration files,apparently the restrictions are not going to take affect.Enjoy

0 comments: